Kiko

(Fake it 'till you make it)

Reputation: 3 [rate]

Joined: Mar, 2022

Profile Picture

Bio

Someone stop what I'm doing.. please


Activity Feed


Replied to thread: Please tell me some good adress dumper


Most functions are inlined so there is no use of an offset dumper. You can make one yourself using aob-scanning in IDA python.

Most old dumpers are not up-to-date and patched. Cheers!

Replied to thread: Misako's Decompiler and Disassembler.


Don't trust Rexi, I saw him skid this decompiler from Axon source code.

People these days smh..

Created a new thread: [Release] LuaUnF*ck - reverse LuaF*ck "protection"


I was VERY bored and decided to do this, even though I know LuaF*ck Isn't an obfuscator.

LuaF*ck: https://wearedevs.net/forum/t/26409

 

LuaUnF*ck:

local script = [=[
local _=string.char;getfenv()[_((#'...')*(#'...'..#'......')).._((#'...')*(#'...'..#'.......')).._(#'.........'..#'.......').._((#'.....'..#{})*(#'..')).._((#'.....')*(#'..'..#'...')).._((#'.....'..#'........')*(#'..')).._((#'.....'..#'.......')*(#'..')).._((#'.......')*(#'.'..#'.....')).._((#'.'..#'.')*(#'.'..#{})).._(#'.'..#{}..#'...')](_((#'...')*(#'...'..#'....')).._((#'.........')*(#'.'..#'...')).._((#'.....')*(#'..'..#'..')).._((#'...')*(#'...'..#'...')).._((#'.....'..#'........')*(#'..')).._((#'.....')*(#'..'..#'.')).._((#'...'..#'.......')*(#'...')).._((#'..'..#'..')*(#'.....')).._((#'....')*(#'........')).._(#'.........'..#'.......').._((#'.....')*(#'........')).._(#'....'..#'.').._((#'...')*(#'...'..#'........')).._(#'.'..#{}..#'.').._((#'....')*(#'..'..#'.........')).._((#'...'..#'.........')*(#'...')).._((#'..')*(#'.....'..#'.......')).._((#'.'..#{})*(#'.'..#'.')).._((#'.'..#'.......')*(#'..')).._(#'.........'..#'.......').._((#'.'..#'.......')*(#'..')).._(#'.'..#{}..#'.').._((#'.'..#'.')*(#'.'..#{})).._((#'..'..#'.....')*(#'....')).._(#'.....'..#'.........').._((#'...')*(#'...'..#'....')).._((#'.'..#'...')*(#'.........')).._((#'.....'..#'.....')*(#'..')).._((#'...')*(#'...'..#'...')).._((#'....')*(#'..'..#'.........')).._((#'..'..#'.')*(#'.....')).._((#'...'..#'.......')*(#'...')).._((#'.'..#{})*(#'.'..#'.')).._((#'........')*(#'....')).._((#'.......')*(#'.'..#'....')).._((#'..')*(#'..'..#{})).._(#'....'..#'.').._((#'.....'..#'.......')*(#'..')).._(#'.'..#{}..#'.').._((#'....')*(#'..'..#'.........')).._((#'.........')*(#'.'..#'...')).._((#'..')*(#'.....'..#'.......')).._((#'..')*(#'.....'..#'.....')).._((#'.'..#'......')*(#'..')).._(#'.........'..#'.......').._((#'........')*(#'.....')).._(#'....'..#'.').._((#'..')*(#'..'..#'...')).._((#'..'..#'...')*(#'..')).._((#'..')*(#'.'..#'.......')).._((#'.......')*(#'.'..#'....')).._((#'.'..#'.......')*(#'..')).._(#'.'..#{}..#'.').._((#'.'..#{})*(#'.'..#'.')).._((#'....')*(#'..'..#'.....')).._(#'.....'..#'.........').._((#'..')*(#'.....'..#'.')).._((#'...'..#'.........')*(#'...')).._((#'..')*(#'.....'..#'.....')).._((#'...'..#'...')*(#'...')).._((#'..'..#'.........')*(#'....')).._((#'.....')*(#'..'..#'.')).._((#'...')*(#'...'..#'.......')).._((#'.....'..#'.....')*(#'..')).._((#'.'..#'......')*(#'..')).._((#'.........')*(#'.'..#'.')).._((#'.'..#{})*(#'....')).._(#'....'..#'.').._((#'......')*(#'.'..#'.........')).._(#'.'..#{}..#'.').._((#'.....'..#'........')*(#'..')).._((#'...')*(#'...'..#'.........')).._((#'.....'..#'.......')*(#'..')).._((#'.'..#{})*(#'.'..#'.')).._((#'.'..#'......')*(#'..')).._((#'....'..#'.........')*(#'..')).._((#'.'..#{})*(#'....')).._(#'....'..#'.').._((#'..'..#'...')*(#'..')).._((#'..')*(#'..'..#'...')).._((#'.'..#'.......')*(#'..')).._((#'.........')*(#'.'..#'.')).._((#'..')*(#'.'..#'.......')).._(#'.'..#{}..#'.').._((#'..')*(#'.....'..#'.....')).._((#'..')*(#'.....'..#{})).._(#'.....'..#'.........').._((#'.......')*(#'.'..#'......')).._((#'......')*(#'.'..#'.........')).._((#'.'..#'.....')*(#'.......')).._((#'.'..#{})*(#'.'..#'.')).._((#'.....'..#'........')*(#'..')).._((#'....')*(#'.'..#{})).._((#'.'..#'.')*(#'.........')).._((#'.'..#{})*(#'....')).._(#'....'..#'.').._(#'....'..#'.'))()
]=]

