generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: Security: Are Exploits still possible when FE is enabled?

Previous Thread :: Next Thread 
Badandy11 is not online. Badandy11
Joined: 02 Jul 2009
Total Posts: 1861
16 Aug 2016 01:30 AM
I'm just pondering this question. Are there any exploits that are still possible? I know they could exploit poorly written code with the RemoteFunction functions if they know what they are looking for but if the scripts are written with security in mind and FE is enabled, What risk is there in reality?
Report Abuse
0Dan is not online. 0Dan
Joined: 22 Oct 2009
Total Posts: 2552
16 Aug 2016 01:34 AM
an exploiter could edit things locally, like remove a vip door or something
noclip and superjump are still possible too



Report Abuse
SadisticNub is not online. SadisticNub
Joined: 05 Jan 2013
Total Posts: 4948
16 Aug 2016 01:44 AM
they can change anything on the client, basically

this includes local character physics/etc
Report Abuse
Badandy11 is not online. Badandy11
Joined: 02 Jul 2009
Total Posts: 1861
16 Aug 2016 01:53 AM
Is there any way to detect the humanoid speed / jump power if changed on the client? Because the server doesn't see a difference but can see them moving faster like anyone else.
Report Abuse
RemasteredBox is not online. RemasteredBox
Joined: 19 Jun 2016
Total Posts: 2140
16 Aug 2016 01:59 AM
@Badandy

The method I use which is pretty fail safe to client-sided spoofing (because of the 'getrawmetatable' function they have implemented, they can spoof anything they want pretty much) is I compare positions every second on the server, and if the magnitude goes over a certain amount, I kick them.


-R.B. Box (Regalius Boxikins Box)
Report Abuse
Badandy11 is not online. Badandy11
Joined: 02 Jul 2009
Total Posts: 1861
16 Aug 2016 02:06 AM
I might do a check every 5 minutes of all players movements and have a report function for a check to be made on that player.
Report Abuse
Flux_Capacitor is not online. Flux_Capacitor
Joined: 07 Apr 2008
Total Posts: 45720
16 Aug 2016 02:09 AM
ur method is awful remastered, what about tripping and laggers
Report Abuse
Badandy11 is not online. Badandy11
Joined: 02 Jul 2009
Total Posts: 1861
16 Aug 2016 02:11 AM
True, what's the best way to combat this?
Report Abuse
RemasteredBox is not online. RemasteredBox
Joined: 19 Jun 2016
Total Posts: 2140
16 Aug 2016 02:13 AM
@Flux

I kick anyone who goes above 200 ping anyways, get off your toaster.
And tripping? Thanks for the idea, I'll fix that.


-R.B. Box (Regalius Boxikins Box)
Report Abuse
SadisticNub is not online. SadisticNub
Joined: 05 Jan 2013
Total Posts: 4948
16 Aug 2016 02:21 AM
"I kick anyone who goes above 200 ping anyways, get off your toaster."

so you're pretty much kicking anyone who doesn't live near the northern hemisphere

nice job
Report Abuse
Fatalizer is not online. Fatalizer
Joined: 28 Aug 2011
Total Posts: 1520
16 Aug 2016 02:22 AM
In my opinion;
Exploiters / cracker will never be stopped. There will always be something what they could use.
Protecters (Roblox) will defend the attacks with even more code, in that code will be a hole so the crackers / exploiters could break in again.



〔 :{❖}: I want a girl which name doesn't end with .jpg :{❖}: 〕
Report Abuse
Novaricus is not online. Novaricus
Joined: 09 Aug 2016
Total Posts: 103
16 Aug 2016 02:24 AM
"I kick anyone who goes above 200 ping anyways,"

That's really really really stupid


Report Abuse
Novaricus is not online. Novaricus
Joined: 09 Aug 2016
Total Posts: 103
16 Aug 2016 02:25 AM
" is I compare positions every second on the server, and if the magnitude goes over a certain amount, I kick them."

Good thing I've never seen characters fling. Also God forbid they have a vehicle.


Report Abuse
sublevel is not online. sublevel
Joined: 05 Dec 2015
Total Posts: 26
16 Aug 2016 02:27 AM
@RemasteredBlox

Although you may be unaware, your method only works if the player does not lag. This simply isn't a good method because of ROBLOX's networking protocol, the idea is good conceptually; however, due to ROBLOX's networking protocol the idea simply will not work well.

