generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Do DLL injection exploits have tells?

Previous Thread :: Next Thread 
B0BBA is not online. B0BBA
Joined: 04 Aug 2008
Total Posts: 135
17 Jun 2012 10:36 PM
Quite simply put, is there a way to tell if a server is being exploited? Are there any signs/give-aways (aside from foreign objects being inserted into the Workspace) that show when someone access an exploited explorer?

Also, how 'powerful' are these exploits? Can they render a game's copy-lock protection useless?
Report Abuse
jode6543 is not online. jode6543
Joined: 16 Jun 2009
Total Posts: 5363
17 Jun 2012 11:01 PM
"Can they render a game's copy-lock protection useless?"
Jaredveldez4. 'Nuff said.
Aside from that, a few methods exist to prevent exploits Lua-side. The most popular one protects against Explorer exploits, and is as follows:

game:GetService("Selection").SelectionChanged:connect(function()
while true do end
end)

Make sure that is in a LocalScript, of course.

As for exploits that execute scripts: there is no method to prevent this with Lua. The devs have to figure that one out.

-Jode
Report Abuse
stravant is not online. stravant
Forum Moderator
Joined: 22 Oct 2007
Total Posts: 2893
17 Jun 2012 11:02 PM
It's in the exploits best interest to not mess with stuff that will make them visible from the server, since they don't want to get caught.

For some specific exploits it's possible to detect them with a localscript on the client side, but in general there's nothing you can do.

That said, there will be some updates soon that prevent reading scripts on the server side with any easy exploit, and there is already code that you can use to prevent exploits from hurting a server in any way with complex enough coding on your part.
Report Abuse
darkkiller5555 is not online. darkkiller5555
Joined: 22 Nov 2009
Total Posts: 6359
17 Jun 2012 11:04 PM
The only current method of somewhat preventing this is as stated above. I actually prefer the following code inside of StarterGui.


game.Selection.SelectionChanged:connect(function()
Instance.new("ManualSurfaceJointInstance", game.Players.LocalPlayer)
end)

But that's just me. Yes, a LocalScript.

Unfortunately, if they were smart, they could use the command bar and simply disable this script..But of course with other scripts, it's perfectly possible. But they do have the command bar, so they're pretty much able to disable any of the precaution scripts you place down..If they're smart of course.
Report Abuse
NVI is not online. NVI
Joined: 11 Jan 2009
Total Posts: 4744
17 Jun 2012 11:40 PM
Honestly, will you quit using ManualSurfaceJointInstance? Hinging your security on a bug that's likely to be fixed next update is extremely stupid. Besides, it does NOT work online.
Report Abuse
B0BBA is not online. B0BBA
Joined: 04 Aug 2008
Total Posts: 135
17 Jun 2012 11:44 PM
What exactly is the Selection Service?

As for the ManualSurfaceJointInstance, I assume that's just there to eat up processing time and crash the client?
Report Abuse
slayer219 is not online. slayer219
Joined: 15 Nov 2008
Total Posts: 3445
17 Jun 2012 11:46 PM
You know when you select something in the explorer pane or use the selection tool? That's Selection Service.
Report Abuse
JulienDethurens is not online. JulienDethurens
Joined: 11 Jun 2009
Total Posts: 11046
18 Jun 2012 12:15 AM
Everyone who uses the Selection service to try to prevent exploiting alone thinking it will help at all is an idiot.

Most exploiters might not be very bright, but they're intelligent enough to not do the same thing over and over again.

If they join and they try to exploit with the explorer, their client will get crashed.

Then, what do you think they will do? They will come back, of course!

And then, what will they do? They won't be stupid enough to select the explorer again! They're not bots which were programmed to select the explorer over and over again, they're humans. They're going to use the other tools at their disposal in the studio to mess up your place.

Therefore, that script, if used alone, is completely useless and doesn't add much protection to your place.

Yes, most exploiters aren't very bright. But they're not complete idiots either.
Report Abuse
Legend26 is not online. Legend26
Joined: 08 Sep 2008
Total Posts: 10586
18 Jun 2012 12:22 AM
"And then, what will they do? They won't be stupid enough to select the explorer again!"

And then what? The current DLL injection doesn't load plugins and without the explorer, there's not much you can do. Stop thinking you know everything, Julien.
Report Abuse
SourceLeak is not online. SourceLeak
Joined: 10 Jun 2012
Total Posts: 841
18 Jun 2012 12:37 AM
@Stravant

Doesn't it bother you that JV4 has taken your Open Source Conquest game and made 30k visits from it? :O
Report Abuse
SCARFACIAL is not online. SCARFACIAL
Joined: 28 Jan 2010
Total Posts: 7970
18 Jun 2012 02:18 AM
"Hinging your security on a bug that's likely to be fixed next update is extremely stupid. Besides, it does NOT work online."

It works fine online. And since it's done exactly what it does right now, why would it suddenly get patched next update if it hasn't been since it was created?

