Simple detection of Xeno Injection [PATCHED]

Now let’s get this straight:
A: Regarding variables - I agree, it can be simpler.

B: About the crash function - it is only one of many ways. Your variant with task.spawn in a loop is also a working crash method. There is no single “right” way to crash, there are literally millions of ways, but the effectiveness may vary. The purpose of my variant was to have a combined effect.

  • I only have a task like this, will the crash be achieved? - Yes, and therefore you should not worry about such a function.

Then you should change your script.

I don’t think you understand.

You don’t have a combined effect. You’re creating 2 tasks that don’t do anything. That’s it. My method also uses tasks, but it spawns an insane amount of them. That’s the reason why it works. 2 zombie tasks don’t do anything.

Then the while loop below runs forever making a bunch of tables that get immediately garbage collected and that’s what’s actually freezing Roblox. That’s what I meant by it’s stupid. Just write the part that actually works.

This is a community resource, so I’m pointing out how bad of a resource it is.

That’s when we emphasize it. You have very timely pointed out that this is a community resource, so thank you, but based on this dialog you have not made the so-called “panacea”, if someone needs to fix the code, he will do it without our intervention.

You’re providing the resource, so it’s your responsibility to provide something worthwhile. If you don’t, people will look at this and think this is good practice. And it’s not, you already agreed to that after all.

PS: Stop trying to use fancy words to make yourself look smart. You’re not.

You just like to argue with people, I’m perfectly adequate, but if you like to act arrogant, I don’t forbid it.

1 Like

Btw, how did you find out Xeno uses MessagingService? I don’t really see why it would need to access cross-server functionality.

Initially I tried to get into the xeno dll to look at all sorts of functions, alas I’m not a master at figuring that out and it was all partly unsuccessful. But, afterwards, I made a script that constantly scans through ServiceProvider, that is, the function “FindService” search for all existing services in the game, as a result, the constant monitoring and detected during the injection of this wonderful loophole

1 Like

how will this script find the player thats hacking from just messaging service

When an exploit called “Xeno” is injected, this exploit creates this service and makes it active, which allows the hack to be detected immediately. This means that the service called “MessagingService” is constantly being searched for.

MessagingService has no functionality for developers on the Client. It only works for us through Server Scripts.

1 Like

Please spend time creating detections and post them on devforum for me to paste please :slight_smile: . OH and absolutely do not forget to make sure it can’t be bypassed. I don’t want to put any effort into making sure it can’t be bypassed myself!

It’s not about free scripts or bypasses or whatever you’re talking about. It’s about people seeing horrible practice and thinking it’s how you’re supposed to code this.
Did you actually look at the code? 90% of it does nothing.

This script crashes the client exactly the same way:

while task.wait(1) do
	if game:FindFirstChild("MessagingService") then
		while true do end -- Crashes the hacker because RobloxPlayer doesn't have script timeout.
	end
end

As this:

It literally does the exact same thing, and that’s very silly.
That’s what I was saying, nothing else.

1 Like

while true do can be disabled with scriptcontenxt timeout lol… so his way is like kinda safer

i am sorry to inform you that your crash can be bypassed trivially via game:GetService("ScriptContext"):SetTimeout(0.1)

(although to give you credit im pretty sure the other one will be bypassed by this too lol)

1 Like

His script also only crashes because of while true do, nothing else. So no. And that’s exactly my point.

Uh, no? setTimeout(0) just defers execution; it doesn’t stop anything. A while true do loop like the one above will still run, So no, it won’t be “stopped”.

Yes, and? Why does it matter if it’s just being deferred? It’s just filling a table and letting it get garbage collected immediately. That’s not going to cause a crash. What’s really causing the crash is the while loop, and nothing but the while loop.

And anyway, the bypass goes like this:

Try making a plugin and see if it crashes studio when you use this bypass.
Spoiler: It doesn’t. That’s because only the infinite while loop is causing the crash.

Xeno have seriously fixed the vulnerabilities for detection, it could probably be a re-debug of their code, or some modifications to the dll interface. But Xeno interacts strongly with ThirdPartyUserService, adding its own stack indicators to it, the service is initially created in ROBLOX and without injection, does anyone have any options to detect it? I tried to do detection via strong references for weak tables, but all to no avail. Any options to detect via getfenv() with calling multiple stack levels and make a trap?

1 Like

This doesn’t matter on Luau.

Luau has something called GETIMPORT which does this for you unless you use getfenv or setfenv, stop giving outdated advice; we aren’t in Lua 5.1 but in Luau, where things have changed drastically for optimisations, thanks.

1 Like

you’re right, what i said was based on lua 5.1, luauc does this for you indeed