|
| 19 Jun 2013 07:34 PM |
Why are we not allowed to edit the "Source" property of a script. This can be really annoying...
I recently made an anti exploit script for a new "locascript" hack that takes over your animation script and lets you run your own scripts in game. My script will not only crash your client when you chat a script it scrambles the source of the animation script so the exploit will not take affect. One problem with this script is that it does not change the source of the script every time a player spawns. This sadly opens up a small loophole for exploiters. As of now I have a plugin that changes the source of the script every time I update the place but it's just not practical.
So why is it we can't use the Source property of scripts/localscripts. Some people say because you can create "virus" scripts. --Well you already make them with loadstring quire easily.
Anybody have any reasoning why you can't access the source property? |
|
|
| Report Abuse |
|
|
Parthax
|
  |
| Joined: 27 Apr 2011 |
| Total Posts: 6941 |
|
|
| 19 Jun 2013 07:36 PM |
> 'made'
Really, you think we don't know that you're using booing's exploit?
Also: http://www.roblox.com/Source-Property-Details-item?id=118311535
cнecĸмαтe, ɴooвѕ. |
|
|
| Report Abuse |
|
|
|
| 19 Jun 2013 07:37 PM |
Roblox moderates virus scripts by putting them in a blacklist so they can't be inserted at all. They find these viruses by seeing that one script appears in four hundred different models. Now, imagine this virus changes its source slightly each time it replicates. It would be impossible to moderate.
Not to mention, if you ever need to change the source of your scripts you're doing it wrong. |
|
|
| Report Abuse |
|
|
woot3
|
  |
| Joined: 10 Nov 2008 |
| Total Posts: 3599 |
|
|
| 19 Jun 2013 07:39 PM |
Here is a better question. Why are you able to change the source code online via exploits? Should the server not detect that these scripts have been changed so not execute them, likewise with local scripts it should disconnect them? |
|
|
| Report Abuse |
|
|
|
| 19 Jun 2013 07:41 PM |
@woot
But I thought they did reject changes to source? If they didn't server-only methods would become obsolete since exploiters can just use them by changing the source. Someone get booing. |
|
|
| Report Abuse |
|
|
jacob2233
|
  |
| Joined: 23 Aug 2007 |
| Total Posts: 723 |
|
|
| 19 Jun 2013 07:42 PM |
I kidna have to agree with Arceusinator, but I think observing behavoir of a script rather than blacklisting the code would prevent that issue.
Basically, if a script replicates itself into everything it can find, something suspicious is going on. If the script re-appears after being deleted, something suspicious is going on. So even if the script could change its own source, behavior would still be relevantly the same... |
|
|
| Report Abuse |
|
|
|
| 19 Jun 2013 07:44 PM |
I guess that is a pretty good point. Also I normally would not need to edit a scripts source but in this case I do. This should explain why...
http://www.roblox.com/Anti-Exploit-item?id=119709249
And definitely I did make it... |
|
|
| Report Abuse |
|
|
woot3
|
  |
| Joined: 10 Nov 2008 |
| Total Posts: 3599 |
|
|
| 19 Jun 2013 07:44 PM |
You could very easily create a virus that dragged in other viruses anyway using loadstring.
>But I thought they did reject changes to source? If they didn't server-only methods >would become obsolete since exploiters can just use them by changing the source. >Someone get booing.
