|
| 07 Jun 2015 10:57 PM |
module = require(256482339)() module.Call()
Simply try to break into my module and steal the source... If you are successful tell me the output!
Winner gets 400 Robux.
-Basic Information-
1. It's a Module (DUH) 2. I nuked the environment <: 3. Authentication within the require() 4. Module is inside the Authentication
|
|
|
| Report Abuse |
|
|
|
| 07 Jun 2015 10:59 PM |
Nice job! You did it! I don't know how you did it though! |
|
|
| Report Abuse |
|
|
| |
|
| |
|
|
| 07 Jun 2015 11:06 PM |
| Wish Seranok tried to get into mine qq |
|
|
| Report Abuse |
|
|
|
| 07 Jun 2015 11:06 PM |
| stop bumping you nut you're at the top of the page already omg |
|
|
| Report Abuse |
|
|
|
| 07 Jun 2015 11:09 PM |
| That's the beauty of bumping on the top, you stay on da top :# |
|
|
| Report Abuse |
|
|
EgoMoose
|
  |
| Joined: 04 Feb 2009 |
| Total Posts: 2896 |
|
|
| 07 Jun 2015 11:14 PM |
I can't even run it, I keep getting "Unable to find module for asset id".
I don't know if I'm doing something wrong or what, but, yeah, that's a thing... |
|
|
| Report Abuse |
|
|
|
| 07 Jun 2015 11:15 PM |
| You cannot run modules within Studio, must be online. |
|
|
| Report Abuse |
|
|
EgoMoose
|
  |
| Joined: 04 Feb 2009 |
| Total Posts: 2896 |
|
|
| 07 Jun 2015 11:17 PM |
| Ahh, I see. I'm sure u can figure if I didn't know that, I prob won't get this, but I'l give it a go anyway :D |
|
|
| Report Abuse |
|
|
| |
|
|
| 07 Jun 2015 11:27 PM |
| BUMP! Seranok pls pls pls!!! |
|
|
| Report Abuse |
|
|
|
| 07 Jun 2015 11:42 PM |
I wonder, since my script's authorization runs off game.PlaceId would it be possible to:
setfenv({},{})
And create game with the PlaceId as a Metatable, then require my code?
Because then you'd bypass the authentication since Modules get their enviroment and items from the script requiring? Hmm....
Just a theory... |
|
|
| Report Abuse |
|
|
cntkillme
|
  |
| Joined: 07 Apr 2008 |
| Total Posts: 44956 |
|
|
| 07 Jun 2015 11:43 PM |
'setfenv({},{})' That's not how setfenv works |
|
|
| Report Abuse |
|
|
|
| 07 Jun 2015 11:44 PM |
@Cnt
I did that as an example of what I meant to use to change the environment. |
|
|
| Report Abuse |
|
|
cntkillme
|
  |
| Joined: 07 Apr 2008 |
| Total Posts: 44956 |
|
|
| 07 Jun 2015 11:45 PM |
| setfenv sets a function's environment, not a "tables's environment" (which makes no sense at all) |
|
|
| Report Abuse |
|
|
|
| 07 Jun 2015 11:46 PM |
| It was only a theory that I thought of, not perfect and it wasn't thorough enough. |
|
|
| Report Abuse |
|
|
|
| 07 Jun 2015 11:47 PM |
Wait let me get my keklecorn. Its time for a scripter pissing contest.
choo choo |
|
|
| Report Abuse |
|
|
|
| 07 Jun 2015 11:49 PM |
@Cnt
By changing the environment of the requiring module (which is a function containing a table) one could possibly change the authentication needed values...
But that's only a thought. |
|
|
| Report Abuse |
|
|
cntkillme
|
  |
| Joined: 07 Apr 2008 |
| Total Posts: 44956 |
|
|
| 08 Jun 2015 12:13 AM |
If this "auth" (I'm assuming it's some p*sswrd) is stored in a global, then yes. If it's local, then no. |
|
|
| Report Abuse |
|
|
|
| 08 Jun 2015 12:15 AM |
| Authorization is through game.PlaceId... |
|
|
| Report Abuse |
|
|
cntkillme
|
  |
| Joined: 07 Apr 2008 |
| Total Posts: 44956 |
|
|
| 08 Jun 2015 12:17 AM |
Oh, then it's hackable.
getfenv(blah).game = {PlaceId = the correct one};
Do this on the top of your module script: local game = game; |
|
|
| Report Abuse |
|
|
| |
|
Seranok
|
  |
| Joined: 12 Dec 2009 |
| Total Posts: 11083 |
|
|
| 08 Jun 2015 12:35 AM |
There is really only one thing you need to do to protect a private ModuleScript. Put this at the very start:
if game.PlaceId ~= whatever then error("you aren't allowed") end
-- code that returns module here
In other words, put all your access checks before the user will have a chance to mess with your module. |
|
|
| Report Abuse |
|
|
|
| 08 Jun 2015 12:38 AM |
| Alright, guess i'm good to go then. Thanks! |
|
|
| Report Abuse |
|
|