As8D
|
  |
| Joined: 24 Dec 2009 |
| Total Posts: 2907 |
|
|
| 13 Feb 2013 07:37 AM |
Hi there,
Since I find HttpGet & HttpPost interesting for ex. data-between places and such stuff (only in edit/solo/build mode though), I'll try see how I can use it.
What I'm planning to do, is to use it in a plugin that will help me and some friends (and you too if it's going to be good 8D Uh... nvm.)
> I cannot use the methods in the Command Bar, it seems. Do you know if it's going to work in plugins, or how to get it to work? http://wiki.roblox.com/index.php/HttpGet_(Method)
Ty, - As |
|
|
| Report Abuse |
|
|
dmjoe
|
  |
| Joined: 01 May 2009 |
| Total Posts: 2387 |
|
|
| 13 Feb 2013 07:50 AM |
I'm pretty sure you can't do it with plugins.
7 context is required, and I think plugins can access 4/5 context.
Unsure, though. |
|
|
| Report Abuse |
|
|
dmjoe
|
  |
| Joined: 01 May 2009 |
| Total Posts: 2387 |
|
|
| 13 Feb 2013 07:52 AM |
Wait.. that was redundant - pretty sure, but unsure. My apologies.
I don't think you can't do it with plugins.
7 context is required, and I think plugins can access 4/5 context.
Unsure, though. |
|
|
| Report Abuse |
|
|
As8D
|
  |
| Joined: 24 Dec 2009 |
| Total Posts: 2907 |
|
|
| 13 Feb 2013 07:53 AM |
| Osh, that information would be great to have on the wiki. Gotta go. |
|
|
| Report Abuse |
|
|
dmjoe
|
  |
| Joined: 01 May 2009 |
| Total Posts: 2387 |
|
|
| 13 Feb 2013 07:57 AM |
To test, you can create a plugin that runs this: printidentiy()
Then it will print the script context for what it is run by into the output...
If you have level 7 context, the result will be: Current identity is 7. |
|
|
| Report Abuse |
|
|
dmjoe
|
  |
| Joined: 01 May 2009 |
| Total Posts: 2387 |
|
|
| 13 Feb 2013 08:02 AM |
Actually... You can use script.Source (a Protected string) with Plugins...
"This is because ProtectedStrings are not recognized by Scripts or LocalScripts. You can only access them via the Command bar, CoreScripts, or Plugins." http://wiki.roblox.com/index.php/ProtectedString
And I think script.Source is level 7 context...
Still unsure, though. |
|
|
| Report Abuse |
|
|
As8D
|
  |
| Joined: 24 Dec 2009 |
| Total Posts: 2907 |
|
|
| 13 Feb 2013 08:20 AM |
Hm, of what I know of, it should only have about 2 or 3.
If it had level 7, then normal scripts would be able to use game:HttpGet(something) & game:HttpPost(something, something2)... Which... isn't the case.
Hm, I have a feeling that this level 7 is only available for Roblox programs? I guess this may not be the case, and still it could... hm. Confusing.
- As |
|
|
| Report Abuse |
|
|
dmjoe
|
  |
| Joined: 01 May 2009 |
| Total Posts: 2387 |
|
|
| 13 Feb 2013 09:13 AM |
Yeah, as far as I know, Level 7 is only available for locked roblox suff.
From what I know, there are a few ways to hack it... except I do not know any. |
|
|
| Report Abuse |
|
|
As8D
|
  |
| Joined: 24 Dec 2009 |
| Total Posts: 2907 |
|
|
| 13 Feb 2013 09:23 AM |
Awsh.
I could ask the player to "inject" it into RobloxStudioSomething.exe, yet I don't even know how to do such stuff myself. Also, it would be a very unstable solution, since the Roblox folder will self-update after some days (experience from trying to change the standard face to Epic Face and such... on... everybody with that face in a game. Ouch, I was about to die.)
Well, whatever, meanwhile I'll still try to make the plugin script, so if there's any way to do this, I won't need to wait and then begin make it.
- As |
|
|
| Report Abuse |
|
|
dmjoe
|
  |
| Joined: 01 May 2009 |
| Total Posts: 2387 |
|
|
| 13 Feb 2013 09:28 AM |
I know of a few different people - who will remain anonymous - who are capable of getting full studio with 7 context in-(any)game at the moment. How, I have no idea.
