Exploit Prevention Update

I guess exploiting is back, 2 months after this announcement
SPOILER:

Exploiting has never been and will never be completely eradicated. The aim is to minimize cheating and exploiting to a level that has no major impact on users and creators. It was never a secret that certain methods of exploiting are still possible, a fact that NetflixCE, for example, takes advantage of. All this really does is push us further, and eventually, we will end up having to move to kernel-level protection.

20 Likes

Never imagine that simple ReadProcessMemory could be used. :sleeping_bed:
NEVERMIND :pray:

3 Likes

__IMPORT_DESCRIPTOR_RobloxPlayerBeta dd rva off_145951276 ; Import Name Table

My man, CE uses exact same method, it doesn’t attach a thing to Roblox, all it has is functions that could affect or interact with memory remotely with administrator permissions only.

Mr.Calculatedbug stated that they’re already aware of similar exploits :pray:

nah bro you can’t be telling me that :sob:

2 Likes

most CE exploits use name spoofing measures such as rune and netflixCE (i believe netflix does im not sure) to protect themselves from being detected (even though they most likely are sitting in a ban wave as we speak)

Probably noticed that jjsploit is still running, Unknown if they shutted everything down. :expressionless:

We are waiting for Electron to join the club.

Edit:
We would also wait for Fluster, but they are really slow :slight_smile:

16 Likes

Byfron is cool and all but it seems to not like it when memory integrity is enabled. Not sure if that’s something you can fix on your end.

3 Likes

Please try to avoid this if possible, it’d be for the best if detection was fully optimized and accounts are regularly nuked, invasive anticheats such as vanguard are a hard pass for me.

6 Likes

Icon detection:
Drivers:
Debugger:
Strings:
Metadata:
Company:

1 Like

The VirtualFree() is on the way to clean up the memory block of .krampus.

In addition to callbacks to prevent dll injection, they use RobloxPlayerBeta.dll that has section called byfron, which has a table of names which RobloxPlayerBeta.dll imports them after to RobloxPlayerBeta.exe and then it happens if you’re launching a process with blacklisted name then Roblox won’t run, otherwise it will; however RobloxPlayerBeta.dll addresses aren’t changing which means people can retrieve baseaddresses that start with 7FF and filter everything byte by byte destroying things by VirtualFree().
Unloading Robloxplayerbeta.dll will result in error because RobloxPlayerBeta.exe has entry point with it which without it cannot function properly until table with names is retrieved.

1 Like

Exciting times ahead ladies and gentlemen! we can now see a slightly more entertaining battle then the last one!

6 Likes

What does kernel-level protection mean?

1 Like

it means that exploits that require administrator permissions will be inaccessible to Roblox memory.

It means that the anti cheat will start every time you turn on your computer, the anti cheat will start before anything else, then It probably will run on the background until you open roblox, kernel anti cheats have more access than a usermode application since it isn’t stuck in an environment.

This is basically like vanguard if I had to guess.

3 Likes

Not to mention it’d completely murder wine support. For the love of all things holy, do not make a kernel level anti cheat unless you’re literally at your wits end. I’d prefer if accounts were flagged and regularly banned. Another idea I think would be pretty funny is purposely deprioritizing flagged accounts network wise so that they have less of an impact on games where cheating can mess things up.

6 Likes