generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: ROBLOX exploiting is alive and well

Previous Thread :: Next Thread 
Unbewilled is not online. Unbewilled
Joined: 10 Aug 2016
Total Posts: 13
29 Dec 2016 06:40 AM
and a lot more fun than lots of you think
https://www.youtube.com/watch?v=ijjDNqWYbWQ


Report Abuse
GNUnotUNIX is not online. GNUnotUNIX
Joined: 05 Feb 2012
Total Posts: 15171
29 Dec 2016 06:45 AM
So?
Report Abuse
Unbewilled is not online. Unbewilled
Joined: 10 Aug 2016
Total Posts: 13
29 Dec 2016 06:46 AM
so the moral is to always use FE and to have fun abusing non-FE games


Report Abuse
Unbewilled is not online. Unbewilled
Joined: 10 Aug 2016
Total Posts: 13
29 Dec 2016 06:47 AM
(except that FE games can be badly abused too)


Report Abuse
Arbeiters is not online. Arbeiters
Joined: 22 Sep 2016
Total Posts: 31
29 Dec 2016 06:49 AM
The video shows an FE game. That exploit is limited to local space and if the game could make a simple check, whoever was exploiting could be kicked on the spot.
Report Abuse
Laedere is online. Laedere
Joined: 17 Jun 2013
Total Posts: 23601
29 Dec 2016 06:50 AM
you could always just check locally when a brick is deleted in the workspace and check if it exists on the server
Report Abuse
Informable is not online. Informable
Joined: 10 Aug 2016
Total Posts: 1778
29 Dec 2016 06:53 AM
it actually isn't very checkable, since the scripts ran by the exploit are interacting with the Lua C API directly, instead of being actual Script/LocalScript objects that the game scripts can look for

there are a lot of things you could do, but as a rule of thumb, you can undo them all too. checking for new bricks in Workspace for example can be undone by deleting the script that checks for them. have it on the server-side? the exploit can just prevent stuff from replicating. not FE? the exploit can deal with the script easy

it's a game of cat and mouse, and it's very fun to be on either side, because no side ever wins. think of it like mind exercise. it's an entire world of entertainment


Report Abuse
GNUnotUNIX is not online. GNUnotUNIX
Joined: 05 Feb 2012
Total Posts: 15171
29 Dec 2016 06:57 AM
@Inf
How about checking where you are every sec, and if you are at an impossible position you get kicked?

Oh and if you won't replicate it then I guess we'll just have to make an anti afk script that kicks everyone who hasn't moved in 5 minutes.

You'll have 5 minutes of fun before getting kicked.
Report Abuse
GNUnotUNIX is not online. GNUnotUNIX
Joined: 05 Feb 2012
Total Posts: 15171
29 Dec 2016 06:57 AM
And of course the script will reside in nill, because its such a cozy place in there.
Report Abuse
Informable is not online. Informable
Joined: 10 Aug 2016
Total Posts: 1778
29 Dec 2016 06:59 AM
solution: replicating fake position data that looks valid, but isn't actually where the localplayer is

also scripts with nil parents can still be yanked from memory and the destroy function can be called on them directly without need for the lua c api


Report Abuse
GNUnotUNIX is not online. GNUnotUNIX
Joined: 05 Feb 2012
Total Posts: 15171
29 Dec 2016 07:01 AM
solution: Check for repeated patterns in position, you can't use random because you will get to an impossible position sooner or later.

Right then the script will reside in ServerScriptService.
Report Abuse
Informable is not online. Informable
Joined: 10 Aug 2016
Total Posts: 1778
29 Dec 2016 07:03 AM
random numbers can be generated inside user-defined boundaries
ServerScriptService is untouchable, but so is a dishonest client to a server script


Report Abuse
Arbeiters is not online. Arbeiters
Joined: 22 Sep 2016
Total Posts: 31
29 Dec 2016 07:04 AM
@Informable

How about this:

I either

-> Give everyone a Gui (with cooldown) to report someone who they suspect is an exploiter to trigger a check.

-> Automatically trigger a check after regular intervals

and what the check does is clones a localscript (which is removed after being used) into suspected player to get his workspace which is checked against the server's workspace followed by an action if the results are suspicious.
Report Abuse
GNUnotUNIX is not online. GNUnotUNIX
Joined: 05 Feb 2012
Total Posts: 15171
29 Dec 2016 07:05 AM
Fine then ill just completely ignore you and update your character position to whereever you replicate it.

