generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: I don't get why patching exploitation is so hard

Previous Thread :: Next Thread 
Emess is not online. Emess
Joined: 01 Apr 2010
Total Posts: 13331
10 Jan 2012 02:26 PM
Just integrate some anti-hacking shield or whatever...
Report Abuse
MyrcoMyrcoMyrcoMyrco is not online. MyrcoMyrcoMyrcoMyrco
Joined: 03 Sep 2011
Total Posts: 1013
10 Jan 2012 02:27 PM
But then Telamon can't hax his own game (read my thread in this forum if you don't understand what I mean).
Report Abuse
blockoo is not online. blockoo
Joined: 08 Nov 2007
Total Posts: 17202
10 Jan 2012 02:27 PM
# of exploit programs available > # of patches available
Report Abuse
Nuclex is not online. Nuclex
Joined: 18 Jan 2009
Total Posts: 2751
10 Jan 2012 02:49 PM
Hah, you think it's that easy.
First things first you have to BUY a LICENSE for such a shield, which isn't that cheap. Secondly, most of these would cause more bad than good.
Report Abuse
crazytomato4 is not online. crazytomato4
Joined: 09 Feb 2011
Total Posts: 1368
10 Jan 2012 02:51 PM
"BUY a LICENSE for such a shield, which isn't that cheap"

fire hat devs
buy hack shield license

or just pay for it with their golden toilet fund

"most of these would cause more bad than good."

how?
Report Abuse
mew903 is not online. mew903
Joined: 03 Aug 2008
Total Posts: 22071
10 Jan 2012 03:08 PM
Here is how to patch some:

remove every object in the CoreGui accept the RobloxGui when entering a server
Report Abuse
Bubby4j is not online. Bubby4j
Joined: 25 Dec 2008
Total Posts: 1831
10 Jan 2012 03:36 PM
Check process list, is cheatengine.exe there? How about wpepro.exe? One of them is? Pop up a "connection lost" message

Prevents 75% of exploitings. Most kids wouldn't udnerstand what's going on.
Report Abuse
crazytomato4 is not online. crazytomato4
Joined: 09 Feb 2011
Total Posts: 1368
10 Jan 2012 03:37 PM
@bubby: except im pretty sure thats illegal
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
10 Jan 2012 03:38 PM
That's illegal. The program is remotely looking at a client's processes, and because roblox isn't open source you don't know if its sending that data to 3rd party organizations that could potentially use it to hack you.

And besides, CE7 is rumored to have the ability to change it's process name.
Report Abuse
trappingnoobs is not online. trappingnoobs
Joined: 05 Oct 2008
Total Posts: 19100
10 Jan 2012 04:00 PM
@Tech

They could add to the ToS and open-source a DLL that does it.
Report Abuse
Techboy6601 is not online. Techboy6601
Joined: 29 Jun 2009
Total Posts: 4914
10 Jan 2012 04:03 PM
"Open-source a DLL that does it."

> True
> However, we still don't know the real source code. They could give us a fake. They'll never release the entire client code, so there is absolutely no way to really know what the devs put inside.


NOTE:

I'm not accusing ROBLOX of doing this. But the agency, like the government or trustE or something like that, doesn't know this.
Report Abuse
pighead10 is not online. pighead10
Joined: 03 May 2009
Total Posts: 10341
10 Jan 2012 04:05 PM
Name 1 hack shield that is less annoying than hacks
Report Abuse
JulienDethurens is not online. JulienDethurens
Joined: 11 Jun 2009
Total Posts: 11046
10 Jan 2012 04:07 PM
"Check process list, is cheatengine.exe there? How about wpepro.exe? One of them is? Pop up a "connection lost" message

Prevents 75% of exploitings. Most kids wouldn't udnerstand what's going on."

That's not patching and it's stupid.

There are probably 600 debuggers out there and even more. Plus, what if the player renames it to wegerw.exe or something else?

Plus, what if you're not using cheatengine for ROBLOX?

No, seriously, that's just stupid.



As for patching exploits, it's extremly easy. They just need to move the whole CoreGui, including all the CoreScripts, to C side. They also need to move all the join scripts and all that to the C side.

Just that would remove bugs, make it less laggy and also prevent exploiters from tampeing with the HUD and all that.


Tampering with the C side is extremly hard, compared to tampering with the Lua side.


Want to know EXACTLY what they should do? They should remove completely security contexts when it comes to servers. Everytime it involves an online game, there should be no security contexts at all. Everything that needs an higher security context should be moved to C side.

However, in offline mode, there should be security contexts because of plugins and other things made by the user.



Basically, everytime an online server is involved, there should be no security context at all, neither for the clients, neither for the server. Every locked member should be removed and be edited from C side instead.
Report Abuse
Oysi is not online. Oysi
Joined: 06 Jul 2009
Total Posts: 9058
10 Jan 2012 04:08 PM
[ Content Deleted ]
Report Abuse
JulienDethurens is not online. JulienDethurens
Joined: 11 Jun 2009
Total Posts: 11046
10 Jan 2012 04:13 PM
@Oysi

What they should actually do is not keep the source at all. It doesn't need to be kept. If there is any internal thingy that needs the source, then that's not normal.

Scripts are meant to be ran and once you have the bytecode, you don't need the source anymore.


Scripts's source is not meant to be edited ingame. Also, because of the insert service and all that, they should compile every script that gets inserted and clear its source.

As for cloning scripts, where's the problem? Instead of cloning the source, you clone its bytecode...

Everytime a script runs, its Bytecode property should be set to the bytecode and its Source property should be set to nothing. Or something like that.
Report Abuse
Oysi is not online. Oysi
Joined: 06 Jul 2009
Total Posts: 9058
10 Jan 2012 04:14 PM
[ Content Deleted ]
Report Abuse
Quenty is online. Quenty
Joined: 03 Sep 2009
Total Posts: 9316
10 Jan 2012 04:16 PM
Alot of exploits work on the bases of editing incoming scripts/scripts on the client, which is easier then server scripts, which the admins believe to be pretty secure.

Also, when you said "Every locked member should be removed and be edited from C side instead." I hope you mean security context, not the 'Locked' property.
Report Abuse
JulienDethurens is not online. JulienDethurens
Joined: 11 Jun 2009
Total Posts: 11046
10 Jan 2012 04:25 PM
They should remove security contexts entirely. Scripts should be able to interact with the entire ROBLOX API.

As for the functions that shouldn't be used by normal scripts, then, that means they should only be used by the admins. If they can only be used by the admins, WHY THE HECK WOULD THEY BE ON THE LUA SIDE?

If only the admins can use something, it should be put in C side. Therefore, security contexts aren't even needed.

That is, except for studio. In studio, plugins need to be able to do certain things that normal scripts must not be able to do.
Report Abuse
Quenty is online. Quenty
Joined: 03 Sep 2009
Total Posts: 9316
10 Jan 2012 04:36 PM
I'm not sure, maybe they want to allow users to create their own huds in the future?
Report Abuse
RenderSettings is not online. RenderSettings
Joined: 16 Aug 2010
Total Posts: 2560
10 Jan 2012 04:39 PM
I think this would be quite hard to implement:They can't set up a reliable hack shield due to how Lua is always editting the memory in an unsecure way, so they can't just watch memory addresses. As for the web-sided join scripts, I suppose that then the server wouldn't be able to check the client's join script against the web version like I suppose it currently is, and wouldn't be able to check if it's been edited.
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image