Ok its now up to date, I’m just wrapping things up and its ready to go, thx for support.
works really good, altough i would definetly like to see some improvements with the detection methods to detect if u are using roblox studio, for example IsRunning returns true, normal client for exploiters returns false
Ah, I could work towards patching those, but I fear that could make in game scripts behave eefy, mainly if someone has some studio-only feature, maybe on logging, their behaviour wouldn’t be consistent, this things can be solved with some __index
and __namecall
hooks, you can probably come up with them fairly easily, you could also hookfunctions to achieve it
Amazing resource keep up the good work
i just found some detection. (all real exploit patched this)
if pcall(function() return game[workspace] end) then
warn("detected")
end
Ok buddy and does this look like a executor meant to be ran on roblox game client? No.
There is no reason to patch detections like this (not saying this detection is not even valid code) so please use brain before posting.
??? i just want to pentest my game so if this executor has so many vuln how do i can test???
dont be rude.
yes. i forgot to add return in pcall
It is meant to help you run scripts WRITTEN by exploiters for YOUR game, it is not meant to be undetected by YOUR game, still, I’ll check my source to see if I can fix that issue though, don’t worry, I’m working on it right now, I’ll release an update and a commit when I believe its patched.
sorry, i just want to pentesting my game.
and i dont want to risk my account by using real exploit
I have patched the issue, I forgot to check my new c closure handler (Which allows you to use newcclosure) for the returned status. So if I was to error, the string would remain at the top of the lua stack, and it would be pushed instead of an error. Thx for reporting, I’ll release the update with the fix in a minute, I was doing other things while fixing it, aaand I also went to eat, so sorry for that delay.
Updates on the project yet again
Added many more functions of the UNC specification. I have seen some people in the discord server which have been effective in running scripts for games they are related to to patch them, which means, it’s doing what it’s supposed to be doing!
Currently the module is much more stable than when originally released, now you don’t crash every time you exit the game from a play test, an achievement that cannot be understated. I have hopes of starting to work on the UI for it which will allow me to implement the Filesystem part of things.
Websockets are working, fixed this time around
getscripts (Get all scripts on the DataModel, even if nil) has been fixed getfpscap
and setfpscap
have been implemented (You can unlock your FPS now, maybe to, for example, debug something REALLY specific to connecting to RenderStepped or similar.
cloneref
is borked, and I cannot solve it until i find a function that it depends on.
I have began to implementing the crypt
library, most of it’s utility methods (like crypt.generatekey
, crypt.generatebytes
, crypt.base64encode
and crypt.base64decode
, crypt.hash
) work alright on the bleeding edge, but the main methods, like crypt.encrypt
and crypt.decrypt
are borked, mainly possibly due to me mishandling some variables like the initialization vector.
Currently, it has a UNC score of approximately 58%, which I believe I could get to 60%+ by adding FileSystem library and solving the crypt library issues.
There are also some functions which honestly make no sense to implement, but are still useful, such as getscriptbytecode
, which is implemented with a bit of cheating (I grab .Source and compile it to bytecode, works only on studio play tests), for support during team tests I would require the appropriate offsets of the ModuleScript and LocalScript Roblox C++ classes, which I don’t have (Besides that the bytecode is possibly compressed, so I would have to write a decompression routine as well.
I’ll make the next “Update post” when I finish crypt and polish up some aspects of the module.
compiling it really confuses it, whatever will i do - it will error with strange error
Explain the issue, I’ll go through your message tomorrow and see what the problem is.
Are there any plans to add something like build instructions to the repository, since CLion is jetbrains software it costs to use (as far as I know). So maybe something like build instructions for something like Visual Studio could be a good idea.
Setting up the project using anything other than CLion is possible,. Visual Studio 2022 has CMake support, but you would need to add vcpkg into it, and integrate it, then you should be able to compile, you just need vcpkg, MSVC and be able to generate the CMake config, use Ninja, writing a guide would take too much time, which also ignores that I’m working on a UI for it, have high school. and im also working on the module, sorry can’t help that much
That is not how cloneref works. At all, you are still holding a reference as object, the mainn point of cloneref is not holding onto the reference, and having a new one, which makes weak tables not work. If you used this with a weaktable check, it would fail.
Ah, would this work instead? This is code ripped from darkdex if the executor didn’t support cloneref.
for b, c in pairs(getreg()) do
if type(c) == "table" and #c then
if rawget(c, "__mode") == "kvs" then
for d, e in pairs(c) do
if e == Instance.new("Part") then
getgenv().InstanceList = c
break
end
end
end
end
end
local f = {}
function f.invalidate(g)
if not InstanceList then
return
end
for b, c in pairs(InstanceList) do
if c == g then
InstanceList[b] = nil
return g
end
end
end
if not cloneref then
getgenv().cloneref = f.invalidate
end
this is a late response; but you seem unbareable.
this is a community resource, one in which is free for others to use, and open sourced.
do you just go on github and make tickets for every little thing you disagree with? take a deep breath.
also doesn’t help a handful of your arguments are just simply wrong.
The sad part is that the majority of people in the reverse engineering field tend to be like this unless they have an actual job. I’ll never understand how these people find it so hard to raise issues and potential fixes in a kind way rather than entirely bashing someone’s work. Sounds like a miserable life.
I’d say the Binaary dude was just overly critical of C++ code.
Application C++ code. NOT cheat C++ code, because in the end RbxStu is virtually a cheat with its use being not in the bad side, rather good. I have seen cheat codebases much WORSE than this, where legitimately people just spam headers to get the work done, which causes MUCH worse things than what my current codebase has. A lot of things rely on knowledge from what I reversed while looking at some Roblox sources, reverse engineering isn’t always correct anyway, so its taking a gamble, that is why things are not top stable, because in the end, studio internals are literally less known than that of client I’d argue even, besides that I did quick fixes to crashes, like the one realting to freeblock
, which is why there is a hook in place on that function. Then there are other aspects of his critisism that I found have little value, such as the fact that using MinHook is wrong, it isn’t by any means correct, but neither wrong, its just a way of doing things in a pool of possibilities, for example, I could be hooking VFTs using int64_t * and that could be it, but I’m not, becuase I don’t touch VFTs, but I could also use a hooking library…
The amount of ways to do things one can use is insane in something like C++, in old cheats for what would be things like the 2019 client or so, they would use std::intptr_t instead of just lua_State*. It is just a way of doing things, not most optimal, but a way, and unless they want to come and solve the things they labeled as issues, too bad.
On a C++ application you control the application life-cycle, but on a cheat? Hell no, you literally just appear into the processes memory space and start randomly tweaking memory around, Cheats are NOT memory safe, and that is why if you crash using my tool, you don’t cry to Robloxs’ support, you cry to me, so I can check it out and try to fix it.