I got reports of people using weird animations in my game. Turns out, people are able to change the value of what /e wave does and change it to another animation on ROBLOX. This is especially harmful in my case because I’ve made some crazy animations and have them on my profile, which means they can be used in all of my places.
A great temporary fix would be to disable the /e commands until this can be changed!
I am curious if this involves changing the ids in the table in the script. It is a local script, so you can change the client memory.
A while back it was about changing where the animation is got from or something. I don’t know the details.
A while back it was about changing where the animation is got from or something. I don’t know the details.[/quote]
If I am correct, since it loads on the client, you can use fiddler to send back HTTP requests, so if you use Fiddler, and the client tries to get the animation, you can use fiddler to give the custom animation. I think this can also be used to get the client settings for studio offline.
You could use fiddler to send a different animation than what was requested pretty easily.
I believe this is the primary reason we can’t share animations.
Edit: ninja’d
I should’ve put this in the exploits category…oops
Is there any way to stop this? Animations need to be loaded before they can be played. So if the /e wave id is changed, doesn’t that mean that the /e wave command will load the animation, then play it? Suppose they were preloaded when the character spawns or something? Any ideas on a fix for this? Because it can probably be done to other animations as well.
It isn’t a bug, it’s a exploit.
Please post it here, not under bug.
http://developer.roblox.com/forum/exploit-report
Anyways changing the ID isn’t what they do anymore.
They have to inject a local script with a new table for the animation, and change how the animation is trigged.
Does everyone see the new animation or just the person who modifies it? Is the place using FilteringEnabled?
Everyone sees it. And the place is using Filtering, yes.