3dsboy08
|
  |
| Joined: 18 Jul 2013 |
| Total Posts: 5 |
|
|
| 28 Nov 2017 09:34 PM |
Exploiting is completely unpreventable. Saying otherwise is only proving your ignorance.
Quite ironically, the more "secure" your game is against exploiters, the more it will be targeted by smart scripters & exploiters that know how to (and will) destroy your scheme.
Any sort of 'encryption' or 'obfuscation' on your remotes can be defeated with little effort by the novice exploiter. See "Swordburst 2" for more examples of this, its protection scheme was completely defeated less then 24 hours after it was publicly released.
Also, most scripts released for your game will be protected by a scheme built into the exploit itself, making your job of patching it pretty much impossible to do.
tl;dr: don't bother, you will fail |
|
|
| Report Abuse |
|
|
LLVM
|
  |
| Joined: 01 Nov 2012 |
| Total Posts: 91 |
|
|
| 28 Nov 2017 09:34 PM |
| shut up 3ds and go migrate the database |
|
|
| Report Abuse |
|
|
|
| 28 Nov 2017 09:39 PM |
| Actually, I'm gonna sum up this thread: Bait, and we fell for it. ;) |
|
|
| Report Abuse |
|
|
Pastures
|
  |
| Joined: 15 Aug 2015 |
| Total Posts: 943 |
|
|
| 28 Nov 2017 09:40 PM |
oshet we got 3ds involved the one and only
Red Vice and Rain are here oshet
|
|
|
| Report Abuse |
|
|
|
| 28 Nov 2017 09:41 PM |
I almost spit water all over my keyboard and screen when someone gave a completely valid exploit and sv33y just shouted 'IRRELEVANT!' in response, 10/10 this thread is amazing this is my reaction reading it https://www.youtube.com/watch?v=ONClz0jJpNw |
|
|
| Report Abuse |
|
|
Alberona
|
  |
| Joined: 12 Oct 2012 |
| Total Posts: 40 |
|
| |
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 10:42 PM |
for irrelevant skids:
all of you guys picking up credit after that one girl are in fact irrelevant. you weren't here for the original argument, nor did you read the previous posts because I've already answered the stuff you've posted because someone else has already said them.
all of u irrelevant skids back off.
for 3ds and whatever tryhard exploiters only:
if the more secure it is, and the more people target my game, then I'd make it as secure as possible so your "novice" members can try cracking it. you know nothing of my obfuscation/encryption methods so why are you thinking that it's going to be the same? maybe it's actually some sort of system you've never seen or thought of.
I understand obfuscation and encryption are pretty straightforward topics, but can you think of a way that they can be used so exploiting is extremely hard? guess not. in-fact, I'm starting to enjoy you exploiters(I use that term strictly on credible ones).
I will never trust the client, and unless you have some way of telling me that you can access server data without any provided remotes, then I'm gonna stand confident.
Unless you can access server instances, I'm not standing down on m##p##n###### if you get access to my local scripts. They're IRRELEVANT.
for everyone else who may be dumber:
anyways, for the 1 billionth time, I never said you can completely prevent exploiting. I cleared it up right after i posted this and saw replies.
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|
|
| 28 Nov 2017 10:45 PM |
| This thread is absolute cancer |
|
|
| Report Abuse |
|
|
|
| 28 Nov 2017 10:45 PM |
op stop embarrassing yourself and just leave. go and try to save face while you can. you made a mistake challenging scripters that have more knowledge than you lmaoo |
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 10:47 PM |
^ xD you guys are like the background characters of a rap battle lololol
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|
|
| 28 Nov 2017 10:50 PM |
yes and your statements have been flawed numerous of times. "IRRELEVANT!" hahahha i never laughed so loud in my life hahaaha |
|
|
| Report Abuse |
|
|
|
| 28 Nov 2017 10:51 PM |
"If a person has enough skill to somehow manipulate a ROBLOX server, why do you think they would waste tons of time doing so?"
https://www.youtube.com/watch?v=efHCdKb5UWc |
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 10:52 PM |
i could tell because you put two "hahaha"s in that sentence.
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|
Extuls
|
  |
| Joined: 02 Jan 2009 |
| Total Posts: 5557 |
|
|
| 28 Nov 2017 10:55 PM |
Fact is, if your methods of preventing that we haven't seen are *so good*, you'd of done the rest of the tutorial by now. You said yourself it should take two hours, and you've spent plenty of time giving people meaningless responses that mean nothing in this thread. That time could've been spent finishing the tutorial before posting it.
|
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 28 Nov 2017 10:57 PM |
It's true. I was supposed to do my homework. Then I got distracted by this thread. :\
~ [SPiN Clan] s3vvy | YouTube: www.youtube.com/c/SPiNClan |
|
|
| Report Abuse |
|
|
|
| 28 Nov 2017 11:18 PM |
| https://www.youtube.com/watch?v=vujjo-4FW0o |
|
|
| Report Abuse |
|
|
Rerumu
|
  |
| Joined: 11 Oct 2014 |
| Total Posts: 950 |
|
|
| 29 Nov 2017 05:21 AM |
tl;dr you're stupid.
