Roblox - Identifying exploitable code & how to exploit it and in what ways it can be used to exploit.

I don't know lua, If I did I would help. Wait for someone to reply who knows lua.

at first i thought this would be really useful reverse engineering tutorial to learn how to exploit roblox's code :(

@55258

Unfortunately if i had the knowledge i would teach it, though i'll try and go through some wikis and get back to you if i find how to reverse engineer it on the 3% chance i do.

This is actually decompiled code. Here is a beautified version of the code. It's easier to look at the code when it's beautified, isn't it? 

local l__Backpack__1 = game.Players.LocalPlayer.Backpack
local function v2(p1)
    for v3, v4 in pairs(p1:GetDescendants()) do
        if v4:GetAttribute("a") then
            if v4.Disabled then
                game.ReplicatedStorage.Chalk:FireServer()
            end
            local v5 =
                v4:GetPropertyChangedSignal("Disabled"):Connect(
                function()
                    if v4.Disabled then
                        game.ReplicatedStorage.Chalk:FireServer()
                    end
                end
            )
            v4:GetPropertyChangedSignal("Parent"):Connect(
                function()
                    if not v4.Parent then
                        game.ReplicatedStorage.Chalk:FireServer()
                    end
                end
            )
        end
    end
end
for v6, v7 in pairs(l__Backpack__1:GetDescendants()) do
    if v7:IsA("Tool") then
        v2(v7)
    end
end
l__Backpack__1.ChildAdded:Connect(v2)

My scripting isn't the best and I'm on mobile, but I'm going to make some assumptions.

This script is a local script, and when a tool is used (like clicked on), it fires a remote on the server.

game.ReplicatedStorage.Chalk:FireServer()

This script seems to be exploitable, as this remote does not seem to have any protection (I'm assuming). 

How would one identify how to exploit this code? 

I've identified this by looking as to what what is ran when the tool is somehow used, which is seen in :Connect()

Now, I might be wrong, but this is what I would assume. 

How to exploit it?

My above explanation should be aquedate enough to explain. But like others said, it's probably better to do a bit of learning...

Again, I'm no expert, and others on this forum can do a way better job than me. But I do hope this helps. 

@55258 same, i got baited 

@_realnickk agreed, but maybe a bit of help would be useful 

@MainDab Why code no worky

Mouse.Button1Down:Connect(function()

	if Player.Character then
		
		game.Players.LocalPlayer.Backpack.Chalk.Draw:FireServer(Mouse.Hit.Position)

	end
end)

@nexxos how would I know if I don't know the game

@MainDab

based https://www.roblox.com/games/7280118908/School-Simulator

@CJ99 If you don't know the answer why bothering to answer?

first i recommend you use a lua beautifier or sum and then learn lua, probably backwards or so.

@nexxos Did you call the player? If you did then idk bc I don't play the game/don't wanna exploit on it.

local Player = game.Players.LocalPlayer
Mouse.Button1Down:Connect(function()

	if Player.Character then
		
		game.Players.LocalPlayer.Backpack.Chalk.Draw:FireServer(Mouse.Hit.Position)

	end
end)