local split_string = string.split or function(inputstr, sep)
        if sep == nil then
                sep = "%s"
        end
        local t={}
        for str in string.gmatch(inputstr, "([^"..sep.."]+)") do
                table.insert(t, str)
        end
        return t
end
for num, line in next, split_string(script, "\n") do
    print(line:gsub("getfenv%(%)%[.+%]%((.+)%)%(%)", function (capture)
    	local loads = "local _ = string.char; return " .. capture
        local result = loadstring(loads)()
        return result
    end))
end

Output:

local _=string.char;function a()return"a"end;function b()return a().."b"end;function c()return b().."c"end;print(c())

 

Note: This only supports LuaF*ck with the loadstring option ticked.

Replied to thread: How does bytecode Transpiler work?


bytecode transpiler will convert one bytecode format to another format.

I.e Luau transpilers will first compile your script into Lua5.1 bytecode (Usually, could be anything else too) and later on covert it to Luau bytecode.

A downside to using transpilers now that Luau compiler is open-sourced is that whenever roblox updates the bytecode format you will have to find what is updated and rewrite some parts of the transpiler. It's not worth it since most syntax related changes in Luau are hard to replicate. You can still replicate them but they would require changes in your Lua5.1 source code and your transpiler too.

 

I would not recommend you to transpile, use Luau compiler instead.

Replied to thread: How would we make inline functions?


I left the Windows exploiting scene for the android and iOS exploiting scene before the inlining, but I'm pretty sure I can still help you.

For most functions you could use Lua knowledge to recreate them. The only thing that you would need to gather really is functions used inside the inlined functions and offsets/structs.

If you wanted to recreate lua_gettop (rather easy example) you would need the offsets for top and base.

int r_lua_gettop(uintptr_t ls)
{
	return cast_int(*(uintptr_t*)(ls + offsets::top) - (*(uintptr_t*)(ls + offsets::base));
}

This is just an example, hope I helped.

Replied to thread: Will the funcs on Roblox/Luau work with every source?


Uhm... I don't see why it would not work if you have the correct offsets.

Why wouldn't it work?

 

You're not making this a cclosure, it's just a normal C++ function. Ofc it should work?

Created a new thread: Loadstringer [v3] One line edition


Since the original creator came swinging at me for calling his website with one purpose useless I decided to help him and wrap his entire website up in one line of Lua code.

print((function(a)return string.format("loadstring(game:HttpGet(\"%s\"))()",a)end)("https://pastebin.com/raw/xxxx"))

Next time you do a website, make sure there is a purpose to it and take critique and learn from it!

Replied to thread: Loadstringer [v2] Website/No Logins/Free/Convenient


@MattScripts

200+ visits is just people testing it because they saw your thread, I was one of those 200 and just like 99% of them I realized that the website serves 0 purpose and is made by someone who thinks he runs the world. Oh, let me just do what your website does in one line:

print((function(a)return string.format("loadstring(game:HttpGet(\"%s\"))()",a)end)("https://pastebin.com/raw/xxxx"))

Don't come at me with attitude you moron when you made an entire website for a "loadstring generator" I did above in 1 line.

