No. Not under the new ToS, and not under the old one either.
7 Likes
IIRC, that plugin actually runs off of a different (better) minifier than Stravant/LuaMinify on Github, which I never got around to uploading.
Ah, nice to know 
Not exactly.
What is uploaded on the website we still have the rights to. Its setup so that you have the ability to use your content outside of ROBLOX but you still give ROBLOX the rights to use whats uploaded in any way they please as well as the ability to sub license and things of that nature.
This solves the big fear people had of ROBLOX denying people of using their work outside of the platform. ROBLOX can’t say you can’t use it, but we give them full rights to use it.
1 Like
Thanks, didnt quite work though. Plugin errored ‘not enough memory’ then roblox crashed after I tried opening the script.
I have some history with people who frequently learn how to use exploits, i’ll jot down everything I know here.
Firstly, alot of these exploits are distributed through purchase and authentication, users will spend dozens of dollars for different levels of exploits that go from giving you walkspeed to accessing workspace. Exploits that steal places are often refered to as “Level 7 or higher”.
a lot of these exploits are distributed on Vermillion, a closed forum well known for targetting ROBLOX with exploits, hacks, tricks and otherwise unruly money-for-content exchanges.
The people who develop these exploits usually don’t include them in their client application, most of the base code is handled by the creators server/website, which runs the programs, injections or whatever so that the users won’t be able to know what it is, this is an attempt to keep roblox from learning how it works.
The user will be given a series of lua scripts that will call upon other scripts and functions on the creators server, and apply it to the roblox client, and give whatever outcome to the user.
All the users who have these exploits are often whitelisted via their username/userid, so that you can’t give other people the exploit tools without them paying, the whitelist is handled by the owner, this also prevents many exploiters from using alts, unless they pay again or request it be transfered to another account.
From what i’ve been able to gather, places are often stolen by transfering ALL objects in workspace through an API (maybe trello?) which gets all of parts property information, and then duplicated the information to the exploit creators server, which information can be used to re-compile the place exactly the same as the other. This does copy scripts aswell (however it’s just copying the scripts name, there’s nothing in the code since it’s a property copy.).
The content is then sent as a roblox model file (rbxm??) to the user via some means i don’t know about.
User inserts the file into Lighting to prevent crashing the client from loading all that content visibly instantly, then you just move it to workspace after, and they pretty much have the entire built place.
I have some other information as well if anyone is interested about other destructive uses of these exploits, if anyone is interested.
3 Likes
PLEASE IMPLEMENT THIS
I need it.
1 Like
Wow, would you mind PMing me what it crashed on?
done
function a()
error("DEM ERROR",2)
end
local function b()
a() -- 'a' is a global here
end
local function c()
b() -- 'b' is an upvalue here
end c() -- 'c' is a local here
With debug info:
15:27:23.332 - TestCode:5: Error
15:27:23.332 - Script 'TestCode', Line 2 - global a
15:27:23.332 - Script 'TestCode', Line 5 - upvalue b
15:27:23.333 - Script 'TestCode', Line 8 - local c
15:27:23.333 - Script 'TestCode', Line 9
15:27:23.333 - Script 'some code in commandline', Line 10
15:27:23.334 - Stack End
Without (based on removing any information the debug information keeps):
15:27:23.332 - Error -- read footnote 1
15:27:23.332 - Script '?' - global a -- read footnote 2
15:27:23.332 - Script '?' - upvalue ?
15:27:23.333 - Script '?' - local ?
15:27:23.333 - Script '?' -- read footnote 3
15:27:23.333 - Script 'some code in commandline', Line 10
15:27:23.334 - Stack End
Ths is all assuming there’ll even be a stacktrace, as there isn’t much left.
Footnote 1: Going from “TestCode:5: Error” to “TestCode: Error” makes sense.
I tested it with ‘lua’ and ‘luac’ on windows though, see end of this post.
Footnote 2: Accessing a global will always be traceable.
When doing print(a) you’re basicly doing print(getfenv()["a"]) internally.
Lua needs to know what key to use.
(could minify it, but if you setfenv with __index… it would be a pain)
(also can’t minify globals, and user variables should be locals anyway)
Footnote 3: The chunkname becomes ? when using luac s because they can.
In ROBLOX it could just stay the scriptname, nothing wrong with keeping that info.
(Definitly useful to know which script errored, but without all the other data… eh)
As done on windows:
(Compile with -s to strip debug info, then run that compiled, then run original with debug info)
C:\Folder>luac -s error.lua
C:\Folder>lua luac.out
lua: Error
stack traceback:
[C]: in function 'error'
?: in function 'a'
?: in function '?'
?: in function <?:8>
?: in main chunk
[C]: ?
C:\Folder>lua error.lua
lua: error.lua:6: Error
stack traceback:
[C]: in function 'error'
error.lua:3: in function 'a'
error.lua:6: in function 'b'
error.lua:9: in function 'c'
error.lua:10: in main chunk
[C]: ?
The ?: in function <?:8> is because each function has a startline and endline.
Those are stored at the beginning of the function, not part of the debug info:
http://luaforge.net/docman/83/98/ANoFrillsIntroToLua51VMInstructions.pdf
(The location of those lines and the debug data: Chapter 4, the thingy on page 8)
Of course, in ROBLOX it might look completely different.
I just wrote that I expect it to more or less print.
