Categories > Exploiting > Roblox >
I need help making an execution method
Posted
I have auto updating addresses, but my issue is actually making an execution method. Here is my code:
// Scanner.hpp - scans roblox addies, with the help of EyeStep reborn by MelonMRTS on github
#include "eyestep/eyestep.cpp"
#include "eyestep/eyestep_utility.cpp"
#include "scheduler.cpp"
#include "zstd/xxhash.h"
#include "zstd/zstd.h"
#include "luau/Luau/Compiler.h"
#include "luau/Luau/BytecodeBuilder.h"
int ASLR(uintptr_t addy) { return addy - 0x000000 + reinterpret_cast<uintptr_t>(GetModuleHandleA(NULL)); }
int RASLR(uintptr_t addy) { return addy + 0x400000; }
// 55 8B EC 8B 45 08 8B 00 83 F8 ?? 77 ?? FF 24 85 ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C8
uintptr_t base = reinterpret_cast<uintptr_t>(GetModuleHandleA(NULL));
class roblox_encoder : public Luau::BytecodeEncoder {
std::uint8_t encodeOp(const std::uint8_t opcode) {
return opcode * 227;
}
};
typedef UINT(__fastcall* load)(UINT rL, std::string* source, const char* chunkname, int env);
typedef void(__cdecl* rbx_printf)(int type, const char* format, ...);
using r_taskdefer_t = uintptr_t(__cdecl*)(uintptr_t rl);
typedef int(__cdecl* rbx_getscheduler)();
typedef int(__thiscall* _getstate)(int scheduler_scriptcontext, int* type);
namespace Deobfuscation
{
uintptr_t luastate(uintptr_t sc)
{
return (sc + 236) - *(uintptr_t*)(sc + 236); //u can find it in getstate
}
uintptr_t global(uintptr_t rl)
{
return (rl + 24) ^ *(uintptr_t*)(rl + 24);
}
}
std::string compress(const std::string& data)
{
std::string output = "RSB1";
std::size_t dataSize = data.size();
std::size_t maxSize = ZSTD_compressBound(dataSize);
std::vector<char> compressed(maxSize);
std::size_t compSize = ZSTD_compress(&compressed[0], maxSize, data.c_str(), dataSize, ZSTD_maxCLevel());
output.append(reinterpret_cast<char*>(&dataSize), sizeof(dataSize));
output.append(&compressed[0], compSize);
std::uint32_t firstHash = XXH32(&output[0], output.size(), 42U);
std::uint8_t hashedBytes[4];
std::memcpy(hashedBytes, &firstHash, sizeof(firstHash));
for (std::size_t i = 0; i < output.size(); ++i)
output[i] ^= hashedBytes[i % 4] + i * 41U;
return output;
}
namespace scanner
{
static uintptr_t getprint()
{
int print_call = EyeStep::util::nextCall(EyeStep::scanner::scan_xrefs("Video recording stopped")[0], false, false);
uintptr_t print_address = base + EyeStep::util::raslr(print_call - 0x400000);
return ASLR(print_call);
}
static uintptr_t getluau_load()
{
int lvm_call_maybe = EyeStep::util::nextCall(EyeStep::scanner::scan_xrefs("oldResult, moduleRef = ...")[0], false, false);
uintptr_t lvm_addy = base + EyeStep::util::raslr(lvm_call_maybe - 0x400000);
return lvm_addy;
}
static uintptr_t gettaskdefer()
{
int tdefer_maybe = EyeStep::util::nextCall(EyeStep::scanner::scan_xrefs("Maximum re-entrancy depth (\%i) exceeded calling task.defer")[0], false, false);
uintptr_t tdefer_addy = base + EyeStep::util::raslr(tdefer_maybe - 0x400000);
return tdefer_addy;
}
static uintptr_t gettasksched()
{
auto taskschedulera = EyeStep::util::getPrologue(EyeStep::scanner::scan("55 8B EC 64 A1 ?? ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC ?? 64 A1 ?? ?? ?? ?? 8B 08 A1 ?? ?? ?? ?? 3B 81 08 00 00 00 7F ?? A1 ?? ?? ?? ?? 8B 4D F4 64 89 0D ?? ?? ?? ?? 8B E5 5D C3 8D 4D E4 E8 ?? ?? ?? ?? 68 ?? ?? ?? ?? 8D 45 E4 50 E8 ?? ?? ?? ?? 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 83 C4 ?? 83 3D ?? ?? ?? ?? ?? 75 ?? 68 ?? ?? ?? ??")[0]);
uintptr_t taskscheduler = base + EyeStep::util::raslr(taskschedulera - 0x400000);
return taskscheduler;
}
// get luastate
static uintptr_t getls()
{
const scheduler_t sched{ 0xF969E0 };
uintptr_t sc = sched.get_script_context();
return (sc + 308) + *(DWORD*)(sc + 308);
if (sc == 0x0) { return 0x0; }
}
static uintptr_t getstate()
{
auto getstate_siggy = EyeStep::util::getPrologue(EyeStep::scanner::scan("55 8B EC 8B 45 08 8B 00 83 F8 ?? 77 ?? FF 24 85 ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C8")[0]);
uintptr_t getstate = base + EyeStep::util::raslr(getstate_siggy - 0x400000);
return getstate;
}
};
I use this for getting the addys, so these are the addies I have. What can I do to run scripts?
Added
BTW ignore getls() that is very old idk it makes no sense ik
Cancel
Post
Replied
What's wrong with it? Does it crash? Does it do nothing? From looking at it, I think your compression is wrong, but I could make a better prediction if you can elaborate on where in your code the error occurred. Also, I highly recommend not relying on dumpers when you're starting out as they will limit your learning and experimentation and you'll always be sticking to the same functions.
Cancel
Post
Replied
Yeah, the addies work and all but execution is the problem. I'm making an external exploit, I think that's the problem. Should I just make it a DLL?
Cancel
Post
Replied
You must know that anything externally must catch the target information, such as module handle, base, process id, process name, hwnd, handles. You have to make it internally if you are a starter. To correct your mistake, the luau_load string is incorrect. It returns a random function with 2 arguments.
In context, make it internal. As I see that is your issue.
Cancel
Post
hecker dude ngl i hecked 5 ips in 1 second also luaU_loadbiglongjuicythingy(rL);
Replied
Thanks, I'll look into that
Cancel
Post
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post