Categories > Exploiting > JJSploit >
Easy fix for JJSploit: hookfunction
Posted
Most people have been talking about this issue since months, and the functionallity isnt great at all.
So i had to dig the WRD api backend in order to fix this issue at all, and honestly its weird why the feature doesnt work at all.
So here is a snippet of code that i reutilized from the leaked backend lua script for JJSploit:
local function hookfunction(func, rep)
local env = getfenv(debug.info(2, 'f')) -- uses getfenv function to hook it.
for i, v in pairs(env) do -- envirioment fetch
if v == func then
env[i] = rep -- result is the function grabbed and returned.
end
end
endI recommend you for using a raw script for a better result, instead of using loadstring.
Cancel
Post
hello i am mr idiot;
this is my show.
i fix exploits
i fixed exploits.
this is the end, i love ya!
(rolling credits scene)
Replied
Cool stuff! How haven't you got a rep yet?
Cancel
Post
PLUTO_GUY FOR MODERATOR 2024!
---------------------------------
Reading this? Use charm.rest for the best gaming experience in your browser! It is unblocked at school and nice for gaming at home!
Replied
If this is actually their function hookfunction solution, it's mediocre at best. I would avoid using this at all costs if you're working with games that have client anticheats. A true hookfunction is going to modify the memory of the closure to point to another function prototype, not overwrite values.
A "real" hookfunction will (for hooking a Lua closure), overwrite the function prototype of the closure in memory, which cannot be done from Lua (source). To hook a C closure, many executors will create a delegate C closure (a native function callable from Lua) that calls an L closure (a Lua function with a prototype).
This implementation will (it seems) take the global environment from the target function and replace all instances of that function with the hook. This would work somewhat for global functions like "print," but to get past this as a game developer, you just need another environment. You're simply changing values here.
And, with metamethods, we could even detect these hooks! Here's something I wrote up that can detect something like this (I didn't test it):
-- Detect a mediocre function hook that overwrites values
local envCache = getfenv()
-- if we dont override global print from this script, it's likely an exploit
local function onSet(self, key, value)
if value == "print" then
print("woah, hook attempt detected we're gonna ignore setting that! probably someone cheating.")
return
end
envCache[key] = value
end
-- set custom global environment to watch for new overwrites
setfenv(1, setmetatable({}, { __index = envCache, __newindex = onSet })
A better (pure Lua) implementation for a crappy hookfunction would be one that scans the garbage collector for all instances of a Lua function, replaces every instance of it, and uses functions like rawset to prevent calling metamethods which can be used for value changes. This would be much more reliable, but it still isn't foolproof, and it's still easily detectable using some caching techniques. The only "real" way to hook functions without detection is to use the low level, "official" approach I mentioned earlier.
Other than that, this implementation merely changes global values. Might fool some scripts, but I've developed Roblox client-side anticheats that specifically detect this kind of half-hearted hooking, so I'm sure that others have also done the same.
Edit: Transferred from comments to post.
Cancel
Post
Used to be involved with game hacking, now I'm involved in cybersecurity. https://reversed.coffee/blog
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Comments
meditext 2 Reputation
Commented
You know, even WRD himself answered with my unapproved post talking about some issues with JJSploit, and i can confirm that WRD is also working with Zoarara for a time, with their backend script.
0