generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: Overriding Globals

Previous Thread :: Next Thread 
waverlycole is not online. waverlycole
Joined: 30 Nov 2010
Total Posts: 139
10 May 2017 11:06 AM
I would like to start by saying this thread was made so I can learn how to prevent or protect against this. There are currently 3 methods that I've heard of for overriding globals. And no I'm not referring to _G. I mean literally overwriting server globals. For example, I override the print() function and instead make it call warn() so anyone who then called print() it would warn instead. I have also seen people overriding the #### Service to prevent players from using it by making Posting etc returning nil or an error(). Please reply if you know how to override globals or have a way to detect it so I can keep some of my Modules safe. (People have overridden #### and gotten keys, Datastore keys, even stolen source directly.)
Report Abuse
TimeTicks is not online. TimeTicks
Joined: 27 Apr 2011
Total Posts: 27115
10 May 2017 11:37 AM
You shouldn't be doing that. just call warn when its a warn and print when its a print. Or just do it the easy way and make your own custom function. Duh

Just store modules in server storage.


Report Abuse
waverlycole is not online. waverlycole
Joined: 30 Nov 2010
Total Posts: 139
10 May 2017 11:46 AM
The issue is it's a Module free for public to use via require. In the past and currently I've had issues with overwriting globals, however, very few people know how to it is still concerning for the security of my module.
Report Abuse
TimeTicks is not online. TimeTicks
Joined: 27 Apr 2011
Total Posts: 27115
10 May 2017 11:47 AM
Security about modules is not of any concern. Storing them in serverstorage is perfectly fine since clients do not have access to it.


Report Abuse
waverlycole is not online. waverlycole
Joined: 30 Nov 2010
Total Posts: 139
10 May 2017 11:51 AM
Because anyone can require the module if they require it in a sandbox they made they can control what it has access too. This normally isn't an issue but if their custom environment includes override globals they can log my requests to services and get website keys and tokens.
Report Abuse
waverlycole is not online. waverlycole
Joined: 30 Nov 2010
Total Posts: 139
10 May 2017 11:57 AM
It's not like it's a part of my game. Anyone can use it and they can do some pretty sketchy things to instance the module by catching errors and using Clone and SavePlace to get the module and all its decendants.

(Ignoring the fact roblox now clears the source of the main module)
Report Abuse
W8X is not online. W8X
Joined: 20 Jan 2014
Total Posts: 683
10 May 2017 12:02 PM
getfenv()['print'] = warn


Report Abuse
waverlycole is not online. waverlycole
Joined: 30 Nov 2010
Total Posts: 139
10 May 2017 12:05 PM
That would only change the environment of the script that is run in not the global environment
Report Abuse
Mister_Manakin is not online. Mister_Manakin
Joined: 16 Sep 2009
Total Posts: 1935
10 May 2017 12:11 PM
local function print(s)
warn(s)
end

print("this message should appear as a warning")
Report Abuse
waverlycole is not online. waverlycole
Joined: 30 Nov 2010
Total Posts: 139
10 May 2017 12:13 PM
That's just a longer way to the previous response...
Report Abuse
waverlycole is not online. waverlycole
Joined: 30 Nov 2010
Total Posts: 139
10 May 2017 12:15 PM
Guys I'm not talking about changing the local environment like

local print = warn

print'ok'

I mean overriding the global environment as in every script
Report Abuse
W8X is not online. W8X
Joined: 20 Jan 2014
Total Posts: 683
10 May 2017 12:24 PM
uh
you could maybe make a plugin that modifies the source of every script and localscript to have something like setfenv(0,new_env) and the start



Report Abuse
JarodOfOrbiter is not online. JarodOfOrbiter
Joined: 17 Feb 2011
Total Posts: 20029
10 May 2017 12:37 PM
You can't run a script in a sandbox like that.
Try to understand what the issue is before you try to fix it.


Report Abuse
waverlycole is not online. waverlycole
Joined: 30 Nov 2010
Total Posts: 139
10 May 2017 12:39 PM
The sandbox was just an example. The problem is people overriding the # t t p service and logging my keys and tokens to my website and changing stuff.
Report Abuse
JarodOfOrbiter is not online. JarodOfOrbiter
Joined: 17 Feb 2011
Total Posts: 20029
10 May 2017 12:42 PM
Tell me how they do that and I may be able to help.


Report Abuse
waverlycole is not online. waverlycole
Joined: 30 Nov 2010
Total Posts: 139
10 May 2017 12:51 PM
That's the problem, I have no idea how they access the global environment let alone edit it.
Report Abuse
JarodOfOrbiter is not online. JarodOfOrbiter
Joined: 17 Feb 2011
Total Posts: 20029
10 May 2017 01:00 PM
Are they viewing the source of the script? Because if you didn't protect it, that is easy to do.

Let me help.

local script = script
script = nil

Put that at the top, that will protect you against the most common and easiest way to take the source of a copylocked ModuleScript.


Report Abuse
cntkillme is not online. cntkillme
Joined: 07 Apr 2008
Total Posts: 44956
10 May 2017 02:13 PM
What you want to do is "impossible" on Roblox.
I quote impossible because there's been a bug that has existed for years (and still exists as of a month ago) that let's you steal the metatable of the script's global env. and actually overwrite built-ins.
Report Abuse
waverlycole is not online. waverlycole
Joined: 30 Nov 2010
Total Posts: 139
10 May 2017 04:15 PM
Yeah I know it's a bug but I also know are are currently 3 different methods to getting the enviroment. Also, yes I already do something similar to "local script=script;script=nil"
Report Abuse
waverlycole is not online. waverlycole
Joined: 30 Nov 2010
Total Posts: 139
10 May 2017 04:17 PM
I only kniw ghere a few different methods but don't know how to use any of them nor protect against them.
Report Abuse
waverlycole is not online. waverlycole
Joined: 30 Nov 2010
Total Posts: 139
25 May 2017 09:24 PM
Do you know how to do this method and are you willing to share?


Report Abuse
Wunder_Wulfe is online. Wunder_Wulfe
Joined: 13 Sep 2016
Total Posts: 8356
25 May 2017 09:25 PM
local This_Module_Holds_My_Global_Variables = require(module)
local _ENV = getfenv()
for name, value in next,This_Module_Holds_My_Global_Variables do
_ENV[name] = value
end

print( myGlobal )
Report Abuse
Wunder_Wulfe is online. Wunder_Wulfe
Joined: 13 Sep 2016
Total Posts: 8356
25 May 2017 09:26 PM
--module

return {
test = function() print("a ok") end;
}

--test() should now work when u run the other one
Report Abuse
Unsubtleties is not online. Unsubtleties
Joined: 28 Nov 2016
Total Posts: 9203
25 May 2017 09:27 PM
...or just simply:

global1, global2, global3 = require(module)


Report Abuse
Unsubtleties is not online. Unsubtleties
Joined: 28 Nov 2016
Total Posts: 9203
25 May 2017 09:27 PM
To fit the example you posted:

global1, global2, global3 = unpack(require(module))

Just don't make it a dictionary.


Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image