mattscy
|
  |
| Joined: 06 May 2011 |
| Total Posts: 1079 |
|
|
| 09 Oct 2017 03:34 AM |
| What are the best exploiters able to influence in your game with FilteringEnabled? For example, are any exploiters able to read your scripts, or fire server to client remote events and functions? Are they able to see arguments passed between scripts and module scripts? How much damage can a skilled exploiter do? |
|
|
| Report Abuse |
|
|
yin_yang
|
  |
| Joined: 24 Feb 2016 |
| Total Posts: 537 |
|
|
| 09 Oct 2017 03:37 AM |
There have been cases where an exploiter was able to fetch every RF/RE's and their arguments. Heck, they even made their code open-sourced.
But you won't ever have to worry about a thing if you know what you're doing. |
|
|
| Report Abuse |
|
|
|
| 09 Oct 2017 03:42 AM |
Not much they can do as long as you don't make your Remotes do anything powerful.
|
|
|
| Report Abuse |
|
|
|
| 09 Oct 2017 03:49 AM |
1. Yes they can view all arguments passed via remote events / functions. At one point they were even able to spoof returns (Not sure if they can still do this)
2. They can read all code of scripts on the client.
3. They can require module scripts.
So yeah, they have a lot of power. |
|
|
| Report Abuse |
|
|
mattscy
|
  |
| Joined: 06 May 2011 |
| Total Posts: 1079 |
|
|
| 09 Oct 2017 03:52 AM |
Hold up, they can read your code? Is there any way to stop this?
|
|
|
| Report Abuse |
|
|
|
| 09 Oct 2017 03:54 AM |
@mattscy
"Hold up, they can read your code? Is there any way to stop this?"
I don't think so. Unless you obfuscate your code, but even then that doesn't guarantee anything.
The general rule is that if you put anything on the client, automatically assume the client can read it / abuse it. |
|
|
| Report Abuse |
|
|
mattscy
|
  |
| Joined: 06 May 2011 |
| Total Posts: 1079 |
|
|
| 09 Oct 2017 04:02 AM |
Are they by any chance also able to get the exact tick() at the server's starting time? And are they able to read the values of local variables at different times within the local script?
|
|
|
| Report Abuse |
|
|
|
| 09 Oct 2017 04:03 AM |
" Are they by any chance also able to get the exact tick() at the server's starting time? And are they able to read the values of local variables at different times within the local script?"
"Are they by any chance also able to get the exact tick() at the server's starting time"
I don't think so, but I don't really know.
"read the values of local variables at different times within the local script?""
They can view script source of local scripts, but I don't really know what this means.
That's why when people say "oh just make the client generate a code to send as an argument to the server" It's useless and does not work. |
|
|
| Report Abuse |
|
|
mattscy
|
  |
| Joined: 06 May 2011 |
| Total Posts: 1079 |
|
|
| 09 Oct 2017 04:06 AM |
Ok thanks heaps, I'll keep this all in mind.
|
|
|
| Report Abuse |
|
|
mattscy
|
  |
| Joined: 06 May 2011 |
| Total Posts: 1079 |
|
|
| 09 Oct 2017 06:11 AM |
| Actually, does anyone know what "viewing the script source" exactly means, and if they are able to see the values of local variables at different times? |
|
|
| Report Abuse |
|
|
|
| 09 Oct 2017 08:56 AM |
it means they are able to see the code inside the script
|
|
|
| Report Abuse |
|
|
RBX_Lua
|
  |
| Joined: 23 Nov 2010 |
| Total Posts: 627 |
|
|
| 09 Oct 2017 09:27 AM |
In my opionion the biggest threat is their ability to move their character. An exploiter can move their character at will including teleportation and you'll have to manually detect that.
They can also pass arguments and read/change all variables you store locally. |
|
|
| Report Abuse |
|
|
|
| 09 Oct 2017 09:30 AM |
"Unless you obfuscate your code, but even then that doesn't guarantee anything." Unless you're a master genius, obfuscation won't do anything anymore due to everything being stored in Roblox's bytecode now.
|
|
|
| Report Abuse |
|
|
|
| 09 Oct 2017 10:44 AM |
@Jarod
/pSYkMKXg
paste
I think that's the most successful obfuscator on ROBLOX tbh. |
|
|
| Report Abuse |
|
|