Board Thread:Suggestions/@comment-30638561-20160202015629

This is just an explanation of ROBLOX exploits for the layman.

ROBLOX places are written in a sandboxed, heavily object-oriented version of LUA. From there, the scripts in ROBLOX places are compiled into C++, which is then further broken down into assembly. Assembly is essentially the basic instructions you give to the CPU to do stuff. Printing "Hello, World!" in LUA looks like this:

print "Hello World!"

and printing "Hello,World!" in C++ looks like this:


 * 1) include

int main (void){

using std::cout;

cout<<"Hello, World!"

return 0;

}

As weird as the C++ looks, assembly is even weirder. .386 .MODEL flat, stdcall getstdout = -11 WriteFile PROTO NEAR32 stdcall,    \ handle:dword,                  \ buffer:ptr byte,       \ bytes:dword,                   \ written: ptr dword,            \ overlapped: ptr byte GetStdHandle PROTO NEAR32, device:dword ExitProcess PROTO NEAR32, exitcode:dword .stack 8192 .data message db "Hello World!" msg_size equ $ - offset message .data? written dd ? .code main proc invoke GetStdHandle, getstdout invoke WriteFile,                  \ eax,                        \ offset message,             \ msg_size,                   \ offset written,             \ 0    invoke ExitProcess, 0 main endp end main Now, if we open up a process in Cheat Engine and pick a value in the memory, it'll bring up some assembly. That's



what's telling the values to change as well as telling them how to change. However, C++, being a core language, can manipulate data similar to how assembly can.

Most exploit writers compile C++ into a .dll file. .dll (Dynamic Link Library) files are files that tell a certain process how to work. By using software to inject a .dll into a process, a person can change how they interact with the process; in the case of a ROBLOX game, this can give a person access to things that they shouldn't, such as the ability to kill or ban people without it having been scripted in.

Writing ROBLOX exploits is essentially an arms race; ROBLOX releases new APIs once in a blue moon so that the popular exploits will stop working, while ignoring the more elaborate paid ones. Eventually, the explot makers find a new backdoor that allows them to gain access to the values again, and the cycle continues. 