generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

[FREE TUTORIAL] Making Your Games 100% Exploit Proof!

Previous Thread :: Next Thread 
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 05:18 PM
Warning: This is an intermediate level tutorial. If you've barely touched scripting or know very little, do not continue.

(Don't assume at any part of this tutorial that this is how I usually talk :p)

Hi, my username is s3vvy but can call me Sevvy (not my actual name). I'm a very experienced 14 year old scripter, and have been involved in a lot of projects. I've read and memorized the whole 5.1 Lua manual as well as some parts of the API.

Today, I'll be doing a tutorial on completely protecting your games from exploiters. It might be lengthy, but that's okay. I don't have a life and I don't know why I'm making this tutorial other than to promote my YouTube channel: www.youtube.com/c/SPiNClan

But I assure you, this tutorial will have lots of valuable information and ideas that you may or may not have known, so let's get started.

---------
Turning Experimental Mode Off
---------

I am going to assume that you know how to create games with experimental mode off (previously known as FilteringEnabled). If not, I HIGHLY encourage you to familiarize yourself with it to a very good extent before continuing. Here's some resources to help you learn:

http://wiki.roblox.com/index.php?title=Experimental_Mode
http://wiki.roblox.com/index.php?title=Building_Games_with_Experimental_Mode_Off
http://wiki.roblox.com/index.php?title=Converting_Experimental_Mode_Games
http://wiki.roblox.com/index.php?title=Remote_Events_and_Functions

Other than knowing how to work with games without experimental mode, most things in here will be presented and taught by myself. Besides some more resources I may provide.

---------
The Basics
---------

So now that you can create and finish games without experimental mode, I am going to start talking about the "psychology" of exploits. First lets ask ourselves this question: "what is the source of destruction of an active exploit?"
The exploit itself? A disgusting website where the exploit was downloaded? The person using the exploit? All wrong! The source of destruction is the client! (The client is the person's roblox process, which you're expected to know) An exploit manipulates the client to do unnatural things that it doesn't want to do without it's consent.
That's great and all. We know that the client is the one causing destruction. Some may ask, "well with experimental mode off, what harm could the client possibly do?", and the answer to that is very little harm as long as you know what you're doing and that you don't trust the client.
What do I mean by not trusting the client? Let's have an example to explain this: a Murder Mystery type game uses a shop where players purchase items. The prices of the items are stored on the client (maybe in the StarterGUI as a module script or in the local script itself). This way, the exploiter can change the prices of the items without effort because he already has access to them. He's the client and you're trusting him with the shop data!
We can easily avoid this by making the client have no control at all. If the client wants something, such as shop data, it will have to ask the server for it by using maybe a RemoteFunction. The server will store all the important data and objects that the client can't manipulate. I call this the client having only "read" permissions, meaning that it can only receive data from the server. The server can request data from the client, modify data, and send data to the client. I call this the server having "read and write" permissions. We will talk more about how to safely request data from the client without it being manipulated later.
So as you can see, if we don't trust the client with anything, we can safely make our games almost 100% exploit proof. There might be some cases where you'll have to improvise and think carefully about how to use this. For example, there's a lot of noclip and Walkspeed exploits where the server has no say in. You can prevent these by, maybe, checking for client changes (these are generally called client checks). You will have to figure out unique solutions for these types of problems, but once you get familiar with not trusting the client, it'll be easy to come up with solutions. If you have trouble thinking up of solutions with your case, don't be afraid to ask any of your scripter friends. There are lots of communities and groups in lots of social media.

---------
Encryption Methods
---------

Will post the full tutorial tomorrow. Let me know what you think in the mean time.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 06:12 PM
I might actually put an hour or 2 into completing this tutorial. Let me know if you guys like it so far or if I should do tutorials on other things. I'll try to explain topics in as much detail as possible.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
Extuls is online. Extuls
Joined: 02 Jan 2009
Total Posts: 5557
28 Nov 2017 06:14 PM
I feel bad for anyone who clicks on this in hopes they can truly 100% prevent exploits.


Report Abuse
Laedere is online. Laedere
Joined: 17 Jun 2013
Total Posts: 23601
28 Nov 2017 06:14 PM
^ you can :)


Report Abuse
Horrible_Pun is not online. Horrible_Pun
Joined: 13 May 2017
Total Posts: 5102
28 Nov 2017 06:17 PM
Barely anyone is going to read your wall of text, organize it.
Report Abuse
Horrible_Pun is not online. Horrible_Pun
Joined: 13 May 2017
Total Posts: 5102
28 Nov 2017 06:21 PM
Actually, ignore what I said.
I'm just a really organized person, this personally irritates me but it's a stupid thing with me, but this is good.
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 06:31 PM
Exploits are 100% preventable. Theoretical statements saying that "there is always some way" are incorrect. Let's think about this more logically instead of mathematically.

If a person has enough skill to somehow manipulate a ROBLOX server, why do you think they would waste tons of time doing so?

Furthermore, a person with that amount of skill and knowledge wouldn't be playing ROBLOX in the first place.

If FilteringEnabled already makes it hundreds of times harder to exploit a game (of course, excluding developer mistakes), then all of the methods I'm going to discuss are going to make it practically impossible.

You don't know what I'm going to discuss since I haven't finished the tutorial.

Don't be so quick to say something or annoying and "technical", and think more logically in the perspective of the other side.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
TaaRt is online. TaaRt
Joined: 26 Apr 2009
Total Posts: 5039
28 Nov 2017 06:35 PM
"Exploits are 100% preventable."
No they're not. Even if you had access to the actual system being exploited (being the ROBLOX client) you'd be patching leaks with no certainty new ones arent found. Since you're simply claiming remotes 'prevent' exploits you are fairly unaware of what you're saying. FilteringEnabled does nothing of the sort, it limits the effects (and this is 100% different from saying 'prevents' as it's nothing more than mopping up what came in via a leak you can't prevent)
Report Abuse
Extuls is online. Extuls
Joined: 02 Jan 2009
Total Posts: 5557
28 Nov 2017 06:38 PM
"Exploits are 100% preventable."

