mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 27 Feb 2015 08:25 PM |
For anyone who can hijack this closed source module and:
A) run the function "p" (R$ 1000) B) get the source code for it (R$ 2500)
& provide a repro for it, you can post it but PMing would be more appreciated.
Here's some example code:
local module = require(219856863)();
if module ~= nil then module.p(); end;
Code for the actual module that it returns:
local module = { p = function() print 'hello world'; end; }; return module;
To run this, go to one of your places and enter it into the developer console, or put it in a script and upload it to a place and look at the developer console. You can only run closed source modules on roblox servers, not in Start Player or in studio.
Old thread is here: http://www.roblox.com/Forum/ShowPost.aspx?PostID=156600040 Seranok provides some good exploits that were previous in the old version, but it has since been re-written.
Information that should be helpful:
- Returns nil if you're not allowed to use it, - Returns a module table if you are allowed to use it - It checks if the game's PlaceId is valid - Checks if your game variable is a datamodel - All global variables used in the module are stored as upvalues, so you can't hijack them through get/setfenv - No metatables are used - Uses MarketplaceService::GetProductInfo, fetches data from id=187489961
Just continuing my quest to create super secure modules, I want to leave something nifty behind before I leave. If too many people are stumped I'll reveal the source code for it. |
|
|
| Report Abuse |
|
|
robotmega
|
  |
| Joined: 16 May 2009 |
| Total Posts: 14084 |
|
| |
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
| |
|
robotmega
|
  |
| Joined: 16 May 2009 |
| Total Posts: 14084 |
|
| |
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 27 Feb 2015 08:39 PM |
| I haven't seen loleris on there, I think it was weeve or echo |
|
|
| Report Abuse |
|
|
|
| 27 Feb 2015 09:15 PM |
Wait so all we gotta do is run
local module = require(219856863)()
and call module.p somehow in dev console? |
|
|
| Report Abuse |
|
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 27 Feb 2015 09:20 PM |
| @war yes. You have to get it so running require(id)().p() prints "hello world" |
|
|
| Report Abuse |
|
|
|
| 27 Feb 2015 09:24 PM |
| @mew I'll take a couple stabs at it. But I g2g to bed in a few min. If it's still going in the morning I'll be back :D |
|
|
| Report Abuse |
|
|
morash
|
  |
| Joined: 22 May 2010 |
| Total Posts: 5834 |
|
|
| 27 Feb 2015 09:38 PM |
| What do you mean by "valid placeID"? |
|
|
| Report Abuse |
|
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 27 Feb 2015 09:39 PM |
| @morash Checks if the Game.PlaceId is on an external list of valid ones |
|
|
| Report Abuse |
|
|
| |
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
| |
|
|
| 27 Feb 2015 09:49 PM |
| can i just make my own module, and have my own p in the module and then require it on my own script and make it print hello world? if yes, then i will have to do some wiki searching because i have no clue how to even do that |
|
|
| Report Abuse |
|
|
|
| 27 Feb 2015 09:50 PM |
Fun.
"I like to program." - Bosswalrus |
|
|
| Report Abuse |
|
|
morash
|
  |
| Joined: 22 May 2010 |
| Total Posts: 5834 |
|
|
| 27 Feb 2015 09:52 PM |
| You've secured against using a fake game, that's nice. |
|
|
| Report Abuse |
|
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 27 Feb 2015 09:57 PM |
@boss I don't like you, please don't post on my threads if you have nothing to contribute
@morash indeed
@logan yes, with modules that is possible |
|
|
| Report Abuse |
|
|
|
| 27 Feb 2015 09:59 PM |
i meant for the bounty
it was suppose to be a joke
haha laugh laugh |
|
|
| Report Abuse |
|
|
|
| 27 Feb 2015 10:02 PM |
@mew903 I recommend making a forum for yourself and all the other scripters on this forum.
"I like to program." - Bosswalrus |
|
|
| Report Abuse |
|
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 27 Feb 2015 10:12 PM |
@logan if u need a donation hmu, I still have like 12k but I do want to keep a lil'
@boss you could just leave, though. I haven't seen you post anything substantial or helpful, ever. |
|
|
| Report Abuse |
|
|
|
| 27 Feb 2015 10:14 PM |
Cool story.
"I like to program." - Bosswalrus |
|
|
| Report Abuse |
|
|
|
| 28 Feb 2015 07:04 AM |
So we're supposed to
A) Break into the ID list B) Make it so when you check our ID it's one of those C) Run p
right? It seems pretty secure to me lol. |
|
|
| Report Abuse |
|
|
|
| 28 Feb 2015 07:06 AM |
Nevermind, I just realized we can access the ID list (fail)
12345 |
|
|
| Report Abuse |
|
|
GOLDC3PO
|
  |
| Joined: 31 May 2011 |
| Total Posts: 509 |
|
|
| 28 Feb 2015 07:34 AM |
local module2 = { p = function() print 'hello world'; end; };
module2.p()
done C: |
|
|
| Report Abuse |
|
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 28 Feb 2015 02:20 PM |
Bump
@war I wouldn't bother since you're NBC and can't collect the full bounty, that and you don't seem to know environments that great |
|
|
| Report Abuse |
|
|
|
| 28 Feb 2015 05:44 PM |
| @mew Says the one that thought print was in the global environment table -_- |
|
|
| Report Abuse |
|
|