s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 05:18 PM |
Warning: This is an intermediate level tutorial. If you've barely touched scripting or know very little, do not continue.
(Don't assume at any part of this tutorial that this is how I usually talk :p)
Hi, my username is s3vvy but can call me Sevvy (not my actual name). I'm a very experienced 14 year old scripter, and have been involved in a lot of projects. I've read and memorized the whole 5.1 Lua manual as well as some parts of the API.
Today, I'll be doing a tutorial on completely protecting your games from exploiters. It might be lengthy, but that's okay. I don't have a life and I don't know why I'm making this tutorial other than to promote my YouTube channel: www.youtube.com/c/SPiNClan
But I assure you, this tutorial will have lots of valuable information and ideas that you may or may not have known, so let's get started.
--------- Turning Experimental Mode Off --------- I am going to assume that you know how to create games with experimental mode off (previously known as FilteringEnabled). If not, I HIGHLY encourage you to familiarize yourself with it to a very good extent before continuing. Here's some resources to help you learn: http://wiki.roblox.com/index.php?title=Experimental_Mode http://wiki.roblox.com/index.php?title=Building_Games_with_Experimental_Mode_Off http://wiki.roblox.com/index.php?title=Converting_Experimental_Mode_Games http://wiki.roblox.com/index.php?title=Remote_Events_and_Functions Other than knowing how to work with games without experimental mode, most things in here will be presented and taught by myself. Besides some more resources I may provide. --------- The Basics --------- So now that you can create and finish games without experimental mode, I am going to start talking about the "psychology" of exploits. First lets ask ourselves this question: "what is the source of destruction of an active exploit?" The exploit itself? A disgusting website where the exploit was downloaded? The person using the exploit? All wrong! The source of destruction is the client! (The client is the person's roblox process, which you're expected to know) An exploit manipulates the client to do unnatural things that it doesn't want to do without it's consent. That's great and all. We know that the client is the one causing destruction. Some may ask, "well with experimental mode off, what harm could the client possibly do?", and the answer to that is very little harm as long as you know what you're doing and that you don't trust the client. What do I mean by not trusting the client? Let's have an example to explain this: a Murder Mystery type game uses a shop where players purchase items. The prices of the items are stored on the client (maybe in the StarterGUI as a module script or in the local script itself). This way, the exploiter can change the prices of the items without effort because he already has access to them. He's the client and you're trusting him with the shop data! We can easily avoid this by making the client have no control at all. If the client wants something, such as shop data, it will have to ask the server for it by using maybe a RemoteFunction. The server will store all the important data and objects that the client can't manipulate. I call this the client having only "read" permissions, meaning that it can only receive data from the server. The server can request data from the client, modify data, and send data to the client. I call this the server having "read and write" permissions. We will talk more about how to safely request data from the client without it being manipulated later. So as you can see, if we don't trust the client with anything, we can safely make our games almost 100% exploit proof. There might be some cases where you'll have to improvise and think carefully about how to use this. For example, there's a lot of noclip and Walkspeed exploits where the server has no say in. You can prevent these by, maybe, checking for client changes (these are generally called client checks). You will have to figure out unique solutions for these types of problems, but once you get familiar with not trusting the client, it'll be easy to come up with solutions. If you have trouble thinking up of solutions with your case, don't be afraid to ask any of your scripter friends. There are lots of communities and groups in lots of social media. --------- Encryption Methods --------- Will post the full tutorial tomorrow. Let me know what you think in the mean time.
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 06:12 PM |
I might actually put an hour or 2 into completing this tutorial. Let me know if you guys like it so far or if I should do tutorials on other things. I'll try to explain topics in as much detail as possible.
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|
Extuls
|
  |
| Joined: 02 Jan 2009 |
| Total Posts: 5557 |
|
|
| 28 Nov 2017 06:14 PM |
I feel bad for anyone who clicks on this in hopes they can truly 100% prevent exploits.
|
|
|
| Report Abuse |
|
|
Laedere
|
  |
| Joined: 17 Jun 2013 |
| Total Posts: 23601 |
|
| |
|
|
| 28 Nov 2017 06:17 PM |
| Barely anyone is going to read your wall of text, organize it. |
|
|
| Report Abuse |
|
|
|
| 28 Nov 2017 06:21 PM |
Actually, ignore what I said. I'm just a really organized person, this personally irritates me but it's a stupid thing with me, but this is good. |
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 06:31 PM |
Exploits are 100% preventable. Theoretical statements saying that "there is always some way" are incorrect. Let's think about this more logically instead of mathematically.
If a person has enough skill to somehow manipulate a ROBLOX server, why do you think they would waste tons of time doing so?
Furthermore, a person with that amount of skill and knowledge wouldn't be playing ROBLOX in the first place.
If FilteringEnabled already makes it hundreds of times harder to exploit a game (of course, excluding developer mistakes), then all of the methods I'm going to discuss are going to make it practically impossible.
You don't know what I'm going to discuss since I haven't finished the tutorial.
Don't be so quick to say something or annoying and "technical", and think more logically in the perspective of the other side.
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|
TaaRt
|
  |
| Joined: 26 Apr 2009 |
| Total Posts: 5039 |
|
|
| 28 Nov 2017 06:35 PM |
"Exploits are 100% preventable." No they're not. Even if you had access to the actual system being exploited (being the ROBLOX client) you'd be patching leaks with no certainty new ones arent found. Since you're simply claiming remotes 'prevent' exploits you are fairly unaware of what you're saying. FilteringEnabled does nothing of the sort, it limits the effects (and this is 100% different from saying 'prevents' as it's nothing more than mopping up what came in via a leak you can't prevent)
|
|
|
| Report Abuse |
|
|
Extuls
|
  |
| Joined: 02 Jan 2009 |
| Total Posts: 5557 |
|
|
| 28 Nov 2017 06:38 PM |
"Exploits are 100% preventable."
