[EXCLUSIVE] Easily detect SirHurt v4 on injection while supporting God in the process

rubitonlive · July 9, 2022, 1:53pm

[WORKING AS OF 2022-07-09]

Hello world!

The Canadian Intercollegiate Lumberjacking Association’s team presents to you today a fully-fledged, instant, on-injection detection for SirHurt v4. We’ve spent countless nights developing this amazing method and are proud to release it to the general public for use in games. This flaw has existed for multiple months in the exploit and has went unnoticed by the clueless developers. The owner is also notorious for grooming minors. SirHurt has no auto-inject and the message we detect gets outputted before you inject by the custom launcher (which is forced) - this means that there is no way to mitigate this detection from working.

How to secure your game:

Create a LocalScript inside ReplicatedFirst
Set its source to the following code:

-- credits to Federal#9999 for the method
while true do
    task.wait()
    for i,v in game:GetService("LogService"):GetLogHistory() do
        if v == nil or v.message == nil then continue end
        if v.message:find("validateBootstrapperVersion Error: HTTP 403") then
            -- change this
            while true do end
        end
    end
end

Save the game & enjoy!

We wish IcePools a successful career as a Walmart janitor!

Kostiskat · July 9, 2022, 2:08pm

Yet again, another wasted injection detector. This being a public resource, the developer(s) can instantly patch this and bypass the detect script.

Sonostor · July 9, 2022, 2:24pm

Cool detection but you may want to leave out what the owner may or may not be doing on his free time, I don’t believe that’s appropriate.

LordEmotionless · July 9, 2022, 3:41pm

and what to do? if everyone keep everything for them, nothing will get better anyways.
It’s better to share than keep it in my opinion

sv_du · July 9, 2022, 3:50pm

This can easily get patched by the Sirhurt devs by just not outputting anything, or changing that string

EtSapientisMagna · July 9, 2022, 4:16pm

Sirhurt isn’t outputting anything, the “custom launcher” the developers of it implemented unintentionally outputs the log because a core script couldn’t request “validateBootstrapperVersion”

https_KingPie · July 9, 2022, 4:30pm

This is a continuation of the ridiculously stingy exploit culture we currently have.

Client-sided anti-exploits are always going to be bypassable, require updates, and vice versa. What I’m saying is that there’s an expiration date on client-sided anti-exploits.

What makes this ‘not a waste’ is that it increases community knowledge on these methods. Think about how many developers didn’t know that you can check for exploits using LogService (maybe you did, but I didn’t). The reason for that (besides just the limits to what I know) is that there are very few threads about how to even begin detecting exploits on DevForum or anywhere else (yes, there are a few scattered in #help-and-feedback:scripting-support but none in #resources ).

If more people actually know how to even approach the concept of anti-exploit, that’s better for everyone (players and developers both). I’m not going to tangent the thread further, but for further clarification, the point is made pretty clearly here: https://devforum.roblox.com/t/our-anti-exploit-culture-needs-to-change/1845284 Happy to continue talking in DMs as well

OP thanks for sharing the knowledge and methods. Are you able to provide any details on how your team actually approached making this method (did you have some indication that this was an issue in the exploit, was it just trial and error, is this apart of a larger philosophical approach, etc.?)

rubitonlive · July 9, 2022, 4:40pm

This method was discovered by simply injecting SirHurt and checking the console output before and after. There’s plenty of other ways to detect this exploit but I decided to release the most simple one.

savio14562 · July 9, 2022, 4:43pm

Interesting method, how long do you think this will take to become patched? And if it does get patched, will you release some of the other ways to detect it?

Korabi20 · July 9, 2022, 4:46pm

You should have kept this to yourself, they will now most likely read your post and patch your detector

Foxxive · July 9, 2022, 5:16pm

what’s with all the exploit detection posts coming up lately? I think it’s already obvious enough that posting them will get them patched faster.

EtSapientisMagna · July 9, 2022, 5:18pm

Sirhurt is a bad exploit written by an incompetent developer so the chances of this getting patched are low

Foxxive · July 9, 2022, 5:19pm

i see, sorry, i don’t have much experience with Sirhurt, only some of the bigger exploits like Synapse and Sentinel. good to know

Kostiskat · July 9, 2022, 5:20pm

Keep it private, perhaps sell it to big companies, and/or obfuscate the code (probably not the best idea but it’s a price to pay for hiding the source)

d5_ax · July 9, 2022, 6:07pm

Mmmm this can easily be patched and PS the devs already know about this thread all they have to do is make it not print

Coolsbloxian · July 9, 2022, 6:10pm

Next time, can you make it so that people can message you for the script, because this can be patched

ProfessionalPlayer60 · July 9, 2022, 6:46pm

LogService? What’s that and how do you use it to detect exploits? Sounds useful.

mamolox123 · July 9, 2022, 7:53pm

thank god sirhurt is detected (again), but probably wont detect anyone because of the lack of users sirhurt has

foodman54 · July 10, 2022, 10:52am

You realize by posting things like this, it only helps the developers find errors they may not have found in the first place

xMaverickGunnerx · July 10, 2022, 1:54pm