Simple detection of Xeno Injection

Test_server1 · March 28, 2025, 10:10am

Good afternoon everyone, the method is extremely simple and does not require much thought.
During injection Xeno creates a service “MessagingService” to notify that the injection was successful. We will exploit this silly vulnerability and simply crash the exploiter:

local Game = game
local ServiceProvider = Game
local Task = task
local targetServiceName = "MessagingService"

local function triggerIntenseCrash()
	task.spawn(function()
		while true do end
	end)
	task.defer(function()
		while true do end
	end)
	while true do
		local a = {}
		for i = 1, 1000 do
			a[i] = math.random()
		end
	end
end

while true do
	local success, serviceInstance = pcall(ServiceProvider.FindService, ServiceProvider, targetServiceName)

	if success and serviceInstance then
		triggerIntenseCrash()
		break
	end

	Task.wait(0.1)
end

False positives can be only if you use this service, but it is easy to detect.

pinker_stinker5150 · March 28, 2025, 11:26am

For any future readers:

This is a version of OPs script if they actually knew what they were doing. The above script is riddled with bloat and bad practices. No offense, but I find it insulting to just post a community resource this badly written.

It does the exact same thing as OPs script.

while task.wait(1) do
	if game:FindFirstChild("MessagingService") then
		while true do end -- Crashes the hacker because RobloxPlayer doesn't have script timeout.
	end
end

What is this for? Why are you not just using the normal variables? And why is ServiceProvider the same as Game?

Test:

local function triggerIntenseCrash()
	task.spawn(function()
		while true do end
	end)
	task.defer(function()
		while true do end
	end)
	while true do
		local a = {}
		for i = 1, 1000 do
			a[i] = math.random()
		end
	end
end

And why are you spawning 2 threads and then filling a table? I mean, that just lags the game and then errors the script with Script timeout: exhausted allowed execution time.

GamEditoPro · March 28, 2025, 11:29am

RobloxPlayer don’t has allowed execution time mechanic like studio.

pinker_stinker5150 · March 28, 2025, 11:34am

Well that’s stupid.

Test_server1 · March 28, 2025, 11:57am

Such a habit, having complicated variables. They do not interfere with anything and do not strain the game with unnecessary load functions.

I already see that someone explained to you “why” and “how”, you can use different methods, starting from a simple kick(), up to some - your own methods, no one prevents you to change the method of “banishment” to your own.

pinker_stinker5150 · March 28, 2025, 12:02pm

What are you talking about? I mean why are you making Game instead of game and also at the same time ServiceProvider instead of game. That’s stupid. That’s bloat.

That doesn’t explain why your function is terrible. You can also just do

while true do
	task.spawn(function() while true do end end)
	task.wait()
end

Test_server1 · March 28, 2025, 12:11pm

Now let’s get this straight:
A: Regarding variables - I agree, it can be simpler.

B: About the crash function - it is only one of many ways. Your variant with task.spawn in a loop is also a working crash method. There is no single “right” way to crash, there are literally millions of ways, but the effectiveness may vary. The purpose of my variant was to have a combined effect.

I only have a task like this, will the crash be achieved? - Yes, and therefore you should not worry about such a function.

pinker_stinker5150 · March 28, 2025, 12:19pm

Then you should change your script.

I don’t think you understand.

You don’t have a combined effect. You’re creating 2 tasks that don’t do anything. That’s it. My method also uses tasks, but it spawns an insane amount of them. That’s the reason why it works. 2 zombie tasks don’t do anything.

Then the while loop below runs forever making a bunch of tables that get immediately garbage collected and that’s what’s actually freezing Roblox. That’s what I meant by it’s stupid. Just write the part that actually works.

This is a community resource, so I’m pointing out how bad of a resource it is.

Test_server1 · March 28, 2025, 12:27pm

That’s when we emphasize it. You have very timely pointed out that this is a community resource, so thank you, but based on this dialog you have not made the so-called “panacea”, if someone needs to fix the code, he will do it without our intervention.

pinker_stinker5150 · March 28, 2025, 7:15pm

You’re providing the resource, so it’s your responsibility to provide something worthwhile. If you don’t, people will look at this and think this is good practice. And it’s not, you already agreed to that after all.

PS: Stop trying to use fancy words to make yourself look smart. You’re not.

Test_server1 · March 28, 2025, 7:41pm

You just like to argue with people, I’m perfectly adequate, but if you like to act arrogant, I don’t forbid it.

pinker_stinker5150 · March 28, 2025, 8:30pm

Btw, how did you find out Xeno uses MessagingService? I don’t really see why it would need to access cross-server functionality.

Test_server1 · March 28, 2025, 8:41pm

Initially I tried to get into the xeno dll to look at all sorts of functions, alas I’m not a master at figuring that out and it was all partly unsuccessful. But, afterwards, I made a script that constantly scans through ServiceProvider, that is, the function “FindService” search for all existing services in the game, as a result, the constant monitoring and detected during the injection of this wonderful loophole

AstRblx · March 30, 2025, 12:19pm

how will this script find the player thats hacking from just messaging service

Test_server1 · March 30, 2025, 3:39pm

When an exploit called “Xeno” is injected, this exploit creates this service and makes it active, which allows the hack to be detected immediately. This means that the service called “MessagingService” is constantly being searched for.