It also requires you to use windows 10 roblox, lol. and even though it is old school, its still used. there was a video about the spoofing method made by sirmeme which is why its popular
Not true, aside from that, you can still prevent this as a developer until roblox pushes an official patch.
Exploit was reported more than a year ago.
Read more on the engine bug here.
1 Like
Not true, aside from that, you can still prevent this as a developer until roblox pushes an official patch.
Do you mean the fiddler part isnāt true? because i donāt think they use synapse to spoof. i looked and i couldnāt find anything that uses synapse, and theyād have to use it in autoexecution. however, there was a video on how to use it with fiddler
I only know of one exploit software that released a built-in spoofer which no longer works, fiddler will still work because thatās manipulating the network packet manually before joining.
Any exploit directly using a built-in spoofer method is patched, the only remaining way is using a packet sniffer.
I am quite obviously not going to go into detail to prevent people from abusing this, Roblox should come out with an official patch soon.
Yeah I know all other methods were patched.
Also a few questions, how come you can only spoof your display name + account age, and not your userid or username/anything else?
Can you also explain the packet sniffing method to me AFTER its patched, as I am curious on how it works?
Well it can kinda be explained like this:
User presses "PLAY" on a Roblox Game.
|
\/
User starts sending neccessary network packets required to join the server
and load player details.
|
\/
During this time, you start capturing and recording packets, it is then possible
to EDIT the content of each packet, so the packet we edit contains this JSON
parsed data:
This is not my image, I got this from someone who told me about it.
|
\/
We can now edit that field and resend the packet if the sniffer has such a feature.
|
\/
The original packet has now been edited and the Server will use this altered info
instead.
Iād rather not answer the first question.
I hope this provides some basic insight to how it actually works.
Explanation for educational purposes only.
Thatās a good looking script my friend!
I believe the engineers have pushed out a rapid patch and it will most likely be fixed platform wide soon! 
It doesnt work anymore, its patched
1 Like
Great to hear that itās patched! Iāve been seeing this too often, itās pretty deadly, but now itās harmless 
Decent script this sure be useful for my game but it definitely wonāt kick random people who just trys and joins the game?
Just in case, im gonna use it 
This should be patched now.
In the future, DisplayName will often not be the same as UserName. So I wouldnāt keep the script around long-term. For the weekend and possible a bit longer, DisplayName and UserName will be the same ā even if the user has a different DisplayName. (I think it is mostly test accounts that have different DisplayName.)
You canāt spoof userid because part of this data is a digital signature of select fields. when the server reconstructs the signed message from these fields, it will not be able to verify that the signature is correct. More fields have been added to this.
10 Likes
Thatās nice to hear! Iāve seen multiple exploiters do things like this though I donāt know if itās name spoofing because they had a username longer that 20 digits.
Talking about exploiters do you guys have plans to stop them completely?
Thereās no way to completely stop exploiting.
5 Likes