You've mentioned all these miracles but seem to forget that if you send something encrypted to the client, the client will need to know how to decrypt it, and vice versa for encryption. It isn't a matter of knowing what stupid joke you're pulling, and all that needs to be done is decompile (which means turning the bytecode back to code, by the way) your source code (which can be done perfectly now, heads up) and copy/paste the function you use to encrypt/decrypt right into our code, and it's because of the fact to make use of any of this you'll need it on the client.
Key encryption? No problem, Remotespy or scan the memory. Obfuscation? No problem, throw it into a VM like Rerubi and sandbox it to see what happens. You chunking all your code into one line to make it unreadable or thinking it won't be stolen altogether? Decompilers fix that for us. |
|
|
| Report Abuse |
|
|
LuaDesign
|
  |
| Joined: 24 May 2010 |
| Total Posts: 1336 |
|
|
| 29 Nov 2017 05:54 AM |
One thing I completely disagree on.
Walkspeed exploits where the server has no say in. You can prevent these by, maybe, checking for client changes (these are generally called client checks)
Walkspeed is replicated in client and server I believe. Having something constantly change your walkspeed to 16 is the most stupidest thing I have ever seen. You can't check if a client has changed their walkspeed by exploits and vice versa.
Mostly because the Humanoid object is replicated on both sides.
If I had a penny for every penny I had... Mother of god. |
|
|
| Report Abuse |
|
|
|
| 29 Nov 2017 06:08 AM |
| all of you shut up no one cares |
|
|
| Report Abuse |
|
|
LLVM
|
  |
| Joined: 01 Nov 2012 |
| Total Posts: 91 |
|
|
| 29 Nov 2017 06:26 AM |
"you know nothing of my obfuscation/encryption methods so why are you thinking that it's going to be the same? maybe it's actually some sort of system you've never seen or thought of."
yeah but my ESP that only draws a box over the roblox window doesn't need to debofuscate or decrypt anything
it doesn't even send anything to the server! how can the server know what the client is doing if the exploit doesn't even modify the client in the slightest? it doesn't create an instance and the client's behavior is unmodified, so the exploit is essentially COMPLETELY undetectable
it's very relevant, and this exploit alone destroys your 100% exploit proof protection |
|
|
| Report Abuse |
|
|
LLVM
|
  |
| Joined: 01 Nov 2012 |
| Total Posts: 91 |
|
|
| 29 Nov 2017 06:30 AM |
"I understand obfuscation and encryption are pretty straightforward topics, but can you think of a way that they can be used so exploiting is extremely hard?"
yes
in fact, we all know super secure ways after reversing existing obfuscation and encryption methods (such as the one used by Phantom Forces and Apocalypse Rising)
and all of them can be broken, including yours |
|
|
| Report Abuse |
|
|
LLVM
|
  |
| Joined: 01 Nov 2012 |
| Total Posts: 91 |
|
|
| 29 Nov 2017 06:32 AM |
"I will never trust the client, and unless you have some way of telling me that you can access server data without any provided remotes, then I'm gonna stand confident."
the server trusting the client is what's irrelevant here: i don't need to touch the server or ask it anything to render a box over a window at specific coordinates, it's all client-side
your server can trust the client or not, it doesn't matter: my exploit will function nonetheless |
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 29 Nov 2017 08:19 AM |
@Rer
None of the methods you addressed approach my encryption method. I'll give you a hint: the client does receive some sort of decryption method, but the main secret is that the server 'generates' and switches the encryption method itself, which are also variable somewhat between players.
everyone else is getting annoying. |
|
|
| Report Abuse |
|
|
Rerumu
|
  |
| Joined: 11 Oct 2014 |
| Total Posts: 950 |
|
|
| 29 Nov 2017 08:43 AM |
You are *so* wrong. This is no "secret", it's been done before multiple times and it's been cracked time after time. If the client knows how to do something, then so does the exploiter. And with everyone else's points being more than reasonable I see you've accepted you're wrong at least on an internal level. |
|
|
| Report Abuse |
|
|
s3vvy
|
  |
| Joined: 24 Feb 2011 |
| Total Posts: 983 |
|
|
| 29 Nov 2017 08:45 AM |
| did u hear that guys.. we're internally connected |
|
|
| Report Abuse |
|
|