generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: Re:

Previous Thread :: Next Thread 
xSIXx is not online. xSIXx
Joined: 06 Aug 2010
Total Posts: 9202
09 Jul 2012 12:38 PM
ok, so there is the skiddy dll injection exploit.

we all found a fix for that, .SelectionChanged.

but now there is a rampant exploit that can bypass that.

anyone have any details on this? since roblox is going to take forever to patch it we might as well find a fix for it in our games.
Report Abuse
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
09 Jul 2012 12:39 PM
The same .DLL exploit has other ways of inserting Models / Scripts / LocalScripts without using the Explorer.
Report Abuse
lombardo2 is not online. lombardo2
Joined: 30 Nov 2008
Total Posts: 1604
09 Jul 2012 01:01 PM
^Nope!

How does the selectionchanged works? well its simple, its a localscripts that waits until the selection changed and then destroys localplayer, but we all know that a player is needed with for a localscript to execute, so while the player is not loaded we can change the selection with no problems, so exploiters just disable the antiexploit while the game is loading...
Report Abuse
HotThoth is not online. HotThoth
Forum Moderator
Joined: 24 Aug 2010
Total Posts: 1176
09 Jul 2012 01:05 PM
If the antiexploit is run from local memory, how exactly can they do that? I would guess that would make it so only the exploiters who actually know what they're doing could stop the antiexploit, right?

- HotThoth
Report Abuse
Quenty is not online. Quenty
Joined: 03 Sep 2009
Total Posts: 9316
09 Jul 2012 01:09 PM
Apparently, the problem lies in the fact the exploiters can disable script context or something. Anyway, they screw with ALL the scripts that are running on their client. This results in there being no anti-exploit script to be run.

I guess that means the best way to protect your game is to make sure the anti-exploit script is always running.

Basically, you need a value that is on the server the anti-exploit script changes after the server changes it, if it doesn't get changed, the anti-exploit has been disabled, and you lag out their client or crash it through the server (Because local scripts won't run)

Report Abuse
lombardo2 is not online. lombardo2
Joined: 30 Nov 2008
Total Posts: 1604
09 Jul 2012 01:29 PM
Its pretty simple, the script doesn't have anything to destroy, the player has not loaded, so while the game is loading, you know bricks and connectors, you can quickly inject the dll and disable the script. Quenty is right you can create a script that changes the Enabled propriety back to true but the problem is that you can select multiple objects at once so the exploiter selects the enabled and the antiexploit and the disable them at the same time. That's the only method I have discovered to bypass anti-exploits, maybe there are some other methods or even new undiscovered exploits
Report Abuse
TheMyrco is not online. TheMyrco
Joined: 13 Aug 2011
Total Posts: 15105
09 Jul 2012 01:43 PM
HotToth, please tell me/us that the admins are working on fixing those exploits.
Report Abuse
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
09 Jul 2012 01:47 PM
I talked to the new dev and he said that fixing .DLL exploits is extremely difficult.
Report Abuse
TheMyrco is not online. TheMyrco
Joined: 13 Aug 2011
Total Posts: 15105
09 Jul 2012 01:51 PM
I'm glad to hear that they're atleast on the case.
Report Abuse
screwful is not online. screwful
Joined: 30 Aug 2011
Total Posts: 126
09 Jul 2012 02:28 PM
Same.

Its like that roblox is the only game that is vulnerable to stuff like this.

Other games rarely have exploits and there patched fast.




Screwful has low post count but makes the most out of it
Report Abuse
TheMyrco is not online. TheMyrco
Joined: 13 Aug 2011
Total Posts: 15105
09 Jul 2012 02:50 PM
Indeed.
Report Abuse
outofspace is not online. outofspace
Joined: 30 Sep 2007
Total Posts: 1758
09 Jul 2012 02:51 PM
I swear, the "History of Roblox Exploits" must be longer than War and Peace.
Report Abuse
lombardo2 is not online. lombardo2
Joined: 30 Nov 2008
Total Posts: 1604
09 Jul 2012 03:05 PM
That's because mmorpg have "Game Guards" a program that checks if a program is executed and then it closes the game. Roblox shut down when you clicked "View memory" on CE, don't know why it doesn't happen anymore
Report Abuse
Candymaniac is not online. Candymaniac
Joined: 08 Oct 2009
Total Posts: 8985
09 Jul 2012 03:47 PM
Just hide or merge the anti exploit with other scripts.
Report Abuse
kert109 is not online. kert109
Joined: 31 Dec 2009
Total Posts: 681
09 Jul 2012 06:02 PM
ROBLOX is vulnerable 'cause we ROBLOXian scripters/programmers started here. We learned here and all of that. But there was also an evil monster among us that learned our secrets. He then learned c++ and all that epic languages and haxed roblox to get revenge for no reason, thus making a group and giving then all the exploit stuff. -- xD

