A crash course on how to easily track down autofarm exploiters (Discussion)

Hello, I recently got back to the forums. With that, I would like to bring resources that I have collected from the game over the past 2020-2022 period, onto the forum, with this thread dedicated to autofarm exploiters. This thread will teach you most of the stuff you have to know about them and how they operate, to either make spotting and identifying someone who is autofarming easier, or if you’re a really dedicated exploiter hunter, track them down through servers and quickly report them.

Note that you can report exploiters on the CC2 exploiters report portal linked here (you must sign in with discord in order to upload reports):

First things first, what is an autofarm exploit? If you’ve been playing CC2 for a reasonably long time, you probably have already encountered a weird situation, where a player’s car would get thrown in the air to get wrecked, then respawn, with the cycle repeating.

Here is an example:

This means that the player is using a script that was executed using an exploit, the use of such tools is strictly prohibited on the Roblox platform and CC2, as it gives an unfair advantage to other players and is, of course, a form of cheating. Most of these scripts come in what we call a GUI (Graphics User Interface), which integrates many features, with for example universal features such as walk speed, jump power, fly, noclip, teleporting, and vflying (which stands for vehicle flying, yes the ones in the derby arena)… And game-custom features, in the case of CC2, autofarming. But you may also find other features such as remotely activating core meltdown, auto-rebirthing (tokens), and auto-escaping core explosion but even if they are presented as optional, they are still somewhat a part of autofarming. There are only a few GUIs available at the moment, but if fairly advertised, they get quickly popular and you end up with a swarm of exploiters every time one is being released or advertised on trending websites (although it seems that one popular and said to be OP GUI has been recently patched). And on top of that, they can get integrated into Hubs (theses can be pretty popular), which are offering scripts for multiple games at the same time, it is basically a way to regroup scripts for many games into one Hub/GUI, and a good amount of them are paid access. Most, if not all of these scripts are obfuscated, which makes the scripts unreadable and overall useless to view, making patching them way more difficult.

Alright! Now that you know what exactly an autofarm exploit does, let’s get to how to track them down.
The location is of course the most important factor, the most average autofarmers can be found where vehicles spawn, simply taking a look at each row for a good minute lets you know if someone is autofarming. Next, other smarter autofarmers can be found on the left side of the airport runway, as shown here:

Here is what it looks like:

image434×698 53.5 KB

This makes identifying the player significantly harder, although you can still try to guess where they would respawn, using the leaderboard stats updating… But it will still make having solid proof against them way more difficult. If needed, you can request an AVAILABLE Head Moderator to join you so they can teleport to the exploiter in order to get a video recording of them, but make sure not to waste their time with poor speculations. ALTHOUGH, IT MAY BE THAT ONE “OP” GUI THAT HAS BEEN RECENTLY PATCHED.

Now that you are aware of the currently known locations, you know how to make sure if there is an exploiter in the server you just joined to play.

But if you’re really dedicated to hunting exploiters (like I am!), here is how to proceed: Most of them can be found in servers with a low amount of players, or even in servers with only them in. Simply get to the server list, and head down to low players amount servers (you can use extensions such as BTRoblox or Roblox+ to make the process way easier). You can try to identify exploiters using their avatars, with for example bacon hairs or free avatars, but that doesn’t mean that paid avatars are totally legit as in fact, I’d say that a good 50% of the exploiters I encountered had paid avatars. After joining the server, proceed to verify all of the known spots (spawn locations, runway, facility…) and keep an eye for Unidentifed Flying Cars, and do it quickly, AFK autofarming doesn’t mean the person isn’t behind their screen often checking for people joining the server to then pause their autofarm. As soon as you’ve identified an exploiter, you must get a video recording of them autofarming, with their avatar and their username (NOT DISPLAY NAME) visible, to finally report them on the exploiters report portal, and congrats, you’ve successfully reported an exploiter and contributed to making the game fairer for everyone.