Replied to thread: C++ SOFTWARE CHEAT CASH PRIZE : 50$


I'll give this a try!

Replied to thread: Loadstringer [v2] Website/No Logins/Free/Convenient


The website design is something I really like, but like... this tool has no purpose..

Literally you're just wrapping an url inside HttpGet.

That's like making a website called "Stringifier" where you input a string and it wraps your string with "".

I get the idea, but it has no purpose what-so-ever.

 

Maybe add some security feature like obfuscation?

Created a new thread: KittenMilk ANDROID Luau Executor (FREE)


https://i.imgur.com/GnAhHC7.png

 

https://kitten-milk.com

https://discord.com/invite/kittenmilk

https://www.virustotal.com/gui/file/2623f6ea1d7e3bacf8483c8ff3939a251ece290f7d66b203d344b2598596efb2

 

Note: This exploit was released just now a few hours ago, it doesn't have all the functions it should!

Replied to thread: [WARNING] Android Roblox (New Detection Uncovered, etc)


@N4ri

Yeah? There are no other options except for KittenMilk which isn't released right now.

Replied to thread: How can i make a CloudScript like Comet?


All you really need is some PHP or NodeJS knowledge.

Allow people to upload scripts (store them either on your host OR use some free api on pastebin).

Store data kinda like this:

[
  {
    "ISHBSW": {
      "id": "ISHBSW",
      "url": "/script/ISHBSW",
      "author": "urDad",
      "desc": "Simple script to shutdown game."
    },
    "JBWSYB": {
      "id": "JBWSYB",
      "url": "/script/JBWSYB",
      "author": "urMom",
      "desc": "Bypassed TIT check"
    }
  }
]

I would recommend you to encrypt the scripts that you save. Because someone could just HTTP spy your exploit and find all the scripts. 

 

Instead of encrypting you could do it the secure way of compiling the script into Luau bytecode and shift/modify instructions to make the script un-decompileable. Then encrypt this with a key. 

 

If you're going to do the bytecode thing, make sure to obfuscate strings, switch instructions and shift a lot of things to make the reverse engineer question his existance. Don't be like Synapse and make it so bad that some kids got together and cracked it.

 

Anyways, yeah.

Created a new thread: [WARNING] Android Roblox (New Detection Uncovered, etc)


Hello.

I'm here to inform you about a new "anti-cheat" system discovered in Roblox Android.

This detection was discovered by me and Amoy while working on our new android luau executor (KittenMilk, which is free!).

Feel free to join our server by clicking the link above, or enter this url: https://discord.gg/kittenmilk

 

Anyways, it is unknown when this detection was implemented but we do know that it does effect all android exploiters.

The check is placed in a hook in both C++ and Java and collects data about you. This data is later on uploaded to their server when detected.

The data collected is the following:

✥ Process information (Unsure what information atm)

✥ Roblox path and file names (Could detect folders for scripts in exploits like Arceus)

✥ Amount of memory used (Unsure atm)

✥ The game you're currently playing
✥ The past couple of games you've played

✥ Your user-id and information about your player

✥ The game ip

✥ Information about your internet connection (Unknown what information at the moment)

✥ Roblox Identity Level (Unsure atm)

✥ Device Information
     - Hardware-Id

     - Device name

This is only the information we are aware of, there could be more. We didn't HTTP debug anything.

 

The exploit I'm developing (KittenMilk) is safe from this detection since yesterday (Mar 29th). Exploits that aren't safe are the following: Arceus X, BH Menu and any other mod menu.

 

KittenMilk is the only cheat safe from this check as of now, we're waiting for the other exploits to publish proof that they have bypassed it too. They would have to show me that they know where all the checks are located. Until then, they are not safe. 

 

We will not provide any information about what triggers this detection, but we do hope that the other exploits figure it out soon enough.

 

Bye.

Replied to thread: deobfuscation challenge


@Jahman808

My discord is Kiko#5332. The obfuscator you sent is easy to deobfuscate. But something like Luraph or Boronide, I can't.