Emess
|
  |
| Joined: 01 Apr 2010 |
| Total Posts: 13331 |
|
|
| 10 Jan 2012 02:26 PM |
| Just integrate some anti-hacking shield or whatever... |
|
|
| Report Abuse |
|
|
|
| 10 Jan 2012 02:27 PM |
| But then Telamon can't hax his own game (read my thread in this forum if you don't understand what I mean). |
|
|
| Report Abuse |
|
|
blockoo
|
  |
| Joined: 08 Nov 2007 |
| Total Posts: 17202 |
|
|
| 10 Jan 2012 02:27 PM |
| # of exploit programs available > # of patches available |
|
|
| Report Abuse |
|
|
Nuclex
|
  |
| Joined: 18 Jan 2009 |
| Total Posts: 2751 |
|
|
| 10 Jan 2012 02:49 PM |
Hah, you think it's that easy. First things first you have to BUY a LICENSE for such a shield, which isn't that cheap. Secondly, most of these would cause more bad than good. |
|
|
| Report Abuse |
|
|
|
| 10 Jan 2012 02:51 PM |
"BUY a LICENSE for such a shield, which isn't that cheap"
fire hat devs buy hack shield license
or just pay for it with their golden toilet fund
"most of these would cause more bad than good."
how? |
|
|
| Report Abuse |
|
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 10 Jan 2012 03:08 PM |
Here is how to patch some:
remove every object in the CoreGui accept the RobloxGui when entering a server |
|
|
| Report Abuse |
|
|
Bubby4j
|
  |
| Joined: 25 Dec 2008 |
| Total Posts: 1831 |
|
|
| 10 Jan 2012 03:36 PM |
Check process list, is cheatengine.exe there? How about wpepro.exe? One of them is? Pop up a "connection lost" message
Prevents 75% of exploitings. Most kids wouldn't udnerstand what's going on. |
|
|
| Report Abuse |
|
|
|
| 10 Jan 2012 03:37 PM |
| @bubby: except im pretty sure thats illegal |
|
|
| Report Abuse |
|
|
|
| 10 Jan 2012 03:38 PM |
That's illegal. The program is remotely looking at a client's processes, and because roblox isn't open source you don't know if its sending that data to 3rd party organizations that could potentially use it to hack you.
And besides, CE7 is rumored to have the ability to change it's process name. |
|
|
| Report Abuse |
|
|
|
| 10 Jan 2012 04:00 PM |
@Tech
They could add to the ToS and open-source a DLL that does it. |
|
|
| Report Abuse |
|
|
|
| 10 Jan 2012 04:03 PM |
"Open-source a DLL that does it."
> True > However, we still don't know the real source code. They could give us a fake. They'll never release the entire client code, so there is absolutely no way to really know what the devs put inside.
NOTE:
I'm not accusing ROBLOX of doing this. But the agency, like the government or trustE or something like that, doesn't know this. |
|
|
| Report Abuse |
|
|
pighead10
|
  |
| Joined: 03 May 2009 |
| Total Posts: 10341 |
|
|
| 10 Jan 2012 04:05 PM |
| Name 1 hack shield that is less annoying than hacks |
|
|
| Report Abuse |
|
|
|
| 10 Jan 2012 04:07 PM |
"Check process list, is cheatengine.exe there? How about wpepro.exe? One of them is? Pop up a "connection lost" message
Prevents 75% of exploitings. Most kids wouldn't udnerstand what's going on."
That's not patching and it's stupid.
There are probably 600 debuggers out there and even more. Plus, what if the player renames it to wegerw.exe or something else?
Plus, what if you're not using cheatengine for ROBLOX?
No, seriously, that's just stupid.
As for patching exploits, it's extremly easy. They just need to move the whole CoreGui, including all the CoreScripts, to C side. They also need to move all the join scripts and all that to the C side.
Just that would remove bugs, make it less laggy and also prevent exploiters from tampeing with the HUD and all that.
Tampering with the C side is extremly hard, compared to tampering with the Lua side.
Want to know EXACTLY what they should do? They should remove completely security contexts when it comes to servers. Everytime it involves an online game, there should be no security contexts at all. Everything that needs an higher security context should be moved to C side.
However, in offline mode, there should be security contexts because of plugins and other things made by the user.
Basically, everytime an online server is involved, there should be no security context at all, neither for the clients, neither for the server. Every locked member should be removed and be edited from C side instead. |
|
|
| Report Abuse |
|
|
Oysi
|
  |
| Joined: 06 Jul 2009 |
| Total Posts: 9058 |
|
| |
|
|
| 10 Jan 2012 04:13 PM |
@Oysi
What they should actually do is not keep the source at all. It doesn't need to be kept. If there is any internal thingy that needs the source, then that's not normal.
Scripts are meant to be ran and once you have the bytecode, you don't need the source anymore.
Scripts's source is not meant to be edited ingame. Also, because of the insert service and all that, they should compile every script that gets inserted and clear its source.
As for cloning scripts, where's the problem? Instead of cloning the source, you clone its bytecode...
Everytime a script runs, its Bytecode property should be set to the bytecode and its Source property should be set to nothing. Or something like that. |
|
|
| Report Abuse |
|
|
Oysi
|
  |
| Joined: 06 Jul 2009 |
| Total Posts: 9058 |
|
| |
|
Quenty
|
  |
| Joined: 03 Sep 2009 |
| Total Posts: 9316 |
|
|
| 10 Jan 2012 04:16 PM |
Alot of exploits work on the bases of editing incoming scripts/scripts on the client, which is easier then server scripts, which the admins believe to be pretty secure.
Also, when you said "Every locked member should be removed and be edited from C side instead." I hope you mean security context, not the 'Locked' property. |
|
|
| Report Abuse |
|
|
|
| 10 Jan 2012 04:25 PM |
They should remove security contexts entirely. Scripts should be able to interact with the entire ROBLOX API.
As for the functions that shouldn't be used by normal scripts, then, that means they should only be used by the admins. If they can only be used by the admins, WHY THE HECK WOULD THEY BE ON THE LUA SIDE?
If only the admins can use something, it should be put in C side. Therefore, security contexts aren't even needed.
That is, except for studio. In studio, plugins need to be able to do certain things that normal scripts must not be able to do. |
|
|
| Report Abuse |
|
|
Quenty
|
  |
| Joined: 03 Sep 2009 |
| Total Posts: 9316 |
|
|
| 10 Jan 2012 04:36 PM |
| I'm not sure, maybe they want to allow users to create their own huds in the future? |
|
|
| Report Abuse |
|
|
|
| 10 Jan 2012 04:39 PM |
| I think this would be quite hard to implement:They can't set up a reliable hack shield due to how Lua is always editting the memory in an unsecure way, so they can't just watch memory addresses. As for the web-sided join scripts, I suppose that then the server wouldn't be able to check the client's join script against the web version like I suppose it currently is, and wouldn't be able to check if it's been edited. |
|
|
| Report Abuse |
|
|