Badandy11
|
  |
| Joined: 02 Jul 2009 |
| Total Posts: 1861 |
|
|
| 16 Aug 2016 01:30 AM |
| I'm just pondering this question. Are there any exploits that are still possible? I know they could exploit poorly written code with the RemoteFunction functions if they know what they are looking for but if the scripts are written with security in mind and FE is enabled, What risk is there in reality? |
|
|
| Report Abuse |
|
|
0Dan
|
  |
| Joined: 22 Oct 2009 |
| Total Posts: 2552 |
|
|
| 16 Aug 2016 01:34 AM |
an exploiter could edit things locally, like remove a vip door or something noclip and superjump are still possible too
|
|
|
| Report Abuse |
|
|
|
| 16 Aug 2016 01:44 AM |
they can change anything on the client, basically
this includes local character physics/etc |
|
|
| Report Abuse |
|
|
Badandy11
|
  |
| Joined: 02 Jul 2009 |
| Total Posts: 1861 |
|
|
| 16 Aug 2016 01:53 AM |
| Is there any way to detect the humanoid speed / jump power if changed on the client? Because the server doesn't see a difference but can see them moving faster like anyone else. |
|
|
| Report Abuse |
|
|
|
| 16 Aug 2016 01:59 AM |
@Badandy
The method I use which is pretty fail safe to client-sided spoofing (because of the 'getrawmetatable' function they have implemented, they can spoof anything they want pretty much) is I compare positions every second on the server, and if the magnitude goes over a certain amount, I kick them.
-R.B. Box (Regalius Boxikins Box) |
|
|
| Report Abuse |
|
|
Badandy11
|
  |
| Joined: 02 Jul 2009 |
| Total Posts: 1861 |
|
|
| 16 Aug 2016 02:06 AM |
| I might do a check every 5 minutes of all players movements and have a report function for a check to be made on that player. |
|
|
| Report Abuse |
|
|
|
| 16 Aug 2016 02:09 AM |
| ur method is awful remastered, what about tripping and laggers |
|
|
| Report Abuse |
|
|
Badandy11
|
  |
| Joined: 02 Jul 2009 |
| Total Posts: 1861 |
|
|
| 16 Aug 2016 02:11 AM |
| True, what's the best way to combat this? |
|
|
| Report Abuse |
|
|
|
| 16 Aug 2016 02:13 AM |
@Flux
I kick anyone who goes above 200 ping anyways, get off your toaster. And tripping? Thanks for the idea, I'll fix that.
-R.B. Box (Regalius Boxikins Box) |
|
|
| Report Abuse |
|
|
|
| 16 Aug 2016 02:21 AM |
"I kick anyone who goes above 200 ping anyways, get off your toaster."
so you're pretty much kicking anyone who doesn't live near the northern hemisphere
nice job |
|
|
| Report Abuse |
|
|
Fatalizer
|
  |
| Joined: 28 Aug 2011 |
| Total Posts: 1520 |
|
|
| 16 Aug 2016 02:22 AM |
In my opinion; Exploiters / cracker will never be stopped. There will always be something what they could use. Protecters (Roblox) will defend the attacks with even more code, in that code will be a hole so the crackers / exploiters could break in again.
〔 :{❖}: I want a girl which name doesn't end with .jpg :{❖}: 〕 |
|
|
| Report Abuse |
|
|
Novaricus
|
  |
| Joined: 09 Aug 2016 |
| Total Posts: 103 |
|
|
| 16 Aug 2016 02:24 AM |
"I kick anyone who goes above 200 ping anyways,"
That's really really really stupid
|
|
|
| Report Abuse |
|
|
Novaricus
|
  |
| Joined: 09 Aug 2016 |
| Total Posts: 103 |
|
|
| 16 Aug 2016 02:25 AM |
" is I compare positions every second on the server, and if the magnitude goes over a certain amount, I kick them."
Good thing I've never seen characters fling. Also God forbid they have a vehicle.
|
|
|
| Report Abuse |
|
|
sublevel
|
  |
| Joined: 05 Dec 2015 |
| Total Posts: 26 |
|
|
| 16 Aug 2016 02:27 AM |
@RemasteredBlox
Although you may be unaware, your method only works if the player does not lag. This simply isn't a good method because of ROBLOX's networking protocol, the idea is good conceptually; however, due to ROBLOX's networking protocol the idea simply will not work well.