ROBLOX uses UDP, so if a user has high latency then there will be packet loss and those packets won't be resent. So, if the player walked from one place to another and he had high latency, only the position packets of his updated position would be sent during the latent period because the other packets are lost because they couldn't reach the host. It would appear as if he teleported and your method would disconnect them.

You can prove ROBLOX uses UDP as it's protocol for client/server communication by seeing that it uses the winsock::sendto and winsock::recvfrom functions. On the other hand, you may also see that it uses winsock::send and winsock::recv, but these functions are only used for HTTP GET/POST requests.

Unfortunately, there isn't a way to prevent packet loss unless ROBLOX switched over to TCP where it attempts to send packets that were previously lost. Except TCP just doesn't work for ROBLOX. Sorry.

"I kick anyone who goes above 200 ping anyways, get off your toaster."
You should not be doing this, games have heartbeat for a reason. Many things can cause a high ping and that's why you wait to see if it lowers.
Report Abuse
Novaricus is not online. Novaricus
Joined: 09 Aug 2016
Total Posts: 103
16 Aug 2016 02:29 AM
do most multiplaeyr games run with UDP? i never considered it, always assumed UDP was only used for stuff like livestreaming, but i guess games matter too


Report Abuse
Flux_Capacitor is not online. Flux_Capacitor
Joined: 07 Apr 2008
Total Posts: 45720
16 Aug 2016 02:30 AM
Well UDP is faster so most games do, although some games like osrs you probably wouldn't even notice a difference :C
Report Abuse
Badandy11 is not online. Badandy11
Joined: 02 Jul 2009
Total Posts: 1861
16 Aug 2016 02:32 AM
So there isn't much of a way to stop exploiters from changing their speed?
Report Abuse
Novaricus is not online. Novaricus
Joined: 09 Aug 2016
Total Posts: 103
16 Aug 2016 02:32 AM
For walkspeed one method which I guess still works is GetRealPhysicsFPS but there's probably other walkspeed hacks


Report Abuse
Flux_Capacitor is not online. Flux_Capacitor
Joined: 07 Apr 2008
Total Posts: 45720
16 Aug 2016 02:36 AM
If they change their WalkSpeed client-sided, you can detect them if you constantly check it client-sided. The problem with this is that they can get passed this, however if you simply just ban them every single time without giving them any warnings they probably will give up.
Report Abuse
Badandy11 is not online. Badandy11
Joined: 02 Jul 2009
Total Posts: 1861
16 Aug 2016 02:36 AM
The other question is, How many exploiters are there in relation to normal players?
Report Abuse
Novaricus is not online. Novaricus
Joined: 09 Aug 2016
Total Posts: 103
16 Aug 2016 02:37 AM
if you have filtering you'll rarely see any if you implement it properly

if you don't have filtering you're screwed and your whole game will be destroyed in every server


Report Abuse
Fatalizer is not online. Fatalizer
Joined: 28 Aug 2011
Total Posts: 1520
16 Aug 2016 02:38 AM
Depends,
When the level 7 exploit was out, and level 4. It was leaked, and everyone was using it everywhere.
But as soon as 1 exploiter keeps he's exploit a secret, only he will use it. And probably some of his friends.



〔 :{❖}: I want a girl which name doesn't end with .jpg :{❖}: 〕
Report Abuse
Novaricus is not online. Novaricus
Joined: 09 Aug 2016
Total Posts: 103
16 Aug 2016 02:38 AM
the sad truth is most exploiters are really really stupid


Report Abuse
Flux_Capacitor is not online. Flux_Capacitor
Joined: 07 Apr 2008
Total Posts: 45720
16 Aug 2016 02:39 AM
most "exploiters" are people who are just leachers and claim to know how to exploit when they prove time and time again they know nothing (yes I'm referring to the almighty skid RemasteredBlox)
Report Abuse
Novaricus is not online. Novaricus
Joined: 09 Aug 2016
Total Posts: 103
16 Aug 2016 02:40 AM
"level 4"

Um that would be a corescript identity. Pretty sure there was not a context 4 exploit.


Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image