RbxStu V2: Studio Executor - Runtime Debugging and Exploit Patching

keyless?? :grin: :face_with_hand_over_mouth: Just asking u know

1 Like

A tool as described in this post is risky to be having even discussed, or planning to distribute. As far as I’m aware, Roblox’s Terms of Service say that their software must be used as provided, and not modified in anyway. Discussing and sharing exploits like these are also prohibited, and I’m sure that doesn’t only mean the client. I’m sure they mean any software they provide to you, for free.

My suggestion is to keep this to yourself, and not distribute it, otherwise you’re likely stepping into legal territory. While I do agree that us as developers need more proper cheat-engine-like testing tools, we have to wait until an official solution is provided to us, otherwise we’re just breaking the same rules that are so highly hated among ourselves. There isn’t really any other way to spin it than that.

4 Likes

Roblox prohibits many things, but I’d argue this is a gray area, and its a good tool for developers, it’s not intended to be used with malicious purposes (and it’s not like it can be), as it’s meant, and you can only use it on your own games with the intent of testing their security or just trying and seeing what sticks on the greater scheme.

I’d also like to add that this probably falls under the development of cheating countermeasures, which I don’t think Roblox has a problem with, as we clearly have plenty of posts talking about combatting exploiting in forums. The main purpose is not to damage players at all, and is in fact to help them and developers. I don’t think Roblox will punish me for it, else this post would have been taken down or probably tagged/censored when it was released.

It’s neither breaking rules that we have declared upon ourselves, it’s like police.

Police have weapons for the sake of security themselves, but also others, yet guns are just plain prohibited on some countries, or highly restricted, but some exceptions apply on certain cases, and I would argue this tool falls under that category of “Exceptions”, as by using it I don’t harm and rather benefit myself and other developers who want to polish their game at scale from exploits and cheaters, that would have been otherwise much more destructive. Its like a Vaccine if you will, if we applied this same logic of yours to things like anti-viruses for server sides, then they wouldn’t exist, as they would discuss the thing we hate so much and Roblox terminates account instantly for.

4 Likes

:skull: do I have to answer this? it’s not gonna have a key system, it doesn’t even have a UI, you literally use a command line to do scripts.

1 Like

Yes, but you mustn’t forget that Roblox also does not allow cheat-like engines to be used on their Roblox Player, even if you were to use it for your own games.

Also by law, with End User License Agreements, and Terms of Services, you must follow them to the point, which means despite this being for a good purpose, you’re still technically breaking the rules by not following what they have stated.

Unless a Roblox staff member, or someone who is affiliated with higher levels of administration said that using Tools like these are OK on their software, you shouldn’t be doing it, point blank.

I’m not trying to get on your case about this, just saying that if anything happens, it’s on you.


Also I should state that treading on grey areas are already risky enough on their own, and getting people to use this software would still be highly advised against.

3 Likes

Roblox Player is NOT Roblox Studio, you cannot use this on Player, even if I open sourced it, the method it used for execution is a classic Lua method, not a Roblox specific one, the only reason it’s not open source is because it has bypassed on some Roblox security mechanisms which I don’t want to release because that could get me in actual trouble because they work on clients, EULA for player may also not apply for Studio, they are two different products and although they do share a code base, their target audiences are completely different

3 Likes

Roblox Player is not Roblox Studio is true, but that doesn’t change the Creator Terms, nor does it change the User terms.

You must understand that both of these software are hosted by the same party, and are under the same license agreement that you agreed too upon signing up.

Roblox wouldn’t be able to verify the integrity of your work, and even if you say it’s good, and that you’re not sharing anything with anyone else, there are always those kinds of groups that might be able to figure out what you did here in your software.

All good things can be used for evil, and vice versa, and unless it’s stated that it’s OK, it’s better to assume it’s not. You don’t have to agree with me, but my opinion isn’t changing.

That’s all I have to say, and am going too.

3 Likes

Roblox somewhat promised something like this was coming on RDC, when Hyperion was about to release

can you share where this was mentioned at rdc

1 Like

They said they were going to provide measures for us to counter explotiing more effectively, which could be inferred as providing us tools which would assist us in patching scripts that exploiters might throw at our game to cheat in them.

1 Like

Updates on this tool.

Added more of the UNC spec for more scripts to run. Fixed functions that were broken before which now work perfectly fine. Basic scripts like generic scripts (Infinite Yield) and explorers such as Dex run and work correctly, other functions have been added (identifyexecutor/getexecutorname, getnilinstances, getinstances, etc) but they aren’t as important as the rewrite that hookfunction got this time around (Now it works without crashes, which it didn’t before). This could reach alpha sooner than expected, but I rather overdue it than be late, ok thats all i got to say on it for now. The module in its current state has some light security (Mostly just obfuscation on constants), if I release it I’ll probably pack it with a packer, or not, I’d rather you all to decide on that matter.

3 Likes

i got excited reading about this cause i thought i would be able to pentest my games. then i realised it wasn’t released yet. please release

2 Likes

Further updates. I have managed to make it stable enough for a small scale test, now it only works when you are in game as well. I have expanded the environment, there are some functions which I’m still to learn how to write, but currently the environment is “Managable”, you can do plenty with it already I believe, there are some security checks in place for malicious scripts as well so they don’t do damage, still, I’m yet to finish functions like getconnections (Which allow you to manipulate RBXScriptSignal(s), disconnect them, disable them, enable them, etc).

