I guess exploiting is back, 2 months after this announcement
SPOILER:
Exploiting has never been and will never be completely eradicated. The aim is to minimize cheating and exploiting to a level that has no major impact on users and creators. It was never a secret that certain methods of exploiting are still possible, a fact that NetflixCE, for example, takes advantage of. All this really does is push us further, and eventually, we will end up having to move to kernel-level protection.
Never imagine that simple ReadProcessMemory could be used.
NEVERMIND
__IMPORT_DESCRIPTOR_RobloxPlayerBeta dd rva off_145951276 ; Import Name Table
My man, CE uses exact same method, it doesnât attach a thing to Roblox, all it has is functions that could affect or interact with memory remotely with administrator permissions only.
Mr.Calculatedbug stated that theyâre already aware of similar exploits
nah bro you canât be telling me that
most CE exploits use name spoofing measures such as rune and netflixCE (i believe netflix does im not sure) to protect themselves from being detected (even though they most likely are sitting in a ban wave as we speak)
Probably noticed that jjsploit is still running, Unknown if they shutted everything down.
We are waiting for Electron to join the club.
Edit:
We would also wait for Fluster, but they are really slow
Byfron is cool and all but it seems to not like it when memory integrity is enabled. Not sure if thatâs something you can fix on your end.
Please try to avoid this if possible, itâd be for the best if detection was fully optimized and accounts are regularly nuked, invasive anticheats such as vanguard are a hard pass for me.
Icon detection:
Drivers:
Debugger:
Strings:
Metadata:
Company:
The VirtualFree() is on the way to clean up the memory block of .krampus.
In addition to callbacks to prevent dll injection, they use RobloxPlayerBeta.dll that has section called byfron, which has a table of names which RobloxPlayerBeta.dll imports them after to RobloxPlayerBeta.exe and then it happens if youâre launching a process with blacklisted name then Roblox wonât run, otherwise it will; however RobloxPlayerBeta.dll addresses arenât changing which means people can retrieve baseaddresses that start with 7FF and filter everything byte by byte destroying things by VirtualFree().
Unloading Robloxplayerbeta.dll will result in error because RobloxPlayerBeta.exe has entry point with it which without it cannot function properly until table with names is retrieved.
Exciting times ahead ladies and gentlemen! we can now see a slightly more entertaining battle then the last one!
What does kernel-level protection mean?
it means that exploits that require administrator permissions will be inaccessible to Roblox memory.
It means that the anti cheat will start every time you turn on your computer, the anti cheat will start before anything else, then It probably will run on the background until you open roblox, kernel anti cheats have more access than a usermode application since it isnât stuck in an environment.
This is basically like vanguard if I had to guess.
Not to mention itâd completely murder wine support. For the love of all things holy, do not make a kernel level anti cheat unless youâre literally at your wits end. Iâd prefer if accounts were flagged and regularly banned. Another idea I think would be pretty funny is purposely deprioritizing flagged accounts network wise so that they have less of an impact on games where cheating can mess things up.