Categories > Exploiting > Roblox >
Tutorial | Learning to dump Roblox and creating a basic print C++ exploit
Posted
Credits to DeepPain for teaching me this.
https://wearedevs.net/profile?uid=59316
What you're going to need:
-- IDA By Hex Rays - https://mega.nz/file/JNMlDa6L#BJruQfumHZg2khTLChKTcsd63Vk5jxt7SWhyFk5PpJg
-- PE Tools - https://github.com/petoolse/petools/releases/download/v1.9.762/PE.Tools.v1.9.762.2018.7z
-- General knowledge on game exploiting
Part 1 - Dumping Roblox and Rebasing:
Go on any roblox game and hit play. Once your roblox game loads up, open your PE tools and look for RobloxPlayerBeta.exe in the process list, and once you've found it, right click it and press Dump Full, then save the new exe somewhere.
Go and open IDA 32-bit and open the new exe on there. Once you've done that, look on the top bar and go on Edit > Segments > Rebase Program. Once you have gotten there, rebase the program to: 0x400000 and continue.
Part 2 - Finding the print Address:
Once roblox is dumped and rebased, you can now start searching for the strings. Look again on the top bar and go on View > Open subviews > Strings. After you have completed that and it's loaded, on your keyboard, hit the keys CTRL + F and a search bar should've popped up. On that search bar, search up the string Video recording started and hit enter.
https://media.discordapp.net/attachments/737974508459130942/741288487449264128/unknown.png
You should be there now, double click that, and a message should pop up, just continue and hit OK.
https://media.discordapp.net/attachments/740507546413957212/741334164619395133/unknown.png
Click on aVideoRecordi_0 and then on your keyboard hit X, and a message should pop up, just continue and hit OK. .
https://media.discordapp.net/attachments/740507546413957212/741333039937749122/unknown.png
Double click the FIRST CALL under aVideoRecordi_0 and it will take you to the print function. After, press TAB or F5 and you will be shown the pseudocode for print. On the first line is your calling connection and your print address.
https://media.discordapp.net/attachments/737974508459130942/741341702496976916/unknown.png
So your calling is __cdecl and your address is 5F2D70. And there you go, you have your address and your calling, which you are next going to need to make the exploit.
Part 3 - Beginning the Exploit:
Open your visual studio and create a Empty C++ Project. After you've created your project, add a new .cpp file. After you've done that, click on your Project > Properties and then set the output type from .EXE (Windows Application) to .DLL (Dynamic Link Library) and then we can now start our code.
Now let's add our imports:
#define _CRT_SECURE_NO_DEPRICATE #define _CRT_SECURE_NO_WARNINGS #include <Windows.h> #include <iostream>
So since it's a .DLL we need a way to execute our code once it's injected, simply head HERE and copy and paste the code
Part 4 - Bypasses:
Roblox has code in place to stop people using consoles which is very easy to bypass. You might see it in most exploit sources:
DWORD asdmemes; VirtualProtect((PVOID)&FreeConsole, 1, PAGE_EXECUTE_READWRITE, &asdmemes); *(BYTE*)(&FreeConsole) = 0xC3; AllocConsole(); SetConsoleTitleA("Exploit"); freopen("CONOUT$", "w", stdout); freopen("CONIN$", "r", stdin); HWND ConsoleHandle = GetConsoleWindow(); ::SetWindowPos(ConsoleHandle, HWND_TOP, 0, 0, 0, 0, SWP_DRAWFRAME | SWP_NOMOVE | SWP_NOSIZE | SWP_SHOWWINDOW); ::ShowWindow(ConsoleHandle, SW_NORMAL);
After this we are gonna be needing a ALSR bypass, thankfully this can be achieved by just one line of code:
#define x(x) (x - 0x400000 + (DWORD)GetModuleHandleA(0))
Part 5 - Finishing up:
Now we have to create a print function so we can call it and exploit in roblox, we simply make the function with this code:
typedef int(__cdecl* RPrint)(int, const char*, ...); RPrint r_Print = (RPrint)x(0x5F2D70);
And then you just call it by doing r_Print(0,"Text here"); , and there you go! Your first print exploit.
I hope you've learnt something from this, and can come to you for help in the future.
Here's the final code:
https://pastebin.com/raw/kLmA1ZfW
Bye for now!
EDIT: REALIZED I PUT WRONG LINK FOR PE LINKS, SORRY
"Good men must die, but death cannot kill their names."
Replied
vouch great explaiation on print exploit!
Cancel
Post
Replied
Nice, i didn't know it was that easy to get started.
Cancel
Post
My new discord is Wabz#1337 with ID 777154062789509130
Replied
also vouch to me because i taught him how to do this
Cancel
Post
My Discord is xwyvern
https://i.imgur.com/mH521VR.png
Replied
Time to break my mind even more
Cancel
Post
modifying a ui and calling it yours does mean it's your ui.
- JalapenoGuy
https://media.discordapp.net/attachments/769992459916017687/1065084754128539658/image0.jpg
Replied
nice
Content length must be 10-5000 chars
Cancel
Post
Replied
Very nice and easy to follow tutorial, Vouch!
Cancel
Post
yes
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post