ROBLOX uses UDP, so if a user has high latency then there will be packet loss and those packets won't be resent. So, if the player walked from one place to another and he had high latency, only the position packets of his updated position would be sent during the latent period because the other packets are lost because they couldn't reach the host. It would appear as if he teleported and your method would disconnect them.
You can prove ROBLOX uses UDP as it's protocol for client/server communication by seeing that it uses the winsock::sendto and winsock::recvfrom functions. On the other hand, you may also see that it uses winsock::send and winsock::recv, but these functions are only used for HTTP GET/POST requests.
Unfortunately, there isn't a way to prevent packet loss unless ROBLOX switched over to TCP where it attempts to send packets that were previously lost. Except TCP just doesn't work for ROBLOX. Sorry.
"I kick anyone who goes above 200 ping anyways, get off your toaster." You should not be doing this, games have heartbeat for a reason. Many things can cause a high ping and that's why you wait to see if it lowers.
|
|
|
| Report Abuse |
|
|
Novaricus
|
  |
| Joined: 09 Aug 2016 |
| Total Posts: 103 |
|
|
| 16 Aug 2016 02:29 AM |
do most multiplaeyr games run with UDP? i never considered it, always assumed UDP was only used for stuff like livestreaming, but i guess games matter too
|
|
|
| Report Abuse |
|
|
|
| 16 Aug 2016 02:30 AM |
| Well UDP is faster so most games do, although some games like osrs you probably wouldn't even notice a difference :C |
|
|
| Report Abuse |
|
|
Badandy11
|
  |
| Joined: 02 Jul 2009 |
| Total Posts: 1861 |
|
|
| 16 Aug 2016 02:32 AM |
| So there isn't much of a way to stop exploiters from changing their speed? |
|
|
| Report Abuse |
|
|
Novaricus
|
  |
| Joined: 09 Aug 2016 |
| Total Posts: 103 |
|
|
| 16 Aug 2016 02:32 AM |
For walkspeed one method which I guess still works is GetRealPhysicsFPS but there's probably other walkspeed hacks
|
|
|
| Report Abuse |
|
|
|
| 16 Aug 2016 02:36 AM |
| If they change their WalkSpeed client-sided, you can detect them if you constantly check it client-sided. The problem with this is that they can get passed this, however if you simply just ban them every single time without giving them any warnings they probably will give up. |
|
|
| Report Abuse |
|
|
Badandy11
|
  |
| Joined: 02 Jul 2009 |
| Total Posts: 1861 |
|
|
| 16 Aug 2016 02:36 AM |
| The other question is, How many exploiters are there in relation to normal players? |
|
|
| Report Abuse |
|
|
Novaricus
|
  |
| Joined: 09 Aug 2016 |
| Total Posts: 103 |
|
|
| 16 Aug 2016 02:37 AM |
if you have filtering you'll rarely see any if you implement it properly
if you don't have filtering you're screwed and your whole game will be destroyed in every server
|
|
|
| Report Abuse |
|
|
Fatalizer
|
  |
| Joined: 28 Aug 2011 |
| Total Posts: 1520 |
|
|
| 16 Aug 2016 02:38 AM |
Depends, When the level 7 exploit was out, and level 4. It was leaked, and everyone was using it everywhere. But as soon as 1 exploiter keeps he's exploit a secret, only he will use it. And probably some of his friends.
〔 :{❖}: I want a girl which name doesn't end with .jpg :{❖}: 〕 |
|
|
| Report Abuse |
|
|
Novaricus
|
  |
| Joined: 09 Aug 2016 |
| Total Posts: 103 |
|
|
| 16 Aug 2016 02:38 AM |
the sad truth is most exploiters are really really stupid
|
|
|
| Report Abuse |
|
|
|
| 16 Aug 2016 02:39 AM |
| most "exploiters" are people who are just leachers and claim to know how to exploit when they prove time and time again they know nothing (yes I'm referring to the almighty skid RemasteredBlox) |
|
|
| Report Abuse |
|
|
Novaricus
|
  |
| Joined: 09 Aug 2016 |
| Total Posts: 103 |
|
|
| 16 Aug 2016 02:40 AM |
"level 4"
Um that would be a corescript identity. Pretty sure there was not a context 4 exploit.
|
|
|
| Report Abuse |
|
|