generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

[ Content Deleted ]

Previous Thread :: Next Thread 
NecroBumpist is not online. NecroBumpist
Joined: 12 Sep 2010
Total Posts: 4198
03 Aug 2012 12:48 AM
They rolled out the loadstring() update!

Trying valid bytecode returns a nil value instead of a function value.

WE CAN HAVE NO MORE NICE THINGS.
Report Abuse
TheMyrco is not online. TheMyrco
Joined: 13 Aug 2011
Total Posts: 15105
03 Aug 2012 12:50 AM
Inb4xLEGOx
Report Abuse
JulienDethurens is not online. JulienDethurens
Joined: 11 Jun 2009
Total Posts: 11046
03 Aug 2012 12:55 AM
Yep. We tested it, like, just now. We're probably the first to realize it, since bytecode was still working like 15 minutes ago.

loadstring will now refuse to load bytecode and give you nil instead, as if your function had a syntax error.

Every single place with obfuscated code is now officially broken.

The exploit will now not work either.
Report Abuse
Sorcus is not online. Sorcus
Forum Moderator
Joined: 29 Nov 2010
Total Posts: 3775
03 Aug 2012 12:56 AM
Perfect.

~Sorcus
Report Abuse
TinpotOps is not online. TinpotOps
Joined: 22 Jul 2012
Total Posts: 813
03 Aug 2012 12:58 AM
:( no more goody goody :(


~swagmuscles represent
Report Abuse
Sucors is not online. Sucors
Joined: 31 Jul 2012
Total Posts: 1
03 Aug 2012 12:58 AM
Sorcus, you really need to be herin a scripter. You should feel bad about this:
>if result == true then result = "true" else result = "false" end

BAD SORCUS, BAD

~Sucors
Report Abuse
Sorcus is not online. Sorcus
Forum Moderator
Joined: 29 Nov 2010
Total Posts: 3775
03 Aug 2012 12:59 AM
That looks fine to me.

~Sorcus
Report Abuse
TheMyrco is not online. TheMyrco
Joined: 13 Aug 2011
Total Posts: 15105
03 Aug 2012 12:59 AM
I said inb4xLEGOx, not inb4Sorcus >:o

But this update does fix the bytecode exploit as it cannot load anymore, but places will break :/
Report Abuse
JulienDethurens is not online. JulienDethurens
Joined: 11 Jun 2009
Total Posts: 11046
03 Aug 2012 01:00 AM
@Sorcus

I didn't know you could do this without rolling an update... well, I knew you could on the servers but not without a maintenance.

Anyway, good job. Although I did have fun with the exploit, I am much more happy as a scripter that it was patched than I am sad of not being able to play with it anymore.

The wiki is already being updated (by Legend26) and I've just notified the Scripting Helpers forum of it (some of them probably have obfuscated places).

Thank you for removing bytecode. We didn't need it, it was an unneeded load on the code and it also caused security flaws.
Report Abuse
Solotaire is not online. Solotaire
Joined: 30 Jul 2009
Total Posts: 30356
03 Aug 2012 01:00 AM
So close.
Report Abuse
Sorcus is not online. Sorcus
Forum Moderator
Joined: 29 Nov 2010
Total Posts: 3775
03 Aug 2012 01:01 AM
Very nice summary, Julien. Expect all security patches to go out in a matter of days. Block all skiddies and make ROBLOX, exploit plague, free again.

~Sorcus
Report Abuse
oxcool1 is not online. oxcool1
Joined: 05 Nov 2009
Total Posts: 15444
03 Aug 2012 01:02 AM
[ Content Deleted ]
Report Abuse
klkl is not online. klkl
Joined: 29 Aug 2007
Total Posts: 887
03 Aug 2012 01:02 AM
GGNoReRe

you win this time :(
Report Abuse
JulienDethurens is not online. JulienDethurens
Joined: 11 Jun 2009
Total Posts: 11046
03 Aug 2012 01:03 AM
@Sorcus

YAY!

How much days until it's all patched?

Also, the source of script has already stopped replicating, right?

If so, that means already 2 fixes are there. Bytecode loading + script source replication.