It' amazing you say that about the epic face, as I have done the exact same thing. I have also made many of the sounds more realistic, made the default mouse nicer, put an epic face on the moon, a few different things. I just keep them saved in another folder, so whenever roblox updates I re-mod it. |
|
|
| Report Abuse |
|
|
As8D
|
  |
| Joined: 24 Dec 2009 |
| Total Posts: 2907 |
|
|
| 13 Feb 2013 09:35 AM |
Hehe. After looking at them for a time, I began to miss the old standard face.
Hm, but yeah, from how the discussion here have plotted some stuff out, I could go put "printidentity()" in some of the .RBXM script to see if there's a difference. Yet, I don't like having the player to modify the script every 3rd say or something like that.
- As, capable of making a PHP file that changes a LUA file containing a table, which I'm proud of 8D |
|
|
| Report Abuse |
|
|
dmjoe
|
  |
| Joined: 01 May 2009 |
| Total Posts: 2387 |
|
| |
|
As8D
|
  |
| Joined: 24 Dec 2009 |
| Total Posts: 2907 |
|
|
| 13 Feb 2013 01:11 PM |
What a mess.
I could only find the Roblox-made plugins, and... normal plugins. Both have security level of 1 (LocalScript?)
http://wiki.roblox.com/index.php/Normal_Identities
Uh, I can imagine that CoreScripts (level 4) is unrestricted, then level 5, then level 1 and at the end level 2 (Level 3 must be gone)... otherwise, there's the unknown level 6 and 7 you're talking about.
- As |
|
|
| Report Abuse |
|
|
dmjoe
|
  |
| Joined: 01 May 2009 |
| Total Posts: 2387 |
|
|
| 13 Feb 2013 02:07 PM |
o.e
That's strange. I've accessed level 7 accidentally before :o |
|
|
| Report Abuse |
|
|
|
| 13 Feb 2013 02:50 PM |
Hi, maybe I can help.
For starts, HttpGet is locked for everything expect web-side scripts (www.roblox.com/game/join.ashx is ran directly from your client through an internet loadfile with level 6, and that is it), so no use trying to use it for anything. Even if it wasn't, it checks if the domain it is requesting to is *.roblox.com, so you wouldn't be able to save useful data.
Additionally, this is incorrect: "Uh, I can imagine that CoreScripts (level 4) is unrestricted, then level 5, then level 1 and at the end level 2 (Level 3 must be gone)... otherwise, there's the unknown level 6 and 7 you're talking about."
Level 2 is your everyday script. Level 4 is a trusted Roblox script (The Remote Monitor script, for instance, is level 4 and thus can access certain higher-level functions. RobloxLocking, Player Chatting/Reporting/Friend Requesting, and everything that CoreScripts use is under this domain) Level 1 is just the command bar, which from what I have seen was for all intensive purposes level 4. Level 5 is level 4 (possibly changed, I heard that Roblox is now revoking some stuff to plugins), plus the PluginManager and I think so I/O stuffs. Level 6 is only used for web scripts, since they can do nearly anything. Think create/rename players. Level 7 is not technically a 'level', since it isn't mapped to any security clearences. Since it is basically undefined, it has access to everything. Used pretty much only for exploits that want unlimited access.
Also, the levels don't go in any defined hierarchy, hence why level 1 is actually higher then level 2. Just named given to each context.