The dll is attached to this message as a zip file, but I don’t know how moderation might react to a random DLL being sent in a forum post, so I’m risking myself with this one.

I’m not gonna provide an injector, anyone can find them lying around on the internet, and a simple one works alright, get something like “Extreme Injector V3”.

The zip will come with the DLL and its PDB, so anyone can get their hands dirty with it using IDA or any Reverse Engineering tool. This DLL works for on Roblox Studio version-e2bc56a1e4374ca0 on the LIVE branch.

How to use?

To use the DLL, you want to enter into a place, you can use a Baseplate, it doesn’t matter, it just has to be published, if it isn’t, the execution won’t be stable (I’m doing a simple way of grabbing state, without publishing the game, the DataModel (Robloxs’ game global will be missing some information, like PlaceId and GameId, which will make it grab an incorrect state). You want to play test the game, it doesn’t matter how. Then you want to inject the DLL into it once you load FULLY.

The console of the game should say “setting genv” once injected, if it doesn’t type reinit() on the console, this will make it so it will try again, do it until that message pops up, and you should be able to run luau code.

I have tried my best to make things as safe as possible, but please avoid running untrusted scripts with it until I have confirmed that things are safe enough.

Another thing to note, is that after injecting the module, your game will crash when exiting studio or when it finishes play test, this is normal, don’t panic, just restart studio (If you used local play), or directly close studio and dismiss it. You may also find a ghost studio process if you find a crash while using it and don’t close it. Please, if you DO crash, send me the stack trace so I can look into it. Cheers to whoever wants to try it.

You can look into the DLLs behaviour using tools such as IDA (Don’t keep your Roblox open while doing it, it will crash you due to Hyperion), I made it easier, since it also packages a PDB.

Download link (MediaFire): Module
VirusTotal: VirusTotal - Module.dll (It got falsely flagged by an AI AV, lol)

This is NOT meant to be the final stage, this is just what I have written in like two weeks. So bear that in mind.

You may reverse engineer this dll as you see fit, if you deem something suspicious, don’t worry, ask me right away and I’ll answer! All it has is obfuscation using a library called “oxorany” for obfuscating constants, which I’ll probably reduce its usage, since compilation takes too long (10 minutes for a single edit on one CPP file, too much).

Thanks for even trusting me with this, cheers and please report crashes. Bear in mind this DLL will probably only work until Wednesday, since Roblox normally updates every Wednesday, Studio included as far as I’m concerned.

4 Likes

Why would you need to use obfuscation on this at all? If you actually want this to be a useful tool that people will use, it should be open source and have zero obfuscation. No one in their right mind would trust this without that kind of transparency.

9 Likes

how did you open an app with console?

The only reason I will use the obfuscation was because of the security bypasses, and other reasons; I want to avoid the code of the custom function and the security hooks getting shared around, doing so completely breaks their purpose, if I truly wanted to be a bad actor, I wouldn’t have given you the thing that makes this 20000 times easier to do whatever you want with it, and as I said, I’ll work towards removing some of the obfuscation of constants later, leaving only some bits of it. And as I have said, I wanted it open source from the beginning, but I don’t believe people would contribute to C++, being that I’d argue lots of devforum people aren’t C++ people, exposing the source code let’s free rail for people, and bad actors could use it to attack users of it by exploiting vulnerabilities it may have, but sure, I’ll put the source code in my GitHub later today if that keeps you all peace of mind.

Alright forget the blabber of “Later today” here it is the source code, it’s missing clean up, that’s for sure, I don’t think you will have problems regarding the safety of it after this one, you can even compile it yourself, I’ll make a guide for thst later, for now uhh, have fun exploring it GitHub - SecondNewtonLaw/StudioExecutor: Roblox Studio executor for game penetration testing.

I’ll work towards making it more user friendly later on, for now it’s just testing and alpha, not much more

This looks very interesting, good work.

By the way, does loadstring and game:HttpGet work in this tool?

2 Likes

Yeah they do, they are implemented in the environment. In fact, you can use exploiter tools like VSCode remote executors, and with a little snippet of luau execute whatever you want in your game using VSCode to edit it, I had to implement websockets for it, which was painful, but after approximately an hour if work it’s done, the source already has it, I just haven’t compiled a DLL with it yet, I still think there aren’t enough people really interested in it for me to continue investing this much of my time in it :skull: the repo star count doesn’t show much support; even then, I need a GUI for this some time in the future, else it is unusable very much.

Yes this is open source, if you know C++ you can look it out, you can find the functions inside the environment by looking at the Environment folder, you will find ClosureLibrary, Environment, WebsocketLibrary and DebugLibrary, which I’m yet to finish (lol).

For the function implementations they are located at
StudioExecutor/Environment/Environment.cpp at 483df134c4f82b5b56eb54a9213e85d0924e2463 · SecondNewtonLaw/StudioExecutor · GitHub HttpGet (Meta method hook on Environment.cpp, on the big string, that’s the init script)
StudioExecutor/Environment/ClosureLibrary.cpp at 483df134c4f82b5b56eb54a9213e85d0924e2463 ¡ SecondNewtonLaw/StudioExecutor ¡ GitHub loadstring

3 Likes

Could you possibly make remote spies work? The one im trying to use is simple spy v3 which you can get with infinity yield command “rspy”