We just need that replication filter and client-studio separation and exploiting will become an unknown word on ROBLOX! :D
Report Abuse
NecroBumpist is not online. NecroBumpist
Joined: 12 Sep 2010
Total Posts: 4198
03 Aug 2012 01:04 AM
@Sorcus:
>Block all skiddies and make ROBLOX, exploit plague, free again.

>implying separating studio and optional replication fixes everything

nop nop
h4x0rs like popinman322 will find new and more exciting ways to inject dlls

I'm glad things turned out this way.
I look forward to thousands of people having to modify their code in some way because ROBLOX killed a standard Lua 5.1 feature :3
The very notion of this gives me a sick, twisted pleasure.
Report Abuse
JulienDethurens is not online. JulienDethurens
Joined: 11 Jun 2009
Total Posts: 11046
03 Aug 2012 01:04 AM
"But you still can load bytecode in client-side..."

They just need to roll an update and it'll be patched.

No problem there.
Report Abuse
3543 is not online. 3543
Joined: 03 Dec 2011
Total Posts: 121
03 Aug 2012 01:05 AM
The anti-exploit script messed up code stuffz:
    if result == true then result = "true" else result = "false" end

is the same as,

    result = tostring(result)


The loadstring/bytecode fix:

Thanks for fixing it before it got out to everyone (besides just us), Very very good.

And then soon there'll be the replication control with lua and the client and studio separation and most of the commonly used exploits will be fixed, along with all future ones.

You guys are doing a great job. Roblox seems to be getting better all the time now.
Report Abuse
oxcool1 is not online. oxcool1
Joined: 05 Nov 2009
Total Posts: 15444
03 Aug 2012 01:06 AM
[ Content Deleted ]
Report Abuse
coplox is not online. coplox
Joined: 07 Jun 2008
Total Posts: 3252
03 Aug 2012 01:06 AM
@Sorcus,
You said that the security patches will roll out in a matter of days.

Does that mean RobloxPlayer.exe and RobloxStudio.exe will be different now?

Well, as a wise man recently said; "YAY!"
Report Abuse
Legend26 is not online. Legend26
Joined: 08 Sep 2008
Total Posts: 10586
03 Aug 2012 01:07 AM
"Expect all security patches to go out in a matter of days. Block all skiddies and make ROBLOX, exploit plague, free again."

:D
When can we FINALLY use the security API? It's been 3 MONTHS! O_O

"I look forward to thousands of people having to modify their code in some way because ROBLOX killed a standard Lua 5.1 feature :3"

Yea, I have to fix the place we were just at (alt acc) as well as one of this account's places. Besides that though...nothing much.
Report Abuse
Sorcus is not online. Sorcus
Forum Moderator
Joined: 29 Nov 2010
Total Posts: 3775
03 Aug 2012 01:08 AM
Necro, I can't wait to see! These are but the first of few security patches to come. To be honest, Popin or Stravant are way more sophisticated than Expoop dudes. And loading bytecode was a useless feature. No reason to have it around. And your point of restricting client being valid, we are just going to leave it to teh Game Designer to do it for his own game. Makes perfect sense to me.

Client update will be soon.

~Sorcus
Report Abuse
JulienDethurens is not online. JulienDethurens
Joined: 11 Jun 2009
Total Posts: 11046
03 Aug 2012 01:10 AM
@Sorcus

Since you're at it, can you tell us about the other security changes we don't know about yet?

Or is there even any?

Even just these would make me extremely happy.
Report Abuse
oxcool1 is not online. oxcool1
Joined: 05 Nov 2009
Total Posts: 15444
03 Aug 2012 01:14 AM
[ Content Deleted ]
Report Abuse
Sorcus is not online. Sorcus
Forum Moderator
Joined: 29 Nov 2010
Total Posts: 3775
03 Aug 2012 01:14 AM
Can't reveal specifics at this moment. Need to make sure everything is bullet proof.

~Sorcus
Report Abuse
3543 is not online. 3543
Joined: 03 Dec 2011
Total Posts: 121
03 Aug 2012 01:16 AM
That means more security updates soon/later? YES!
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image