generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

[FREE TUTORIAL] Making Your Games 100% Exploit Proof!

Previous Thread :: Next Thread 
Extuls is online. Extuls
Joined: 02 Jan 2009
Total Posts: 5557
28 Nov 2017 07:04 PM
Because they are alts, clearly.


@LegendOfSchool

"extuls you didn't even read the tutorial so you have absolutely no say in the argument."

Congratulations, you got me to read the whole post. To be fair it had nothing to do with remote events/functions like I assumed, but still, of course, doesn't make your game "100% Exploit Proof!"


"it seems that you're less knowledgeable than s3vvy."

I learned nothing by reading it. Don't make assumptions.


"he talked about not trusting the client and gave examples"

Yet not trusting the client doesn't prevent changes that can be made on the client.


"i agree with s3vvy. exploits are 100% preventable, in reality."

But this isn't a matter of opinion. Fact is, they aren't.


Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 07:05 PM
I forgot that this place was the forums. Not the dev forums. Not a place where people are open minded. Not a place where a lot of the people are knowledgeable. Not a place where people lower their confidence in their knowledge every time they post something.

I'm not knowledgeable in some areas of scripting, such as basically half the classes in the API, but I do understand other parts of ROBLOX to the point where I can explain it in detail because I had to observe since there was no documentation.

Please, if you have a good actual EXAMPLE of an exploit, not a comparison or figurative speech, then say so and we will have a plausible argument.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 07:07 PM
And yes, JourneyCamo is my alt. I don't know the other dude.. :P


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
Chrounum is not online. Chrounum
Joined: 04 Apr 2015
Total Posts: 2911
28 Nov 2017 07:08 PM
wow ok


#code print("don't forget to dry the towel after use")
Report Abuse
TaaRt is online. TaaRt
Joined: 26 Apr 2009
Total Posts: 5039
28 Nov 2017 07:09 PM
Using alts to agree with yourself if you're trying to defend something proven wrong is not something the devforum (or any forum for that matter, and for good reason) is exactly 'open-minded' about
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 07:10 PM
Not that it's relevant but I wanted to bump my post and see what other people would say. Anyways, I agree, exploits aren't 100% preventable. But there hasn't been a good example of an exploit that has actually made a significant difference, not unless the developer was bad at using FilteringEnabled.

I was gonna talk about encryption, client control, all of that stuff. This post has little to do with using FilteringEnabled, only as a prerequisite is it relevant.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
Extuls is online. Extuls
Joined: 02 Jan 2009
Total Posts: 5557
28 Nov 2017 07:11 PM
"Not a place where people are open minded. Not a place where a lot of the people are knowledgeable. Not a place where people lower their confidence in their knowledge every time they post something."

Yet you won't listen to multiple people trying to tell you you're wrong.


Report Abuse
LaeMVP is online. LaeMVP
Joined: 24 Jun 2013
Total Posts: 4416
28 Nov 2017 07:11 PM
you can't protect yourself from the unknown
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 07:13 PM
People are trying to tell me I'm wrong without factual examples, and just possibilities, WHICH I have agreed with in some way by saying "exploits aren't mathematically 100% possible to prevent".

I don't know how many times I can repeat it.

I will legit launch my next game and bet my life that there can be little to be done to exploit it.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
TaaRt is online. TaaRt
Joined: 26 Apr 2009
Total Posts: 5039
28 Nov 2017 07:14 PM
Does crashing it with infinite assets count?
Report Abuse
Extuls is online. Extuls
Joined: 02 Jan 2009
Total Posts: 5557
28 Nov 2017 07:17 PM
Look, realistically there are a lot of games that won't be greatly effected by exploits simply by having little and sometimes no exploit prevention methods. But you can't act like this is true everywhere.

Games that have very small communities typically have an older average audience than front page games. With this comes a higher chance to land in a server with someone who is exploiting, as younger kids are less likely to use any exploits capable of doing anything meaningful.

Without giving out titles of games that quite frankly have toxic communities, I've been to games that encounter several people with exploits a day, and it's not something that stops. No matter how much you try to prevent exploits, they will try just as hard to get by your prevention methods.


Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 07:19 PM
What do you mean?

No "assets" (objects is a better word in this case) will be replicated to the server without permission, and I have no use to do that. There's also no use for that almost all the time if you're making a game.

If you want an asset, that's not in the game, you get it using the server, which the server should already have, and the server sends the asset. Simple. You can't crash the server by demanding for too many assets, unless there is a use for it.

A simple rule is that if there isn't a use for a functionality, then it shouldn't be able to function otherwise it leaves the game vulnerable.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
Rerumu is not online. Rerumu
Joined: 11 Oct 2014
Total Posts: 950
28 Nov 2017 07:20 PM
"I'm a very experienced 14 year old scripter"

Stopped reading at there, can already tell what the post is about, and I'm late to the party but let me emphasize why you're wrong.

