Roll20-cheat-dice -

GMs can use built-in Roll20 features to verify the integrity of dice rolls and prevent common exploits:

: The primary technical method involves hijacking the window.WebSocket.prototype.send function. By using tools like Tampermonkey or Charles Proxy , users can intercept outgoing data packets.

: A non-technical "cheat" involves temporarily inflating ability scores or modifiers on a character sheet before rolling, then quickly reverting them before the Game Master (GM) notices. Known Tools and Scripts roll20-cheat-dice

: While primarily used for automation, some scripts are designed to track and average player rolls to identify statistically improbable "hot streaks" that might indicate cheating. Detection and Mitigation for GMs

While Roll20 uses a "Quantum Roll" system to generate random numbers server-side, vulnerabilities often stem from how these results are communicated to and from the player's client. GMs can use built-in Roll20 features to verify

: Some exploits allow players to "throw away" unfavorable rolls before they are finalized. Since the client reports the final result to the game log, a player can repeatedly roll until a desired number is generated, then only permit that specific packet to reach the server.

This report examines technical vulnerabilities and common exploits associated with "roll20-cheat-dice," specifically focusing on client-side manipulation of the Roll20 virtual tabletop platform. Overview of Exploits Known Tools and Scripts : While primarily used

: Using the platform's 3D Dice feature is often recommended, as these visual representations are harder to manipulate through simple packet editing.