Now-a-days, it is pretty much impossible to exploit across contexts. You used to be able to steal the global enviornment through custom-build bytecode, and inject functions into even level 6, or use getfenv/setfenv to trick a script into running your custom function as a payload (Example:http://www.roblox.com/Forum/ShowPost.aspx?PostID=84293184). They fixed this so each context is now completely independent of eachother, expect for the obvious game super-object. |
|
|
| Report Abuse |
|
|
dmjoe
|
  |
| Joined: 01 May 2009 |
| Total Posts: 2387 |
|
| |
|
|
| 13 Feb 2013 03:19 PM |
Oh, forgot. I think StarterScripts also have level 5, but the only thing different between 5 and 4 is they can use ScriptContext:AddCoreScript (Spawn new level 4 scripts). So level 5 can spawn level 4, but not level 5. Level 4 can spawn level 2, but not level 4. |
|
|
| Report Abuse |
|
|
Legend26
|
  |
| Joined: 08 Sep 2008 |
| Total Posts: 10586 |
|
|
| 13 Feb 2013 03:44 PM |
| Of you could just link to http://wiki.roblox.com/index.php/Normal_Identities and tell him that HttpGet/Post are set to the RobloxSecurity type. |
|
|
| Report Abuse |
|
|
As8D
|
  |
| Joined: 24 Dec 2009 |
| Total Posts: 2907 |
|
|
| 13 Feb 2013 03:48 PM |
Hm... pretty interesting... and long... thread you've got. Even though it's fixed D:
What a shame then, no in-game forum plugin. Any ideas?
Humhumhum... Also, to go a bit away from the topic, then...
Wait, nvm. It was just Error Monitoring System that don't work with LocalScripts in server.rbxl > Start Player.
Well, ok. PM me if we can get further with this stuff :P hm... Could we save a place to a certain URL and sort stuff out, so only specific stuff releated to the plugin will remain? No, I don't think so.
- As, a blappering weirdo. |
|
|
| Report Abuse |
|
|
|
| 13 Feb 2013 04:32 PM |
"Level 4 is a trusted Roblox script (The Remote Monitor script, for instance, is level 4 and thus can access certain higher-level functions. RobloxLocking, Player Chatting/Reporting/Friend Requesting, and everything that CoreScripts use is under this domain)"
Also, if you change 1 character in a Level 4 ROBLOX trusted script (The Remote Monitor script) and the game scripts (I think(If you could get access)) will error the script.
` RIP Erik Cassel ` |
|
|
| Report Abuse |
|
|
As8D
|
  |
| Joined: 24 Dec 2009 |
| Total Posts: 2907 |
|
|
| 13 Feb 2013 05:00 PM |
To say it clear, I cannot see any differences from the Remote Monitoring Error System and a normal script.
Also, you above: Try watch this file you have on your computer >> C: / Program Files (x86) / Roblox / Versions / Version-weirdToken / content / fonts / character.rbxm
It's containing a player named erik.cassel If you try insert it into your game, you'll realize he has been in a lot of ads and have been spoken about wide and far. Maybe you've even played as him? Katapjow!
- As, the solution is just around the corner. But if there's lava and a fence? Aw. And nuclear bombs, monsters, kill-scripts and yellow-green-blue brick people, then I won't bother going the other way around. |
|
|
| Report Abuse |
|
|
|
| 13 Feb 2013 06:02 PM |
| Hey, how can I get to the image Files to change 'em around a bit? |
|
|
| Report Abuse |
|
|
As8D
|
  |
| Joined: 24 Dec 2009 |
| Total Posts: 2907 |
|
|
| 14 Feb 2013 04:45 AM |
Huh? You can access your local roblox content folder using rbxasset:// or whatever it was.. rbxasset might be a shortener of http://www.roblox.com/asset/?id though, so it's something different.
Yet, that folder is constantly updated, since it's a "child" of the temporary roblox folder, meaning that it'll auto-update.
- As, today we shall find a replacement for the current dynamic map system, by replacing a StringValue with something that can get several updates in an instant from different scripts. (Nothing to do with you, this thread... only cakes... I guess.) |
|
|
| Report Abuse |
|
|
As8D
|
  |
| Joined: 24 Dec 2009 |
| Total Posts: 2907 |
|
|
| 14 Feb 2013 04:51 AM |
Digging more in depth on RenderSettings' post. The file seems kewl. I wonder if there's a way we can... uh... make our computers believe that the file contain some other lua code? ... Impossible I guess D:
- As, gotta go. |
|
|
| Report Abuse |
|
|
As8D
|
  |
| Joined: 24 Dec 2009 |
| Total Posts: 2907 |
|
|
| 14 Feb 2013 06:01 AM |
Weird.
pcall(function() game:HttpGet("?IPFilter=Primary&SecondaryFilterName=UserId&SecondaryFilterValue=0&Type=" .. name, false) end)
<<< A line in the file RenderSettings posted. |
|
|
| Report Abuse |
|
|