Also another reason is that everything is visible to everyone that look in roblox wiki. Example: crash__()
This is what makes it so easy to hack roblox. :C
Report Abuse
xSIXx is not online. xSIXx
Joined: 06 Aug 2010
Total Posts: 9202
09 Jul 2012 06:06 PM
@kert

...

what?
Report Abuse
SCARFACIAL is not online. SCARFACIAL
Joined: 28 Jan 2010
Total Posts: 7970
09 Jul 2012 06:47 PM
@screwful: Roblox is far from the only game which has exploits. There are entire communities based around the goal of producing hacks end finding exploits for games.

Haters gonn' hate.
Report Abuse
oxcool1 is not online. oxcool1
Joined: 05 Nov 2009
Total Posts: 15444
09 Jul 2012 08:37 PM
[ Content Deleted ]
Report Abuse
popinman322 is not online. popinman322
Joined: 04 Mar 2009
Total Posts: 5184
09 Jul 2012 08:53 PM
There's a simple fix to the anti-exploit being blocked.


Make a script loader and enforce its usage, if it stops working on a specific client, then kill that client.

The scripts sent to the loader will be encoded, and the loader itself will be obfuscated(look at item 84044662). The script sending the scripts cannot be seen from the client, and so it doesn't require obfuscation...

Then you just have to lace innocent code with hostile code and pack it all into one encoded blob. Then the exploiter will be hard-pressed to remove the exact anti-exploit code. :D
Report Abuse
stravant is not online. stravant
Forum Moderator
Joined: 22 Oct 2007
Total Posts: 2893
09 Jul 2012 09:42 PM
"Make a script loader and enforce its usage, if it stops working on a specific client, then kill that client."

To be exact, implement a keep-alive ping:

Server:
for each player:
while wait(30) do
local ping = Instance.new("IntValue", Player.PingBin)
wait(5)
if not ping:FindFirstChild('Response') then
ccrashdisconnect(Player)
else
ping:Destroy()
end
end

Client:
Player.PingBin.ChildAdded:connect(function(ch)
Instance.new('IntValue', ch).Name = 'Response'
end)
Report Abuse
NinjaShadow1 is not online. NinjaShadow1
Joined: 03 Mar 2009
Total Posts: 2689
10 Jul 2012 12:53 AM
@stravant

And that would work? What if they just hit a lag spike?
Report Abuse
Prehistoricman is not online. Prehistoricman
Joined: 20 Sep 2008
Total Posts: 12490
10 Jul 2012 01:59 AM
Roblox should have a service run as administrator that will detect if CE is running. If it is, shut it down. Crude, but effective. Still, they could install Roblox, copy the DLLs, uninstall, CE the DLLs, install roblox, replace the DLLs.

I was thinking this:
Run a checksum on the DLLs to see if they are authentic.

Would that work? It doesn't sound as extremely complex as Roblox says. Any DLL editing would be detected by Roblox then.
Report Abuse
stravant is not online. stravant
Forum Moderator
Joined: 22 Oct 2007
Total Posts: 2893
10 Jul 2012 03:12 AM
"And that would work? What if they just hit a lag spike?"

You can refine it to give it some time. At least on my connection a 5 second lag spike is not a thing.
Report Abuse
popinman322 is not online. popinman322
Joined: 04 Mar 2009
Total Posts: 5184
10 Jul 2012 07:42 AM
"What if they just hit a lag spike?"

If they've been unresponsive for five seconds, chances are they're close to d/cing anyway.
Report Abuse
popinman322 is not online. popinman322
Joined: 04 Mar 2009
Total Posts: 5184
10 Jul 2012 07:44 AM
@Pre

The actual injection occurs in-memory, and someone could just make a simple daemon program(like I have) to handle the exploiting on the fly. ROBLOX wouldn't have the ability to detect it with a program name because it'd be completely custom.
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image