FANDOM


During the history of ROBLOX, many exploits were found, disseminated, and abused by ROBLOX users. Most of those were, over the course of development, fixed by the ROBLOX developers. Over the course of ROBLOX's history, many advances towards reducing exploiting have been attempted.

Lua bytecode

When Lua runs programs, the Lua virtual machine compiles code to Lua bytecode before it is interpreted. This process is irreversible without artifacts (via decompilation), and thus was frequently used for Code Obfuscation.

Lua bytecode does not have the same structure as Lua and allows, by unconventional means, manipulation of the stack and other things that are not possible in normal Lua programming. It is possible, though difficult, to write Lua assembly code manually and to assemble it into Lua bytecode. The ROBLOX process can load Lua code and Lua bytecode through use of its loadstring function.

It has been proposed on the Lua mailing list that direct stack manipulation could be used to access the environment of other functions during their execution and, therefore, to steal values from these functions (including C functions that Lua has access to), something which is not possible in pure Lua.

The ROBLOX user NecroBumpist proved the idea to be true and possible.[1] Using Lua bytecode, he created a function that allowed a script to steal values from other functions, including C functions. This made it possible to steal values from ROBLOX's API's, but months passed until someone found a way to use this bug to modify the global environment and to become capable to make the core scripts and the join script execute any Lua code in a game server.

This resulted in the removal of bytecode from ROBLOX and the ability to use it with the loadstring function.[2] Despite common belief, this exploit was unrelated to a Direct Dynamic Library (DLL) exploit in the same time period. The removal of bytecode had no other side effect than rendering code obfuscation impossible without other means.

Proto Conversion

After the removal of the Lua compiler from the client, ROBLOX made heavy changes to the Lua VM. ROBLOX-compatible bytecode after the change contained heavy use of encryption and obfuscation, and required special signing from the server, which is where all client scripts were compiled. Generating this new bytecode from scratch would prove near impossible for would-be exploiters.

In the summer of 2015, a user named Chirality on an underground ROBLOX exploit development/marketplace forum called "V3rmillion"[3] came up with an idea: By using the regular vanilla Lua compiler to generate a Lua function prototype, then modifying it to be compatible with ROBLOX's VM, he could achieve script execution. This process was made easier through use of C++'s very flexible data types, where after reversing the right structs, accessing all the data from a ROBLOX function prototype was trivial.

After solving the encryption, Chirality achieved script execution, and dubbed his method "proto conversion." He then created an exploit called Seven, which was the first of many exploits to use the new method. Some of the most prevalent and infamous exploits in history, such as Elysian, Intriga, Cerberus and EX-7, have used this method to execute scripts.

DLL Injection

Most current exploits are DLL files that are injected into ROBLOX using a DLL injector. Once injected, the exploit is able to function correctly. Injecting a DLL into a process is not all that is required, as ROBLOX has introduced many safeguards or "checks" to prevent memory from being manipulated easily. 

See also

References

  1. Necro's Magical Bytecode Exploits, ROBLOX forums, http://www.roblox.com/Forum/ShowPost.aspx?PostID=57817090
  2. John Shedletsky, Bye Bye Bytecode, ROBLOX Blog, http://blog.roblox.com/2012/08/bye-bye-bytecode
  3. V3rmillion, a forum with a large community of ROBLOX exploiters https://v3rmillion.net

Start a Discussion Discussions about Exploit

  • "You are prohibited to exploit in this game"

    13 messages
    • Notnewb200 wrote:ROBLOX: ODer = A great player Admin = some-one who bans people who want oders to be banned player = a victim of bans ODer is bad.
    • that was roblox in a nutshell.
  • The Hackers.

    18 messages
    • #StopTheHackers and about the egg, well ...http://roblox.wikia.com/wiki/User:SuperGamer675
    • Mason MCPE wrote:Wait what? is there really a game called 1987? Wouldn't roblox just censor the numbers? Its Actully a FNAF game. You get...

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.