|
| 29 Dec 2016 06:40 AM |
and a lot more fun than lots of you think https://www.youtube.com/watch?v=ijjDNqWYbWQ
|
|
|
| Report Abuse |
|
|
| |
|
|
| 29 Dec 2016 06:46 AM |
so the moral is to always use FE and to have fun abusing non-FE games
|
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 06:47 AM |
(except that FE games can be badly abused too)
|
|
|
| Report Abuse |
|
|
Arbeiters
|
  |
| Joined: 22 Sep 2016 |
| Total Posts: 31 |
|
|
| 29 Dec 2016 06:49 AM |
| The video shows an FE game. That exploit is limited to local space and if the game could make a simple check, whoever was exploiting could be kicked on the spot. |
|
|
| Report Abuse |
|
|
Laedere
|
  |
| Joined: 17 Jun 2013 |
| Total Posts: 23601 |
|
|
| 29 Dec 2016 06:50 AM |
| you could always just check locally when a brick is deleted in the workspace and check if it exists on the server |
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 06:53 AM |
it actually isn't very checkable, since the scripts ran by the exploit are interacting with the Lua C API directly, instead of being actual Script/LocalScript objects that the game scripts can look for
there are a lot of things you could do, but as a rule of thumb, you can undo them all too. checking for new bricks in Workspace for example can be undone by deleting the script that checks for them. have it on the server-side? the exploit can just prevent stuff from replicating. not FE? the exploit can deal with the script easy
it's a game of cat and mouse, and it's very fun to be on either side, because no side ever wins. think of it like mind exercise. it's an entire world of entertainment
|
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 06:57 AM |
@Inf How about checking where you are every sec, and if you are at an impossible position you get kicked?
Oh and if you won't replicate it then I guess we'll just have to make an anti afk script that kicks everyone who hasn't moved in 5 minutes.
You'll have 5 minutes of fun before getting kicked.
|
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 06:57 AM |
| And of course the script will reside in nill, because its such a cozy place in there. |
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 06:59 AM |
solution: replicating fake position data that looks valid, but isn't actually where the localplayer is
also scripts with nil parents can still be yanked from memory and the destroy function can be called on them directly without need for the lua c api
|
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 07:01 AM |
solution: Check for repeated patterns in position, you can't use random because you will get to an impossible position sooner or later.
Right then the script will reside in ServerScriptService. |
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 07:03 AM |
random numbers can be generated inside user-defined boundaries ServerScriptService is untouchable, but so is a dishonest client to a server script
|
|
|
| Report Abuse |
|
|
Arbeiters
|
  |
| Joined: 22 Sep 2016 |
| Total Posts: 31 |
|
|
| 29 Dec 2016 07:04 AM |
@Informable
How about this:
I either
-> Give everyone a Gui (with cooldown) to report someone who they suspect is an exploiter to trigger a check.
-> Automatically trigger a check after regular intervals
and what the check does is clones a localscript (which is removed after being used) into suspected player to get his workspace which is checked against the server's workspace followed by an action if the results are suspicious. |
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 07:05 AM |
Fine then ill just completely ignore you and update your character position to whereever you replicate it.
For you it will be like a singleplayer game, noone will see you or see your actions. |
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 07:08 AM |
@Arbeiters that's a clever solution, but again, the client can always lie about their workspace. why trust it? not to mention that modifying workspace is far from the only thing an exploiter can have fun with. you'd have better luck with a classic vote-to-kick system without any mechanical tricks
@GNUnotUNIX good call, but you've covered about 1 centimeter of 1 million miles of ground. what exploiter would get bored upon finding out that they can't move to impossible positions? what's to stop them from messing with game mechanics, breaking RemoteEvents/RemoteFunctions with their own arguments, and causing other sorts of entertaining havoc?
|
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 07:13 AM |
@Inform See what is possible and see what is not :P Delays on getting money, ... |
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 07:13 AM |
Care to release the source code? I always wanted to see how an exploit worked. |
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 07:16 AM |
@GNUnotUNIX yea, but it's a lot of work isn't it? :p are you seeing the same pattern I'm seeing? for everything the exploiter does, the dev can patch it for everything the dev does, the exploiter can unpatch it it's a competition about who has the most patience I've never once seen an exception to this rule
@all_71397777777 releasing the source? that's a one-way ticket to patchtown. and it's also a great way to flood every single ROBLOX game with exploiters until they do fix it. but feel free to ask questions
|
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 07:24 AM |
| I never cared much for the exploit, I just want to see how it works :P |
|
|
| Report Abuse |
|
|
eLunate
|
  |
| Joined: 29 Jul 2014 |
| Total Posts: 13268 |
|
|
| 29 Dec 2016 07:27 AM |
| Issue. For everything that needs to be worked around, people will be caught. For people that are caught, provided an adequate system, exploiters are removed from the system. The game of cat and mouse is one with an exhaustive population. |
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 07:33 AM |
@all_71397777777 well I can do my best to explain it :p
so first, DLL injection lets you run your code inside another program's address space, meaning you can use all the functions that it uses just like you're that program
in ROBLOX, things used to be a lot easier, since all you had to do was ###### a DLL that finds a function like loadstring, and passes your own source string to it. but ROBLOX has amped up their security these past few years and it isn't as easy as that anymore. there aren't any functions on the client that let you compile any Lua bytecode
around the time they removed that stuff, they also mystified their implementation of Lua. as you might know, it's an open source language, but they scrambled their VM so that it works way differently but achieves the same results. that means a clever hacker can't compile stuff in their own Lua and tell ROBLOX's Lua to run it
there are a lot of different ways around this, and some are better than others. the exploit in the video is actually implementing a whole other Lua 5.1 environment alongside ROBLOX's Lua environment, then using user##########atables, and other magic features to port the entire ROBLOX API over to the fresh copy
the unsimplified version of that last explanation is that it's a wrapper (eLunate will know all about that)
|
|
|
| Report Abuse |
|
|
| |
|
|
| 29 Dec 2016 07:44 AM |
@Inform Never wrote a DLL so I still don't know how I would make one. (understand it completely)
But that explaination was very interesting. |
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 07:46 AM |
I can count the number of games that detect 100% of exploiters on 0 hands But I'm sure it's simple for great scripters like you guys :) |
|
|
| Report Abuse |
|
|
|
| 29 Dec 2016 07:48 AM |
@10Miles No one ever cares about hiring someone to make their game exploiter free. All they do is go into free models and insert some anti hack scripts and hope for the best. |
|
|
| Report Abuse |
|
|