Exploit Prevention Update

kornelek09 · November 22, 2023, 8:26pm

that was the only thing that brought to me attention when you were screensharing your screen (the exploit), “i dont exploit” lol…

zPersonaDeCorazon7u7 · November 23, 2023, 2:04pm

Also they are open source on github, the first one can be found by searching its name, there’s another one but pretty sure it uses the same method and can be found in reddit

danodanya12Beta21 · November 24, 2023, 2:34pm

I dont exploit tho, i stopped like almost a year, where have you seen me doing it.

nbur21 · November 25, 2023, 1:36am

this is the best post ive seen in a while

zPersonaDeCorazon7u7 · November 28, 2023, 11:00pm

I guess exploiting is back, 2 months after this announcement
SPOILER:

Bitdancer · November 28, 2023, 11:13pm

Exploiting has never been and will never be completely eradicated. The aim is to minimize cheating and exploiting to a level that has no major impact on users and creators. It was never a secret that certain methods of exploiting are still possible, a fact that NetflixCE, for example, takes advantage of. All this really does is push us further, and eventually, we will end up having to move to kernel-level protection.

Prea_sure · November 29, 2023, 2:57am

Never imagine that simple ReadProcessMemory could be used.
NEVERMIND

prostoRobot · November 29, 2023, 1:45pm

__IMPORT_DESCRIPTOR_RobloxPlayerBeta dd rva off_145951276 ; Import Name Table

prostoRobot · November 29, 2023, 1:49pm

My man, CE uses exact same method, it doesn’t attach a thing to Roblox, all it has is functions that could affect or interact with memory remotely with administrator permissions only.

prostoRobot · November 29, 2023, 3:15pm

Mr.Calculatedbug stated that they’re already aware of similar exploits

Santiiiago · November 29, 2023, 10:04pm

nah bro you can’t be telling me that

IBuildFunGames · November 29, 2023, 10:10pm

most CE exploits use name spoofing measures such as rune and netflixCE (i believe netflix does im not sure) to protect themselves from being detected (even though they most likely are sitting in a ban wave as we speak)

RetroForum · November 29, 2023, 10:46pm

Probably noticed that jjsploit is still running, Unknown if they shutted everything down.

Bitdancer · November 29, 2023, 10:57pm

We are waiting for Electron to join the club.

Edit:
We would also wait for Fluster, but they are really slow

deauthorize · November 29, 2023, 11:05pm

Byfron is cool and all but it seems to not like it when memory integrity is enabled. Not sure if that’s something you can fix on your end.

deauthorize · November 29, 2023, 11:08pm

Please try to avoid this if possible, it’d be for the best if detection was fully optimized and accounts are regularly nuked, invasive anticheats such as vanguard are a hard pass for me.

prostoRobot · November 29, 2023, 11:56pm

Icon detection:
Drivers:
Debugger:
Strings:
Metadata:
Company:

prostoRobot · November 30, 2023, 12:01am

The VirtualFree() is on the way to clean up the memory block of .krampus.

prostoRobot · November 30, 2023, 12:15am

In addition to callbacks to prevent dll injection, they use RobloxPlayerBeta.dll that has section called byfron, which has a table of names which RobloxPlayerBeta.dll imports them after to RobloxPlayerBeta.exe and then it happens if you’re launching a process with blacklisted name then Roblox won’t run, otherwise it will; however RobloxPlayerBeta.dll addresses aren’t changing which means people can retrieve baseaddresses that start with 7FF and filter everything byte by byte destroying things by VirtualFree().
Unloading Robloxplayerbeta.dll will result in error because RobloxPlayerBeta.exe has entry point with it which without it cannot function properly until table with names is retrieved.

7GrandDadPGN · November 30, 2023, 2:07am

Exciting times ahead ladies and gentlemen! we can now see a slightly more entertaining battle then the last one!