Oh boy.
"If a person has enough skill to somehow manipulate a ROBLOX server, why do you think they would waste tons of time doing so?"
Since when do people only do things with good reason or gain?
"Furthermore, a person with that amount of skill and knowledge wouldn't be playing ROBLOX in the first place."
Why wouldn't they?
"If FilteringEnabled already makes it hundreds of times harder to exploit a game (of course, excluding developer mistakes), then all of the methods I'm going to discuss are going to make it practically impossible."
I really doubt this is true. Even then, "practically" impossible isn't "100% Exploit Proof!"
"You don't know what I'm going to discuss since I haven't finished the tutorial."
You discussing something doesn't suddenly make exploits 100% preventable.
To top it all off, people don't only exploit by modifying things on the server like you seem to think. There's things people do that don't require access to the server.
|
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 06:38 PM |
You can take away everything the client can manipulate. I'm assuming you're talking about character or local exploits. Characters are made default and they come with every game.
Again, please think carefully before you post.
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|
iiNemo
|
  |
| Joined: 22 Jul 2013 |
| Total Posts: 2380 |
|
|
| 28 Nov 2017 06:39 PM |
Well I guess there is a possibility you could make your game 100% exploit proof, but that'll take some time considering all of the exploits you could do to yourself on the client and playing animations to the humanoid. Some of these exploits might not affect the gameplay, but they still are exploits.
Fish Are Friends, Not Food |
|
|
| Report Abuse |
|
|
Chrounum
|
  |
| Joined: 04 Apr 2015 |
| Total Posts: 2911 |
|
|
| 28 Nov 2017 06:39 PM |
as soon as i saw the title,
my mind went:
"you cant 100% prevent exploits, or hacking in general 100%"
you just cant.
#code print("don't forget to dry the towel after use") |
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 06:40 PM |
@Extuls
About 80% of your post has no progression to your claim, and are more of irrelevant rhetorical questions than actual arguments.
I'm not going to argue on this matter anymore, at-least not with someone who doesn't give reasonable arguments.
I'll see you on the completed tutorial.
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|
TaaRt
|
  |
| Joined: 26 Apr 2009 |
| Total Posts: 5039 |
|
|
| 28 Nov 2017 06:43 PM |
@OP Ok, you're not getting it so an example is necessary
Ship has a leak in it You bail water out so fast that it doesn't come in anymore
1. Is the leak prevented by removing its effects? (bailing)
2. Does it give ANY guarrantee that new leaks don't happen?
No, you aren't preventing anything at all. You are speaking of minimizing its effects and such you can't claim 'exploits are 100% preventable' |
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 06:43 PM |
Also; apologies. You can't, in mathematical terms, 100% prevent exploits.
Let me repeat this for like the 5th time; think logically and realistically.
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 06:45 PM |
All of you arguing with me are speaking theoretically and without actual examples or arguments related to exploits, is all I'm saying.
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|
Extuls
|
  |
| Joined: 02 Jan 2009 |
| Total Posts: 5557 |
|
|
| 28 Nov 2017 06:47 PM |
People are thinking logically and realistically. You're just refusing to accept that nothing here even comes close to making exploiting harder. No matter what you do, someone's client is in their control.
Most of the issue people have is that you seem to have advertised a tutorial on remote events/functions (I didn't read the whole post, but this is what it seemed to be) as a way of "Making Your Games 100% Exploit Proof!"
|
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 06:47 PM |
also on god this is my last post:
@TaaRt guarantee*
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|
TaaRt
|
  |
| Joined: 26 Apr 2009 |
| Total Posts: 5039 |
|
|
| 28 Nov 2017 06:48 PM |
| Glad you actually did learn someone something today |
|
|
| Report Abuse |
|
|
|
| 28 Nov 2017 06:53 PM |
extuls you didn't even read the tutorial so you have absolutely no say in the argument. it seems that you're less knowledgeable than s3vvy.
he talked about not trusting the client and gave examples, and was also gonna talk about encryption.
i agree with s3vvy. exploits are 100% preventable, in reality.
### ####### yes?
|
|
|
| Report Abuse |
|
|
Chrounum
|
  |
| Joined: 04 Apr 2015 |
| Total Posts: 2911 |
|
|
| 28 Nov 2017 06:54 PM |
wouldnt the fact that you can change your players walkspeed even with FE on, disprove this post all together
#code print("don't forget to dry the towel after use") |
|
|
| Report Abuse |
|
|
|
| 28 Nov 2017 06:57 PM |
thank you man. althought idk about completely removing exploits.
|
|
|
| Report Abuse |
|
|
Chrounum
|
  |
| Joined: 04 Apr 2015 |
| Total Posts: 2911 |
|
|
| 28 Nov 2017 06:58 PM |
why do i feel like these two people are alts.
#code print("don't forget to dry the towel after use") |
|
|
| Report Abuse |
|
|
TaaRt
|
  |
| Joined: 26 Apr 2009 |
| Total Posts: 5039 |
|
|
| 28 Nov 2017 07:01 PM |
| The same way of speaking, no place visits/creations and only a few forum posts? Nah coincidentally some people woke up and realised they made a ROBLOX account, so naturally they had to navigate to the forum to see if they could pity-agree with someone for their good deed of the day |
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 07:01 PM |
"wouldnt the fact that you can change your players walkspeed even with FE on, disprove this post all together"
that was a very ignorant question, but there are no such things as stupid questions. like i said, this post has to do with completely preventing exploits and ITS NOT DONE. FilteringEnabled has little to do with this post, except that it's a prerequisite.
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|