(I mean: strip the names of locals, upvalues and the line number of instructions… not much left)
Oh, as a sidenote: Maybe only send the debug info to people who can edit the place?
At least, when I want to debug a game online, I would want to get the proper stacktrace stuff.
1 Like
In addition to the bit from Nexusmods I posted, DMCA requests are only effective against legitimate establishments. Someone on ROBLOX just has to spend seconds creating a new alternate account. DMCA requests are not effective on ROBLOX. The only way stolen content could be effectively taken down was if Report Abuse allowed moderators to swiftly follow up on stolen content – not a slow and totally-not-kid-friendly DMCA filing process.
You could say what’s the difference between waiting a couple hours and a couple days/weeks (or forever if DMCA filing is too intimidating) for something to get taken down, but that would go to show your priorities, that stopping content theft isn’t important and that users should sort it out on their own.
4 Likes
Literally doesn’t change anything like that.
The (values of the) variables will still be in memory as usual.
Debug information is only used when a stacktrace is generated.
(either by debug.traceback() or an error)
(seems like AbstractAlex also clarrified this a few posts later)
@stravant Your parser (which is awesome, btw) has a bug with locals.
Luckily, for the purpose of minifying, the bug doesn’t affect anything.
(Locals with the same name (in lower scopes? I forgot) tend to… bug…)
(iirc, they count as the same variable, which doesn’t matter for minifying)
(And I just saw there’s a PR to fix it on the github page)
Is it the same parser? (I’m mostly interested in the parser, idc about the minifying part really)
Yeah, it’s a real business since some time, where there are memberships of exploits.
It would be nice if the Report Abuse also had an option “Copyright Infrigment” (or something similar).
Along with that, while verifying decals, they could write a program that quickly searches for a (similar) duplicate.
If 95% of the pixels are the same, display the image, moderator can quickly see if it’s stolen.
Do I even have to start with all the popular and copyrighted songs that moderators don’t reject?
Of course, having those songs is very nice for Discos and stuff, but technically illegal.
3 Likes
Huge flaws with systems like this. Regarding images, you don’t know if it’s stolen or used with permission. It’s a “he said - she said” situation. Just because two images exist doesn’t mean there is any infringement.
Regarding popular audio, a moderator has no idea whether or not the user uploading this has a license to use it or not. If the owner of the copyright (or somebody with the power to act for the holder) wants it taken down, they can file a request to do so.
I do agree that there is an issue with sounds and if a sound is not marked as free, it should not be able to be loaded in another place.
1 Like
No, it’s not the same parser. It’s actually a significantly better one, which supports modifying the AST while preserving stuff like comments a lot better. Here’s a copy of the internal module extracted from the plugin:
The minification / beautification is just a small set of functions at the end, most of the code is the lexer / parser / AST generation. The style used is that each token includes all the leading whitespace (including comments) as an additional piece of data (as opposed to having comment tokens)
3 Likes
I’ve verrrrrrrryyyy slightly modified the parser, as in, the only thing I remember is that local variable bug.
(but I’m 100% sure I changed more, oh well)
I use your parser to compile the code into AST and “run” the AST using some sort of VM I wrote.
It’s actually surprisingly easy, since the AST already has everything nicely grouped and ordered.
I’ll definitly check that new module out when I have time.
The one bug I remember is that I had the scope on “until” statement locals wrong, because it turns out Lua actually scopes those differently than C/C++/Java do. (In Lua can use a local defined inside of a repeat-until in that loop’s until condition, but can’t in C/C++). It’s a pretty nice feature, and after finding out about it thanks to that bug I use that pattern quite a bit in my code now.
Yeah, once you’ve read and understood / written one parser, it’s actually pretty easy to modify / make your own from there, at least for simple Recursive Descent parsing, but if you don’t need super high speed that’s all you’ll need.
I’ve been calling myself a Lua pro for at least two years, after using Lua for… 5 years now?
It’s only been less than a year ago I found that that repeat local a=true until a doesn’t infinite loop.
The only parser I wrote that did anything with Lua code, was something along the lines of:
“Divide code in Strings, Comments and actual Code”
(That way I could sandbox strings by wrapping quotes)
(I forgot about tab.key firing __index with a real string, though)
(well, and tab[sandboxed"a"] ~= tab.a so eh, problem)
Even though I now know it’s bugged, it was still fun to write, so eh.
I’ve written several parsers now, but nothing to completely parse Lua.
(I tried a bit, but not very hard, as writing such a parser is annoying)
Eh I might rewrite yours so it’s my style and a bit better (in theory).
After that, I could rewrite it again to use a lot of loops instead of recursive calls.
That might make it a lot faster, although your parser is currently fast already.
(and doesn’t easily run out of memory, which some Lua2Bytecode easily do)
If you’re going to re-write it using loops you might as well look up LL(1) parsing and try to make it a zero-backtracking parser. Lua is a context-free language (How a given sequence of tokens parses is always the same regardless of what the surrounding enclosing context is), so you should be able to.
Heh, I’ve actually been working on a Lua parser because 1waffle1’s sandboxing thread got me interested in a Lua based Lua VM again (and parsers are fun; I’ve made a few over the years). My variant of choice is currently based on the Pratt recursive decent style. All of the nice precedent handling of a “deterministic pushdown automaton” (or what we used to call a ‘stack based state machine parser’) but with the simple elegance of OO recursive decent.
2 Likes
(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)