Categories > Exploiting > Roblox >

Tutorial | Learning to dump Roblox and creating a basic print C++ exploit

Laxion

Aesthetical

vip

Posts: 1

Threads: 1

Joined: Dec, 2018

Reputation: 50

Posted

Credits to DeepPain for teaching me this.
https://wearedevs.net/profile?uid=59316

What you're going to need:

-- IDA By Hex Rays - https://mega.nz/file/JNMlDa6L#BJruQfumHZg2khTLChKTcsd63Vk5jxt7SWhyFk5PpJg
-- PE Tools - https://github.com/petoolse/petools/releases/download/v1.9.762/PE.Tools.v1.9.762.2018.7z
-- General knowledge on game exploiting



Part 1 - Dumping Roblox and Rebasing:

Go on any roblox game and hit play. Once your roblox game loads up, open your PE tools and look for RobloxPlayerBeta.exe in the process list, and once you've found it, right click it and press Dump Full, then save the new exe somewhere.

Go and open IDA 32-bit and open the new exe on there. Once you've done that, look on the top bar and go on Edit > Segments > Rebase Program. Once you have gotten there, rebase the program to: 0x400000 and continue.



Part 2 - Finding the print Address:

Once roblox is dumped and rebased, you can now start searching for the strings. Look again on the top bar and go on View > Open subviews > Strings. After you have completed that and it's loaded, on your keyboard, hit the keys CTRL + F and a search bar should've popped up. On that search bar, search up the string Video recording started and hit enter.

https://media.discordapp.net/attachments/737974508459130942/741288487449264128/unknown.png

You should be there now, double click that, and a message should pop up, just continue and hit OK

https://media.discordapp.net/attachments/740507546413957212/741334164619395133/unknown.png

Click on aVideoRecordi_0 and then on your keyboard hit X, and a message should pop up, just continue and hit OK. .


https://media.discordapp.net/attachments/740507546413957212/741333039937749122/unknown.png

Double click the FIRST CALL under aVideoRecordi_0 and it will take you to the print function. After, press TAB or F5 and you will be shown the pseudocode for print. On the first line is your calling connection and your print address.

https://media.discordapp.net/attachments/737974508459130942/741341702496976916/unknown.png

So your calling is __cdecl and your address is 5F2D70. And there you go, you have your address and your calling, which you are next going to need to make the exploit.



Part 3 - Beginning the Exploit:

Open your visual studio and create a Empty C++ Project. After you've created your project, add a new .cpp file. After you've done that, click on your Project > Properties and then set the output type from .EXE (Windows Application) to .DLL (Dynamic Link Library) and then we can now start our code. 

Now let's add our imports:

#define _CRT_SECURE_NO_DEPRICATE #define _CRT_SECURE_NO_WARNINGS #include <Windows.h> #include <iostream>


So since it's a .DLL we need a way to execute our code once it's injected, simply head HERE and copy and paste the code

Part 4 - Bypasses:

Roblox has code in place to stop people using consoles which is very easy to bypass. You might see it in most exploit sources: 

DWORD asdmemes; VirtualProtect((PVOID)&FreeConsole, 1, PAGE_EXECUTE_READWRITE, &asdmemes); *(BYTE*)(&FreeConsole) = 0xC3; AllocConsole(); SetConsoleTitleA("Exploit"); freopen("CONOUT$", "w", stdout); freopen("CONIN$", "r", stdin); HWND ConsoleHandle = GetConsoleWindow(); ::SetWindowPos(ConsoleHandle, HWND_TOP, 0, 0, 0, 0, SWP_DRAWFRAME | SWP_NOMOVE | SWP_NOSIZE | SWP_SHOWWINDOW); ::ShowWindow(ConsoleHandle, SW_NORMAL);


After this we are gonna be needing a ALSR bypass, thankfully this can be achieved by just one line of code:

#define x(x) (x - 0x400000 + (DWORD)GetModuleHandleA(0))

 

 

Part 5 - Finishing up:


Now we have to create a print function so we can call it and exploit in roblox, we simply make the function with this code:

 

typedef int(__cdecl* RPrint)(int, const char*, ...); RPrint r_Print = (RPrint)x(0x5F2D70);


And then you just call it by doing r_Print(0,"Text here"); , and there you go! Your first print exploit.
I hope you've learnt something from this, and can come to you for help in the future.

Here's the final code:
https://pastebin.com/raw/kLmA1ZfW

Bye for now!
EDIT: REALIZED I PUT WRONG LINK FOR PE LINKS, SORRY

  • 3

"Good men must die, but death cannot kill their names."

Posts: 22

Threads: 4

Joined: Jul, 2020

Reputation: 4

Replied

vouch great explaiation on print exploit!

  • 0

Wabz

Winning.js

Posts: 2407

Threads: 194

Joined: Apr, 2020

Reputation: 27

Replied

Nice, i didn't know it was that easy to get started.

  • 0

My new discord is Wabz#1337 with ID 777154062789509130

DeepPain

Wyvern

Posts: 476

Threads: 5

Joined: Jul, 2020

Reputation: 55

Replied

also vouch to me because i taught him how to do this

  • 0

My Discord is xwyvern

https://i.imgur.com/mH521VR.png

Posts: 1130

Threads: 84

Joined: Apr, 2020

Reputation: 34

Replied

Time to break my mind even more

  • 0

modifying a ui and calling it yours does mean it's your ui.

- JalapenoGuy

https://media.discordapp.net/attachments/769992459916017687/1065084754128539658/image0.jpg

davidTube

not inactive

noticed

Posts: 1848

Threads: 88

Joined: Dec, 2018

Reputation: 54

Replied

nice

Content length must be 10-5000 chars

  • 0

Ducxy

Eclipse Cheats, LLC.

vip

Posts: 678

Threads: 103

Joined: Mar, 2019

Reputation: 35

Replied

Very nice and easy to follow tutorial, Vouch!

  • 0

jex

yes

Posts: 1984

Threads: 128

Joined: Nov, 2019

Reputation: 13

Replied

@notgustas gaytas hi kid where iGayer

aND VOUCH NICE TUTORIAL

  • 0

yes

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )