Categories > Exploiting > Roblox >
How to Printsploit
Posted
Good Morning, skids.
Today we learn how to call and find a simple function in Roblox.
Requirements -> IDA Pro and anything that is able to reconstruct the imports (such as Scylla or PE Tools).
Step 1 - Dump Roblox
Dump Roblox.
Step 1.1 -> Select Roblox's Main Process (the process that uses more resources, the other one is yara).
https://cdn.discordapp.com/attachments/972845808678490146/996309033793372161/unknown.png
Step 2
Open IDA Pro 7.7 -> Disassemble a new File -> Select your dump of RobloxPlayerBeta.exe.
Edit -> Segements -> Rebase Program : Set it to 0x1000.
https://cdn.discordapp.com/attachments/972845808678490146/996309176802344970/unknown.png
Let IDA analyze, depending on your CPU this can take up to 3 hours
Step 3 - Find the Print Function
IDA fully analyzed? Good now for the fun part.
Hit Shift + F12 on your Keyboard and filter for the string "Invalid BrowserService Command %s"
https://cdn.discordapp.com/attachments/972845808678490146/996309402703376444/unknown.png
Double click the result
Highlight "aInvalidBrowser" with your cursor and hit X.
Click the first Xref and it you will see something like in the picture below
https://cdn.discordapp.com/attachments/972845808678490146/996309506881507378/unknown.png
Now decompile the call (sub_3FBE50) by double clicking it and then pressing F5.
https://cdn.discordapp.com/attachments/972845808678490146/996309579086450719/unknown.png
Congrats you can call yourself an Reverse Engineer now (don't actually please)
Step 4 - Writing the Printsploit
Open VS2022, create a new Dynamic Link Library.
Config the Project however you want but make sure you select Release and X86.
Since I cbf with explaining every single line in this poorly written text editor I'll just explain it with comments
#include <windows.h>
#include <iostream>
#include <thread>
enum rbx_ptypes : uint8_t // enum with all types
{
print,
info,
warn,
error
};
bool __stdcall DllMain(HINSTANCE lib, uint8_t reason, void*) //is called when dll gets injected
{
DisableThreadLibraryCalls(lib); //msdn: Disables the DLL_THREAD_ATTACH and DLL_THREAD_DETACH notifications for the specified dynamic-link library (DLL). This can reduce the size of the working set for some applications.
if (reason == DLL_PROCESS_ATTACH) // self-explanatory
{
static auto mod = reinterpret_cast<uintptr_t>(GetModuleHandle(nullptr)); //gets base of roblox
using rbx_print_t = void(__cdecl*)(uint8_t, const char*, ...); //type alias
const auto rbx_print = reinterpret_cast<rbx_print_t>(mod + 0x3EB4E0); //mod + print address
//supports formatting if u didnt know
rbx_print(rbx_ptypes::print, "%s %p", "some string", &FreeConsole);
rbx_print(rbx_ptypes::info, "%s %p", "some string", &FreeConsole);
rbx_print(rbx_ptypes::warn, "%s %p", "some string", &FreeConsole);
rbx_print(rbx_ptypes::error, "%s %p", "some string", &FreeConsole);
}
return true;
}
Goodbye skids
Replied
bad code.
:troll:
Cancel
Post
https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png
Replied
@luxiferrwoo You are just a cheap peasent who has no idea what he's talking about. I would love to see some of "your code".
Cancel
Post
Replied
GRINCHER ON TOP GRINCHER ON TOP GRINCHER ON TOP GRINCHER ON TOP GRINCHER ON TOP
GRINCHER ON TOP GRINCHER ON TOP GRINCHER ON TOP GRINCHER ON TOP GRINCHER ON TOP
GRINCHER ON TOP GRINCHER ON TOP GRINCHER ON TOP GRINCHER ON TOP GRINCHER ON TOP
Cancel
Post
veh_handler and seh_handler disliker
<p>enis</p>
Replied
LOL what it was literally a joke i do that to everyone, if you wanna see my code check out my previous posts. "knows nothing about what they're talking about" HA you're funny.
Cancel
Post
https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png
https://cdn.discordapp.com/attachments/1088161134621773975/1088481077401751552/Untitled.png
https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png
Replied
bro isn't this the same as the code you made lmao :skull: :skull: :skull:
https://github.com/expressiongz/cpp-roblox-print/blob/main/main.cpp
Cancel
Post
I'm gon have seazure OMG MICROSOFT AZURE âš âš âš âš âš âš âš âš âš ðŸ¸ðŸ¸ðŸ¸ðŸ¸ðŸ¸ðŸ¸ðŸ¸ðŸ¶ðŸ¶ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©
https://cdn.discordapp.com/attachments/976614881493127250/986564908864909382/image_3.png
Replied
you gotta be stupid LOL you realize there's the same format for calling a function right? it's really common to use enums, if you look at the date of the repo it literally exists before this post. the readme is from almost a month ago and back then it had bad code left over from months ago so I updated it lmao.
Cancel
Post
Added
you gotta be stupid LOL you realize there's the same format for calling a function right? it's really common to use enums, if you look at the date of the repo it literally exists before this post
Cancel
Post
https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png
I'm gon have seazure OMG MICROSOFT AZURE âš âš âš âš âš âš âš âš âš ðŸ¸ðŸ¸ðŸ¸ðŸ¸ðŸ¸ðŸ¸ðŸ¸ðŸ¶ðŸ¶ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©
https://cdn.discordapp.com/attachments/976614881493127250/986564908864909382/image_3.png
https://cdn.discordapp.com/attachments/1023423265160560745/1132948683747500092/Frame_12x.png
Replied
you do realize it's very common to use enums to print specific colors to the console right? there's thousands of people that do this simply because its more descriptive, these days you will not be able to catch a skidded "printsploit" simply because it's the same concept that everyone *has* to follow.
Cancel
Post
https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png
Replied
wait I didn't mean they copied and pasted I meant it's basically the same and u said that this code was bad
Cancel
Post
I'm gon have seazure OMG MICROSOFT AZURE âš âš âš âš âš âš âš âš âš ðŸ¸ðŸ¸ðŸ¸ðŸ¸ðŸ¸ðŸ¸ðŸ¸ðŸ¶ðŸ¶ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©ðŸ˜©
https://cdn.discordapp.com/attachments/976614881493127250/986564908864909382/image_3.png
Users viewing this thread:
( Members: 0, Guests: 2, Total: 2 )
Cancel
Post