Oh boy.


"If a person has enough skill to somehow manipulate a ROBLOX server, why do you think they would waste tons of time doing so?"

Since when do people only do things with good reason or gain?


"Furthermore, a person with that amount of skill and knowledge wouldn't be playing ROBLOX in the first place."

Why wouldn't they?


"If FilteringEnabled already makes it hundreds of times harder to exploit a game (of course, excluding developer mistakes), then all of the methods I'm going to discuss are going to make it practically impossible."

I really doubt this is true. Even then, "practically" impossible isn't "100% Exploit Proof!"


"You don't know what I'm going to discuss since I haven't finished the tutorial."

You discussing something doesn't suddenly make exploits 100% preventable.



To top it all off, people don't only exploit by modifying things on the server like you seem to think. There's things people do that don't require access to the server.


Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 06:38 PM
You can take away everything the client can manipulate. I'm assuming you're talking about character or local exploits. Characters are made default and they come with every game.

Again, please think carefully before you post.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
iiNemo is online. iiNemo
Joined: 22 Jul 2013
Total Posts: 2380
28 Nov 2017 06:39 PM
Well I guess there is a possibility you could make your game 100% exploit proof, but that'll take some time considering all of the exploits you could do to yourself on the client and playing animations to the humanoid. Some of these exploits might not affect the gameplay, but they still are exploits.


Fish Are Friends, Not Food
Report Abuse
Chrounum is not online. Chrounum
Joined: 04 Apr 2015
Total Posts: 2911
28 Nov 2017 06:39 PM
as soon as i saw the title,

my mind went:

"you cant 100% prevent exploits, or hacking in general 100%"


you just cant.


#code print("don't forget to dry the towel after use")
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 06:40 PM
@Extuls

About 80% of your post has no progression to your claim, and are more of irrelevant rhetorical questions than actual arguments.

I'm not going to argue on this matter anymore, at-least not with someone who doesn't give reasonable arguments.

I'll see you on the completed tutorial.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
TaaRt is online. TaaRt
Joined: 26 Apr 2009
Total Posts: 5039
28 Nov 2017 06:43 PM
@OP Ok, you're not getting it so an example is necessary

Ship has a leak in it
You bail water out so fast that it doesn't come in anymore

1. Is the leak prevented by removing its effects? (bailing)

2. Does it give ANY guarrantee that new leaks don't happen?

No, you aren't preventing anything at all. You are speaking of minimizing its effects and such you can't claim 'exploits are 100% preventable'
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 06:43 PM
Also; apologies. You can't, in mathematical terms, 100% prevent exploits.

Let me repeat this for like the 5th time; think logically and realistically.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 06:45 PM
All of you arguing with me are speaking theoretically and without actual examples or arguments related to exploits, is all I'm saying.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
Extuls is online. Extuls
Joined: 02 Jan 2009
Total Posts: 5557
28 Nov 2017 06:47 PM
People are thinking logically and realistically. You're just refusing to accept that nothing here even comes close to making exploiting harder. No matter what you do, someone's client is in their control.

Most of the issue people have is that you seem to have advertised a tutorial on remote events/functions (I didn't read the whole post, but this is what it seemed to be) as a way of "Making Your Games 100% Exploit Proof!"


Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 06:47 PM
also on god this is my last post:

@TaaRt guarantee*


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
TaaRt is online. TaaRt
Joined: 26 Apr 2009
Total Posts: 5039
28 Nov 2017 06:48 PM
Glad you actually did learn someone something today
Report Abuse
LegendOfSchool is not online. LegendOfSchool
Joined: 25 Oct 2017
Total Posts: 5
28 Nov 2017 06:53 PM
extuls you didn't even read the tutorial so you have absolutely no say in the argument. it seems that you're less knowledgeable than s3vvy.

he talked about not trusting the client and gave examples, and was also gonna talk about encryption.

i agree with s3vvy. exploits are 100% preventable, in reality.


### ####### yes?


Report Abuse
Chrounum is not online. Chrounum
Joined: 04 Apr 2015
Total Posts: 2911
28 Nov 2017 06:54 PM
wouldnt the fact that you can change your players walkspeed even with FE on, disprove this post all together


#code print("don't forget to dry the towel after use")
Report Abuse
Journeycamo is not online. Journeycamo
Joined: 16 Feb 2017
Total Posts: 1
28 Nov 2017 06:57 PM
thank you man. althought idk about completely removing exploits.


Report Abuse
Chrounum is not online. Chrounum
Joined: 04 Apr 2015
Total Posts: 2911
28 Nov 2017 06:58 PM
why do i feel like these two people are alts.


#code print("don't forget to dry the towel after use")
Report Abuse
TaaRt is online. TaaRt
Joined: 26 Apr 2009
Total Posts: 5039
28 Nov 2017 07:01 PM
The same way of speaking, no place visits/creations and only a few forum posts? Nah coincidentally some people woke up and realised they made a ROBLOX account, so naturally they had to navigate to the forum to see if they could pity-agree with someone for their good deed of the day
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 07:01 PM
"wouldnt the fact that you can change your players walkspeed even with FE on, disprove this post all together"

that was a very ignorant question, but there are no such things as stupid questions. like i said, this post has to do with completely preventing exploits and ITS NOT DONE. FilteringEnabled has little to do with this post, except that it's a prerequisite.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 9Go to page: 1, 2, 3 ... 8, 9 Next
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image