Haters gonn' hate.
Report Abuse
popinman322 is not online. popinman322
Joined: 04 Mar 2009
Total Posts: 5184
18 Jun 2012 09:16 AM
"most exploiters aren't very bright"

... *stifles comment*
Report Abuse
jode6543 is not online. jode6543
Joined: 16 Jun 2009
Total Posts: 5363
18 Jun 2012 09:19 AM
@Popin Most ~= All

-Jode
Report Abuse
1waffle1 is not online. 1waffle1
Joined: 16 Oct 2007
Total Posts: 16381
18 Jun 2012 10:07 AM
What about Sorcus's settings().ChildAdded:connect(function(x) x:Destroy() end) ?
Report Abuse
stravant is not online. stravant
Forum Moderator
Joined: 22 Oct 2007
Total Posts: 2893
18 Jun 2012 10:28 AM
"Doesn't it bother you that JV4 has taken your Open Source Conquest game and made 30k visits from it? :O"

No, and even if it did, there's nothing wrong with him taking it since I made it open source. It's not like he claims that he made it.
Report Abuse
zxv12 is not online. zxv12
Joined: 18 Jul 2009
Total Posts: 286
18 Jun 2012 11:06 AM
Exploiters can just press Cntrl+S to save directly without selecting anything.

And they can use the command bar to delete or modify objects.

And settings() returns an unknown exception for me.

Is there ANY way to protect against exploiters just saving the place directly like cntrl+s?
Report Abuse
JulienDethurens is not online. JulienDethurens
Joined: 11 Jun 2009
Total Posts: 11046
18 Jun 2012 11:12 AM
"And then what? The current DLL injection doesn't load plugins and without the explorer, there's not much you can do. Stop thinking you know everything, Julien."

Without the explorer, there's not much you can do? LOL.

You can do anything you'd ever want to do with the execute script window. Same with the command bar. You can also insert stuff with the toolbox. You can do enough things to completely mess up the game.

They might not be able to do all the stuff they want to do if they don't know how to script, but they can certainly do enough to mess up your game.

"What about Sorcus's settings().ChildAdded:connect(function(x) x:Destroy() end) ?"

You can't use the settings function in a normal script, nor in a LocalScript.
Report Abuse
Legend26 is not online. Legend26
Joined: 08 Sep 2008
Total Posts: 10586
18 Jun 2012 01:04 PM
Except that with the current DLL injection, you can't use either of those. Execute script does nothing and you can't even open the command bar.
Report Abuse
trappingnoobs is not online. trappingnoobs
Joined: 05 Oct 2008
Total Posts: 19100
18 Jun 2012 03:26 PM
Hey Stravant/Hotthoth/Stravant this might be a bit to ask depending on how busy you are, but can you ask whoever chooses who to hire when you get job applicants.

I'm not actually planning on getting or applying for a job in Roblox, but I'm just interesting, if someone had no qualifications to speak of in programming, but a degree, perhaps to masters' level, in mathematics, would they consider them?

I'm not really considering programming as a job at the moment but it'd be nice to know if I'd still have that opportunity if I studied math at university rather than programming (Since it appeals to me much more as a subject)
Report Abuse
ColorfulBody is not online. ColorfulBody
Joined: 17 Jun 2012
Total Posts: 2353
18 Jun 2012 03:28 PM
"Except that with the current DLL injection, you can't use either of those. Execute script does nothing and you can't even open the command bar."

There are other exploits than that DLL injection exploit, you know...
Report Abuse
trappingnoobs is not online. trappingnoobs
Joined: 05 Oct 2008
Total Posts: 19100
18 Jun 2012 03:29 PM
"There are other exploits than that DLL injection exploit, you know..."

Yeah but their DLL injection thingy is like the pioneer of their pathetic attempts at being script kiddies
Report Abuse
SundownMKII is not online. SundownMKII
Joined: 26 Sep 2010
Total Posts: 12880
18 Jun 2012 05:00 PM
What nuisances.

I wonder what would happen if Roblox rebuilt their entire game from the ground up.

~>dat siggy<~
Report Abuse
Rachmaninov is not online. Rachmaninov
Joined: 27 Dec 2008
Total Posts: 33
18 Jun 2012 11:50 PM
One thing no one's mentioned to detect Explorer openers...
Window resizing.
Report Abuse
belial52 is not online. belial52
Joined: 10 Oct 2009
Total Posts: 8074
19 Jun 2012 02:16 AM
Just because I'm too lazy to read everything.

@Julien's post about them coming back, If you implement it correctly, just run a DP ban script right before you crash them, then have the dp ban crash them everytime they come back.
Report Abuse
Parameter is not online. Parameter
Joined: 28 Mar 2010
Total Posts: 245
19 Jun 2012 02:23 AM
Except when a user actually resizes their window for some odd reason.
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 2Go to page: [1], 2 Next
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image