In the case where you would encounter other types of exploiters (mainly vehicle flying), the process is the same, get a video recording of them flying their car and potentially ramming other players, try to get a good sight of their avatar and compare it with their username in the ESC menu, or ultimately try to get in their car as a passenger if you even manage to do so. I haven’t ever dealt with that type of exploiter so if you know any good ways to operate better than that, feel free to share your knowledge on this thread.

Right, now that you know everything you should know about autofarm exploiters and how to proceed to track them down, you’re free to obtain your Exploiter Hunter License and make CC2 clean off the exploiters!

Thanks for reading this thread, if you think that I have missed something or if you have any useful information to add, feel free to share it here, the same thing goes for questions. I will keep this thread updated whenever it is needed.

Alrighty, I usually call these people Ron Weasleys (Because flying car.) but other people call them Script Kiddies.

Why that name? Because those hacks aren’t theirs. They just bought the hack off some shady website or a friend of a friend.

As you guys know, these websites have more viruses than someone sending money to Nigerian Princes, so they are technically ruining their own computers as well as their dignity.

From what I know, I think they are automated, as in a bot is currently running that player and not a person themselves. I encountered an exploiter, called them out, and all they said was “Lol”

Like I typed anything and they said “lol.”

Happened with other players. We told unfunny jokes and they said “lol”

In the same exact order with the exact amount of spaces away from their chat log.

So not only are they exploiters, but they arent even sentient people.

Many weird points with your post there, “skidding” is misused by everyone nowadays but I’m letting that happen since people literally just changed the definition at this point but if you’re talking about the scripts executors themselves they’re just using a product, otherwise, if you’re talking about scripts well theses are being publicly advertised and unless someone is copying it to use it for their own project then that is not skidding, that’s just consuming a publicly released product which the point is to be used by anyone. Oh, and 99% of scripts that are being released are totally free, all CC2 GUIs that I am aware of are entirely free.

A website cannot directly infect you with a virus, and while yes, you can find a lot of free exploits integrating unwanted features such as an adware, if one even infects your computer with a virus, I highly doubt it’d even be able to execute much scripts, it never happens now anyways since a good majority of exploits and public APIs (basically most free ones) have been discontinued after a critical update from Roblox back in August 2021, on top of that, it appears that most of the CC2 autofarm GUIs can only be executed through Synapse X which is 20$ paid or other paid exploits that I am not aware of (although vehicle flying is quite an easy script to execute for any exploit). But I believe you’re assuming all of this off stereotypes which is understandable.

Now for the bot part of your post: No, nobody would ever do a such thing nor waste their time creating such as complex thing that would involve a crazy AI, they just say lol to troll you that’s it (or they’re simply using a chatbot)

Chatbot, now I remember it.

Now, that crazy AI thing isn’t all that crazy.

You see, some hackers will set paths for where the bot would go, an idea first used with Nextbots but corrupted by exploiters

What I believe may be happening is that they are using node maps. Node maps make it so bots dont end up running into walls, driving cars into something, or running directly into the player.

Without node maps, you get those old roblox zombies that try to run straight into the player instead of taking the most direct path. Now, why would hackers be using node maps? Well, they would have the AI run the program and go to the hidden zone via the nodemaps dictating the best direction to go and activating the program.

So kind of like this.
Node A: Respawn zone
Node B: Activate Zone.

A————()
|
|
O

B
Imagine the parentheses and the letter O were obstacles, roadblocks, or another player.
Now imagine the lines of what path a node driven AI would go.

Now compare that to no node.

A


\
[€]

            B

With this typed out diagram, you can see where the bot failed. It got stuck on the box with a euro inside of it, unable to get to point B.

This same logic is how spinbots in arsenal and Team Fortress 2 work. This logic is also how I believe the exploiter bots in CC2 work as well.

Think about it.

When they reach their destination, they will just… stop moving. Nobody can sit so still for such a long time. They have to make a mistake somewhere. They have to deviate from the path somewhat.

