How can I make a building tools and exploit scanner?
Hey, I'm Will. I'm trying to make a security scanner for my airport. I will not be using FilteringEnabled.
What the scanner does, is it will scan for building tools and exploits, when a sensor brick is touched. If anyone could assist me with ways for finding exploits, and building tools (I think I can already do this with looking in their backpack and their workspace character for tools under the class of HopperBin).
I am thinking of detecting any exploit GUIs, if that is possible, and any other exploits that are detectable. Thanks for your help, and I'm sure that it could help lots of other people too.
1 answer
Note: Roblox is reducing support for non-FilteringEnabled places (restricting it to 13+ only), so proceed with caution.
I suppose you could have a script that knows about all objects in the entire game (or at least the workspace, StarterGui, etc). It would have to know which objects will be generated by Roblox and other scripts in your place and it would have to know about all the starting objects; then it could attempt to destroy all others. If you hook that up to a sensor brick, nothing's stopping an exploiter from deleting that brick if FilteringEnabled is off! (Also, as far as I know, when FilteringEnabled is off there's nothing stopping an exploiter from simply deleting everything in the server, including all your scripts.)
If you change your mind and use FilteringEnabled, there is still the potential for exploiters to send any data they like to your events, so you would need to make sure that the values sent are valid. ex, if you have an event that expects a number from 1 to 10, an exploiter might instead send nil or the number -92. Also, don't provide events like "UpdateMoney", as the exploiter could simply give themselves tons of money. Instead, have events like "PurchaseObject", and the server can figure out how much money to deduct.
Also, FilteringEnabled still gives clients the right to update their characters and bricks near them. It takes a lot of effort to stop clients from being able to fly through space and walls, but you can at least stop them from being able to manipulate bricks by disabling NetworkOwnership via SetNetworkOwner.
Regardless of whether you're using FilteringEnabled, I've heard of speed exploits (telling Roblox that time is running faster or slower than it actually is in an effort to move your character around faster/slower), which can only be checked for by monitoring each player's actual speed versus what speed they're supposed to have (and allowing for variance for various reasons - including Internet lag, physics (including the character falling down a cliff or being thrown into the sky), or being given an item or vehicle that lets them move faster.