Either way, it's not in place for clients then. |
|
|
| Report Abuse |
|
|
|
| 19 Jun 2013 07:46 PM |
| @ woot using a debugger somebody was able to disable the "hash checker" and the other source checks. Then they can just open up cheat engine and change and change all the localscripts source. |
|
|
| Report Abuse |
|
|
woot3
|
  |
| Joined: 10 Nov 2008 |
| Total Posts: 3599 |
|
|
| 19 Jun 2013 07:47 PM |
Then use the server to check that it's not been disabled. I'm not that big on security, I am going off basic knowledge, but I am pretty sure ROBLOX should be able to stop exploiting at such a level with no major complications rather than waiting for an exploit and patching it. |
|
|
| Report Abuse |
|
|
|
| 19 Jun 2013 07:49 PM |
| Yes, it would be nice to have the source property unlocked. I couldn't tell you how much easier it would be to script things. |
|
|
| Report Abuse |
|
|
|
| 19 Jun 2013 07:50 PM |
There is not a way to use a server check to see if its disabled. ROblox could code that into robloxplayer its self but they would just disable that portion too. The exploiters are VERY smart people(Well the people who make them :3). |
|
|
| Report Abuse |
|
|
woot3
|
  |
| Joined: 10 Nov 2008 |
| Total Posts: 3599 |
|
|
| 19 Jun 2013 07:56 PM |
| It just seems to me, I look at other games like ROSE which once had the same player-base as ROBLOX, exploiting was non-existant. Surely there is a way to really change the player so exploits in Lua can't happen at all. |
|
|
| Report Abuse |
|
|
|
| 19 Jun 2013 08:00 PM |
| Truthfully making exploiting impossible is pretty much impossible itself. Any game in the world can be exploited. It may be thousands of time harder to exploit some game rather than Roblox but it is always possible...sadly. |
|
|
| Report Abuse |
|
|
uyjulian
|
  |
| Joined: 29 Nov 2012 |
| Total Posts: 1214 |
|
| |
|
woot3
|
  |
| Joined: 10 Nov 2008 |
| Total Posts: 3599 |
|
|
| 19 Jun 2013 08:02 PM |
"It may be thousands of time harder to exploit some game rather than Roblox but it is always possible...sadly."
That's my main point really. I find a lot of exploiters are children who have gained it from somebody else. Sure you can never make it impossible, you can however make it so that it's unlikely unless we have a genius doing all the work. |
|
|
| Report Abuse |
|
|
booing
|
  |
| Joined: 04 May 2009 |
| Total Posts: 6594 |
|
|
| 19 Jun 2013 08:07 PM |
| Even if you've modified it to scramble sources, please don't be a SilentCowz about my trainer. |
|
|
| Report Abuse |
|
|
|
| 19 Jun 2013 08:09 PM |
What? I said I made an "Anti Exploit Script" :/ |
|
|
| Report Abuse |
|
|
booing
|
  |
| Joined: 04 May 2009 |
| Total Posts: 6594 |
|
|
| 19 Jun 2013 08:19 PM |
Oh, misunderstood based on the replies. Sorry.
If you want to defend against exploiters, then have one local script do this: local a = Instance.new("IntValue", script.Parent) while wait(1) do a.Value = 1 + A.Value end and a serverscript for each player d (player).CharacterAdded:connect(function() local v = (player).IntValue local asd = v.Value wait(5) if asd.Value == v then Instance.new("StringValue", (player).Backpack).Value = ("..."):rep(3e6) end end) or something like that. If they RobloxLock themselves, then try something like(not sure if they fixed this) in a server script while wait(5) do for i,v in pairs(game:service'Players':GetPlayers()) do if not pcall(function() local asdfasdfas = v.Name end) then game:service("Debris"):AddItem(v,0) end end end |
|
|
| Report Abuse |
|
|
booing
|
  |
| Joined: 04 May 2009 |
| Total Posts: 6594 |
|
| |
|
itunes89
|
  |
| Joined: 19 Jan 2011 |
| Total Posts: 1957 |
|
|
| 19 Jun 2013 08:22 PM |
| It would be cool, but we don't need it. If you know what your doing, there is an easy work around. |
|
|
| Report Abuse |
|
|
|
| 19 Jun 2013 08:30 PM |
I'm a little confused on what you just said... So make a local script:
local b = Instance.new("IntValue",Game.Players.LocalPlayer) while wait(1) do b.Value = b.Value + 1 end
A server script: local Player = Blah Blah Player.CharacterAdded:connect(function() local v = Player.IntValue --Instance local VAL = v.Value --Value wait(5) --Now here i don't understand...Comparing the Value of a Int(aka nil) to an Instance??? if VAL.Value == v then --Bleck end end) |
|
|
| Report Abuse |
|
|
emporerj
|
  |
| Joined: 23 Nov 2010 |
| Total Posts: 39351 |
|
|
| 19 Jun 2013 11:42 PM |
@Arc
do they really moderate for virus scripts?
rofl
ctrl + shift + n solves everything |
|
|
| Report Abuse |
|
|
abaw7
|
  |
| Joined: 23 Oct 2009 |
| Total Posts: 745 |
|
|
| 20 Jun 2013 12:24 AM |
| Amazingly, yes even though those scripts are very easy to remove with a simple loop. |
|
|
| Report Abuse |
|
|