Exploit Prevention Update


(Not my image)

1 Like

could jus be fake bro and thast not an executor

Source code is available on github, how can it be fake?

thanks now gonna use cheat engine instead of synapse x to hack in roblos legos :+1:

3 Likes

It isn’t bypassable my guy, CE requires you to edit driver, debugger, components inside aswell, as byfron is usermode anti-cheat which doesn’t make it a beast compared to EAC or VAC or VG anti-cheats whose are Kernel ACs, atp byfron detects icon, name, driver, company name, metadata and some of components that was logged and included to detection incase cheat gets modified alot to prevent detections which usually happens since making your handmade exploits is hard, as revealed on specific “forum for exploiters” Synapse Softworks LLC in their period of exploiting - had used opensourced api, as you know (or not) their oldest cheat was called “Raindrop” which released on 2018 that contained most common exploit api that was made on C# with elements of C++ dll components, and ever since their API wasn’t changed in any way, only custom functions we’re added and no security at all like SW had.

Most of exploit developers are not “reverse engineers” as they think they are, as most of things that could’ve been discovered via ACTUAL reverse engineering would’ve been already used to make the exploit more powerful, especially in period of 2021-2022 when my friends we’re finding crashers everyday that didn’t required any DDOS tools.

At this point every exploit and software now and before is getting tracked by Roblox Telemetry System which is basically spyware that detects your SessionId parameter values which contains your - Unify, SnapshotEnabled2, PlaceId, Platform, AppVersion, OS, Location, Device, ReportIntervalMs, SnapshotNumber, ThrottleHandlethsPrecent, LayeredClothing (to prevent crashers that use layered clothing loopholes), ClientQos, Teleport2 (log of your teleports to places).

Even tho it is still unsafe to exploit or test any handmade exploits with risk of crashing since crashing does nothing good aswell, since Roblox client has ability to being dumped in specific memory region where change or action was applied to, and after sent to logs of Software Engineers that work with byfron.

Although most of larpers that call themselves “reverse engineers” think that RobloxPlayerBeta.dll contains byfron strings as in PE tools it literally shows entry called “byfron1” and “byfron” which is being fake, and any attempts of modifying it will completely stop RobloxPlayerBeta.exe from running since those entries contain main entrypoint for RobloxPlayerBeta.exe that cannot run without entrypoint in RobloxPlayerBeta.dll.

WebView is basically a thing designed also for Engineers that create exploits, and WebView is a thing that installs itself into Visual Studio in IDE folder. What does that mean? It does mean that it records every action and launches upon launch or test of your project in visual studio. I have discovered it by myself after launching my project in Visual Studio and noticing it taking more memory than needed, so i decided to look in children of parent directory of VS in task manager and saw WebViewHost.exe and webviews themselves.

Injecting DLLS is not a possible thing now even if you have your own handmade injector, as Byfron devs implemeneted callbacks and memcheck to unload any dlls that doesn’t apply to whitelisted DLLS for RobloxPlayerBeta.exe.

Even recently may or not you know exploiter called “Citizen” that has his youtube channel where he records his footages of him exploiting in different places. Basically ever since he used exploit that Harkinian gave him, and Harkinian is being one of the leaders of the “Team Fat” that created infamous RC7 exploit which supposed to bypass byfron, but unfortunately after the showcase, Harkinian got c&d message from Roblox to his irl Mailbox which contained some of information regarding his actions and polite ask to stop this and to not play Roblox anymore. Exploit that Citizen used, was called Project Stigma Ultimate (or Project Ligma, you may call it like that), which was a CE made exploit that quite frequently bypassed FE, and kept its tradition of bypassing it straight for 5 years as the method was being kept private between Harkinian and Unverified and never disclosed to anyone else. But as it revealed, on February of 2022, the Project Stigma no longer works, and being fully patched along with method of FE bypass.