Yet these exploiters seem to take the exact path, right down to the nugget, to their desired destination.

Kind of strange.

Nevermind, my diagram broke.

Have this crudely drawn one.

On the left is a nodeless AI. On the right is a node AI. To get from A to B, the node AI will walk around the wall, whereas the nodeless one will forever keep walking into the wall.

Remember: this kind of AI has been around for 20 years.

Right, you just gave me the definition of pathfinding. I don’t really get where you’re trying to get your point but I can assure you that in no way do exploiters use AIs nor Pathfinding for either their autofarm or vehicle flying. For autofarming, all they have to do is teleport or use the tween service and that’s literally it, no need to involve any form of pathtracing. And for vehicle flying, it’s just about common sense, literally what would be the point of doing such a thing, if even possible, because even tho pathfinding is a thing, writing an entire pathfinding program dedicated to CC2 engine (which I can assure you is no easy task) just to ram peoples vehicle automatically? I’m sorry but that just sounds really stupid. And trust me, if there was such a script around, I’d be one of the first aware.

so many text walls oh my god

very informative

Ok. Now I am more sufficiently understanding.

What I feel like we might be able to do is have some sort of votekick system.

Now why should we go to such a simple method?

We may be able to have an AI that detects hackers but we must also consider the fact that machine error is extremely possible. It is like relying on security cameras when Michael from Breaking Bad is right by the powerlines.

The risks of a person getting it wrong are actually really low, as someone who initiates the VK will probably say what is going on. That is my theory. Agree to disagree.

The Votekick system sounds pretty reasonable, though the major issue with this system is abuse, but you can still suggest that in the suggestion category if it already hasn’t been suggested.

As far as I am aware games don’t use AIs as anti-cheats, same issue here it’s a lot of unnecessary work (I don’t even think that this is possible for Roblox) when you can just implement an anti-cheat with some scripting (which apparently is being worked on CC2).

For now, I suggest the “Glass Rule”

Glass rule should protect people from false flagging by recording most of everything that happens when a VK works/fails to a moderator who will validate it as probable or not.

Peer review is recommended and any biased validations should probably be flagged.

i don’t think recording is possible in roblox

Yea no there’s no auto-recording-that-uploads-somewhere on roblox yet. And with thousands of active players this would be a lot of work. And if you meant manual video recording from users that would be such an absolute mess to manage and do I can’t even explain it.

Oh.

We gotta come up with something. Maybe we can end up catching them the same way that Gmod did?

Here is the idea:

1. The anticheat would detect the hacker but not give them the classic “You are banned for cheating” but would instead say “You were kicked from the game: Unable to shade polygon normals”
2. Considering that this is a strange “error”, they might head to the forums, go online, or DM a dev. Now they just exposed themselves because shading polygon normals isn’t even a thing. They just found a fake error message meant to target them for hacking.

what if there’s just a limit to how high you can even go
like an invisible wall

Most games will kick you instead of banning you when they suspect that you’re exploiting due to false positives. Tho there are different types of features in an anti-cheat. Take for example an anti-fly, this would most likely kick the player due to false positives being highly possible. If the exploiter is being detected attempting to fire a Remote, in most cases you would instantly ban them as there are no possible false positives here.

Also, the “gmod idea” you’re giving us sounds weird… What if a false positive happens? And why waste your time going through an entire process like this when a simple kick or a ban (with the remote for example) is enough to deal with? I’m still not clearly getting your point here but you might want to learn more about anti-cheats and scripting overall on the Roblox devforum or the API Reference for example. Hope this is helpful.

That’d be the laziest way to implement an “anti-cheat”.

well if the actual anti cheat is in progress its better to implement something than nothing

Well you certainly don’t have to worry about that, you have 2 advanced programmers working behind and they definitely know what they’re doing, in fact with one of the most popular GUIs that has been patched apparently during the last update.