For you it will be like a singleplayer game, noone will see you or see your actions.
Report Abuse
Informable is not online. Informable
Joined: 10 Aug 2016
Total Posts: 1778
29 Dec 2016 07:08 AM
@Arbeiters that's a clever solution, but again, the client can always lie about their workspace. why trust it? not to mention that modifying workspace is far from the only thing an exploiter can have fun with. you'd have better luck with a classic vote-to-kick system without any mechanical tricks

@GNUnotUNIX good call, but you've covered about 1 centimeter of 1 million miles of ground. what exploiter would get bored upon finding out that they can't move to impossible positions? what's to stop them from messing with game mechanics, breaking RemoteEvents/RemoteFunctions with their own arguments, and causing other sorts of entertaining havoc?


Report Abuse
GNUnotUNIX is not online. GNUnotUNIX
Joined: 05 Feb 2012
Total Posts: 15171
29 Dec 2016 07:13 AM
@Inform
See what is possible and see what is not :P
Delays on getting money, ...
Report Abuse
all_71397777777 is not online. all_71397777777
Joined: 30 Apr 2016
Total Posts: 314
29 Dec 2016 07:13 AM
Care to release the source code?
I always wanted to see how an exploit worked.
Report Abuse
Informable is not online. Informable
Joined: 10 Aug 2016
Total Posts: 1778
29 Dec 2016 07:16 AM
@GNUnotUNIX yea, but it's a lot of work isn't it? :p
are you seeing the same pattern I'm seeing?
for everything the exploiter does, the dev can patch it
for everything the dev does, the exploiter can unpatch it
it's a competition about who has the most patience
I've never once seen an exception to this rule

@all_71397777777 releasing the source? that's a one-way ticket to patchtown. and it's also a great way to flood every single ROBLOX game with exploiters until they do fix it. but feel free to ask questions


Report Abuse
all_71397777777 is not online. all_71397777777
Joined: 30 Apr 2016
Total Posts: 314
29 Dec 2016 07:24 AM
I never cared much for the exploit, I just want to see how it works :P
Report Abuse
eLunate is not online. eLunate
Joined: 29 Jul 2014
Total Posts: 13268
29 Dec 2016 07:27 AM
Issue. For everything that needs to be worked around, people will be caught. For people that are caught, provided an adequate system, exploiters are removed from the system. The game of cat and mouse is one with an exhaustive population.
Report Abuse
Informable is not online. Informable
Joined: 10 Aug 2016
Total Posts: 1778
29 Dec 2016 07:33 AM
@all_71397777777 well I can do my best to explain it :p

so first, DLL injection lets you run your code inside another program's address space, meaning you can use all the functions that it uses just like you're that program

in ROBLOX, things used to be a lot easier, since all you had to do was ###### a DLL that finds a function like loadstring, and passes your own source string to it. but ROBLOX has amped up their security these past few years and it isn't as easy as that anymore. there aren't any functions on the client that let you compile any Lua bytecode

around the time they removed that stuff, they also mystified their implementation of Lua. as you might know, it's an open source language, but they scrambled their VM so that it works way differently but achieves the same results. that means a clever hacker can't compile stuff in their own Lua and tell ROBLOX's Lua to run it

there are a lot of different ways around this, and some are better than others. the exploit in the video is actually implementing a whole other Lua 5.1 environment alongside ROBLOX's Lua environment, then using user##########atables, and other magic features to port the entire ROBLOX API over to the fresh copy

the unsimplified version of that last explanation is that it's a wrapper (eLunate will know all about that)


Report Abuse
Informable is not online. Informable
Joined: 10 Aug 2016
Total Posts: 1778
29 Dec 2016 07:39 AM
sorry for filter


Report Abuse
all_71397777777 is not online. all_71397777777
Joined: 30 Apr 2016
Total Posts: 314
29 Dec 2016 07:44 AM
@Inform
Never wrote a DLL so I still don't know how I would make one. (understand it completely)

But that explaination was very interesting.
Report Abuse
10MilesWide is not online. 10MilesWide
Joined: 06 Aug 2014
Total Posts: 2220
29 Dec 2016 07:46 AM
I can count the number of games that detect 100% of exploiters on 0 hands
But I'm sure it's simple for great scripters like you guys :)
Report Abuse
GNUnotUNIX is not online. GNUnotUNIX
Joined: 05 Feb 2012
Total Posts: 15171
29 Dec 2016 07:48 AM
@10Miles
No one ever cares about hiring someone to make their game exploiter free.
All they do is go into free models and insert some anti hack scripts and hope for the best.
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image