Scripting Helpers is winding down operations and is now read-only. More info→
Ad
Log in to vote
1

How do I prevent exploiters from using CoreGui to parent their Guis?

Asked by 4 years ago

The problem with CoreGui is that any indexing of it with a roblox script will error with a permission error. However, I found out that exploiters can parent the Gui under game:GetService'CoreGui' and operate it fine.

This is a problem because now we have a blind spot that exploiters can use, and even if we had a way to find and delete their guis, how would we test it out with Roblox scripts?

Currently erroring code

local a=game:GetService'CoreGui';
a.DescendantAdded:Connect(function(b) --> error

end);
0
I don't think you can do anything to that area. I think it's locked. SilverCreeper58 23 — 4y

1 answer

Log in to vote
6
Answered by
ArtBlart 533 Moderation Voter
4 years ago

The short answer is, you can't.

Regular LocalScripts lack the permission required to add/remove things from CoreGui, while script injectors don't have this restriction.

There used to be a method of calling tostring on objects added into CoreGui, but Roblox removed this for some reason, apparently because you shouldn't be allowed to tostring restricted instances.

The best thing you can do in this case is secure your code. If you cant stop it at it's source just make sure your game is exploit proof where you can make it exploit proof.

0
One way is to try to use RemoteEvents when firing infomation 6zk8 95 — 4y
Ad

Answer this question