4 Likes

Currently and the only method that is available, is the one that CE uses to scan and edit the memory using C++ Windows.h library. As Byfron is only focused on detecting specified programs in its range of detection, it cannot suspect actions going straight to memory of process of RobloxPlayerBeta.exe.
Which means we can use ReadProcessMemory to read readable memory pages of RobloxPlayerBeta.exe and retrieve a value from an addresses inside memory page, and use VirtualQueryEx to not accidentally scan protected pages of dlls like ntdll.dll and other dlls that are imported into RobloxPlayerBeta.exe. After which the values that we get from memory pages, we can change using WriteProcessMemory which will change the value with chance of you not being crashed (since there’s some thing in Roblox and fake values that being changed time by time and it kinda looks like WannaCry virus LOL, and basically if you try to apply any actions to it, you’re being crashed).

And also there’s a possibility to allocate memory and write your bytes and data to it and after move it to actual memory of RobloxPlayerBeta.exe, aswell as using VirtualFree to free some memory pages (this could cause client to crash but if very fortunate, there’s a chance that you can do it like providing :Delete() to instances and even services in your client)

2 Likes

Recently there’s also been ongoing loophole with NetworkServer, which let you basically disconnect from NetworkClient if you call :GetService on NetworkServer, which made you crash basically since it literally disconnects you from LocalPlayer and tries to apply you to Server (this also means that every LocalScript applied to you, couldn’t be rendered since you’re disconnected from LocalPlayer (this also prints out in console that specific script cannot be applied to you because you’re on Server)), it got patched aswell, but there’s still possibility to do it via stealing offset of :Disconnect in NetworkClient and calling it which will cause you to disconnect from LocalPlayer.

2 Likes

Ain’t reading all of that, but It did get bypassed with Rune Cheat Engine, all It needed was the game id using a custom teleporter, and then a tool on the game, so It is bypassable.

1 Like

image

3 Likes

Bro just told the epic real byfron bypass 2023 to all the skids browsing this post

1 Like

Didn’t it get patched, like It doesn’t work at all anymore :person_shrugging:

1 Like

https://devforum.roblox.com/t/byfron-has-been-bypassed-and-it-only-takes-a-few-clicks/2650967/48

5 Likes

Idc, since 3 byfron devs including software engineers of Roblox is literally watching every exploit log that is suspecious, I’ve already been crashed using ReadProcessMemory and WriteProcessMemory along with VirtualFree & VirtualAllocEx without moving RobloxPlayerBeta.dll out of my Roblox folder to prevent crash logs from executing, since after you crash if you don’t have RobloxPlayerBeta.dll in your Roblox folder, you can somehow bypass the crash dump since code execution cannot be continued as dll is missing. But yea, skids are already acknowledged about the method along with other methods like SetWindowsHookEx injection which Roblox did semi-patched but stills there’s a working concept of it.
And i know bitdancer is reading everything and i believe him and his colleagues gonna deal with all of this.

4 Likes

Including it, its still pretty hard to actually read 4 bytes or strings in memory, since basically all you can do is filter everything byte by byte, so like i++. Ikr that it still does its work and can actually scan for addresses to edit them in future but it will basically be harmless because all you can do is scan for values including their addresses and then change it, you cannot filter them like by “Changed value” etc. like CE does, which makes it more complicated. But i had experimented and have made my own results (method wouldn’t be alive even when skids would forget about it, since there’ll be people who would start digging more deep finding anything as it usually happens).

2 Likes

Hopefully they are able to patch the bypassed cheat engines Ig.

1 Like

Alot of checks can be applied to CE along with detecting components inside its memory, since byfron is literally usermode, it still has access to use Windows.h library which means it could become more powerful if they use ReadProcessMemory and scan memory of process to detect specific strings you need, which would break tons of exploits just by detections of specified words like “Cheat Engine”, “Haxx” etc. inside the process.

1 Like

that was the only thing that brought to me attention when you were screensharing your screen (the exploit), “i dont exploit” lol…

2 Likes

Also they are open source on github, the first one can be found by searching its name, there’s another one but pretty sure it uses the same method and can be found in reddit

2 Likes

I dont exploit tho, i stopped like almost a year, where have you seen me doing it.

2 Likes

this is the best post ive seen in a while

1 Like