Roll20-cheat-dice «2024»

While Roll20 uses a "Quantum Roll" system to generate random numbers server-side, vulnerabilities often stem from how these results are communicated to and from the player's client.

: While primarily used for automation, some scripts are designed to track and average player rolls to identify statistically improbable "hot streaks" that might indicate cheating. Detection and Mitigation for GMs roll20-cheat-dice

: The primary technical method involves hijacking the window.WebSocket.prototype.send function. By using tools like Tampermonkey or Charles Proxy , users can intercept outgoing data packets. While Roll20 uses a "Quantum Roll" system to

: Some exploits allow players to "throw away" unfavorable rolls before they are finalized. Since the client reports the final result to the game log, a player can repeatedly roll until a desired number is generated, then only permit that specific packet to reach the server. By using tools like Tampermonkey or Charles Proxy

: GMs should hover their mouse over any suspicious roll in the chat window. This reveals the formula breakdown , showing the actual raw die roll and every modifier applied.

GMs can use built-in Roll20 features to verify the integrity of dice rolls and prevent common exploits:

This report examines technical vulnerabilities and common exploits associated with "roll20-cheat-dice," specifically focusing on client-side manipulation of the Roll20 virtual tabletop platform. Overview of Exploits