1. You can only slow exploiting, not stop it.
2. Your Lua scripts are editable in any way you use them, and it's stupid to think otherwise.
3. Unless you do every single check ever server side (which would still not stop local exploits) you'll be facing a lot of issues, not to mention these can be spoofed.
4. People are clever, which is why there isn't a "100% patch" bandaid around.
5. FE is a practice, not an anti-exploit.
6. My stance on encryption? It doesn't work. Decompile the game client and read the function, game over.
7. Weird obfuscation? Don't work either, if they want to they will crack it.
8. Let me re-iterate, anything *you* do on the client, can and will be disabled, and anything *you* do on the server, can and likely will be spoofed if you're following naive practices such as assuming FE is the ultimate anti-exploit.
9. The title is misleading, as this is a guide to add some layer of common sense into your development environment.
10. Using the DevForums as a sort of insult is both disrespectful to others for your trying to place yourself on a pedestal and naive on your part for trying to use a mostly invite-based forum as a source of your counter-argument.
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 07:21 PM
Again, I never said FilteringEnabled prevents exploits completely, even without anything in a place.

The tutorial was made so that, logically, there is 100% chance of blocking out exploits, and the tutorial isn't done.

I'M NOT DEFENDING FILTERINGENABLED!!


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 07:24 PM
@Rer The fact that you judged my post and knowledge because of my age just proves that you're not worth talking to.

And also "FE is a practice" is probably the most cringe thing I heard this week. If you were looking for insults.

All insults and assumptions, really.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 07:26 PM
Encryption is not the same thing as obfuscation. At-least not in my use case.

And unrelated to the statement above, you literally said "decompile the game client and read the function?"

ARE YOU SERIOUS?? DO YOU EVEN KNOW WHAT ENCRYPTION IS??


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
Rerumu is not online. Rerumu
Joined: 11 Oct 2014
Total Posts: 950
28 Nov 2017 07:27 PM
Meanwhile, you addressed none of my points, as all of them are valid.
Please get out, you're nothing short of intermediate.

FE *is* a practice. Please educate yourself before typing.

wikipedia/wiki/Client–server_model
Report Abuse
Extuls is online. Extuls
Joined: 02 Jan 2009
Total Posts: 5557
28 Nov 2017 07:27 PM
"All insults and assumptions, really."

They didn't insult you, and their assumptions were right. So what's your point?


Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 07:29 PM
Apologies for the caps, but when you insult me, I insult you back.

Anyways, encryption in our case, is protecting a message from the client so that it can only be read with proper permissions. Not so that the client can read it specifically without other members being able to read it.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 07:30 PM
ALL of your points came from assumptions, as you said.

I'm not going to waste my time addressing half of your points that weren't even discussed.


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
Rerumu is not online. Rerumu
Joined: 11 Oct 2014
Total Posts: 950
28 Nov 2017 07:31 PM
"ARE YOU SERIOUS?? DO YOU EVEN KNOW WHAT ENCRYPTION IS??"

Obviously you're going to hold the encryption or decryption function in the client, and I will ask, do you know what decompilation is? This isn't a fight at who can type in the most caps, so take a seat and understand this isn't a theoretical science. Everything you've mentioned can and has already been dealt with.

So again, I'll re-iterate, please read something worth your time before posting here instead of dismissing points simply because you don't like people assuming your skill from both your age and self-righteousness as to be using pointless communities to attempt to find your point.

And for your encryption intercepting needs, have a go at it: paystebin/9hDE3KZe
Report Abuse
s3vvy is not online. s3vvy
Joined: 24 Feb 2011
Total Posts: 983
28 Nov 2017 07:36 PM
How fun, you can intercept remote invokes. Barely anything to do with decrypting messages. The client *will* be unable to read my encryption methods.

Well, I seriously have homework to do and I literally wasted almost 2 hours on this post.

I guess you guys are really interested in the full tutorial, after all.

I felt really insulted when you used basic topics against me.

;)


~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan
Report Abuse
NexanianStudios is online. NexanianStudios
Joined: 16 Jul 2016
Total Posts: 1109
28 Nov 2017 07:36 PM
Nothing is 100% safe online

Google gets hacked
Facebook gets hacked
US Government servers get hacked

I highly doubt that roblox has better security than the US Government

All you can do is take precautions to make it less easy, but its not possible to prevent it fully
Report Abuse
Doppio_Diavolo is online. Doppio_Diavolo
Joined: 02 Sep 2013
Total Posts: 4822
28 Nov 2017 07:37 PM
@reru ur morbidly obsese so everything u think about or say is invalid
Report Abuse
Rerumu is not online. Rerumu
Joined: 11 Oct 2014
Total Posts: 950
28 Nov 2017 07:37 PM
"Barely anything to do with decrypting messages. The client *will* be unable to read my encryption methods."

Now you're just being stupid as an alibi for this argument.
How is the client going to decrypt the messages to understand it if it doesn't have the method to do so?
Same for encrypting it?
Report Abuse
Previous Thread :: Next Thread 
Page 2 of 9Go to page: 1, 2, 3 ... 8, 9 Prev Next
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image