read me (seraph)

~ Seraph v1.13.5 ~

Thank you for using Seraph! This file will tell you everything you need to know about using the exploit.
If you have any questions, please don't hesitate to message me on V3rmillion, as I try to read all PMs.
I hope you find your purchase to be worth it. Seraph was my first major project, and I put my all into it.


~ Changelog ~

The following changes have been made since the previous version
- Updated Seraph to work with the latest ROBLOX version


~ Registering Seraph ~

If you just bought Seraph, you need to register it for use on your PC. This is done using registration.exe
You will have been given a unique registration key on purchase. You will need that in order to whitelist yourself.
Simply open registration.exe and paste the code into the prompt. If all goes well, Seraph will be unlocked on your PC.
Please note that a key can only be used once, and Seraph does NOT offer the ability for you to change the registered PC.
After registering, DM your key as "!verify [key]" to Seraphbot#8972 to be added to the buyer role in the Discord server.*
If you have any problems during this process, such as a key not working, turn to the #support channel to resolve it.

*Note: Discord-related information no longer applies after the Discord server deletion.  Updated systems are still yet to be applied.


~ Basic Usage ~

To use the exploit, open seraph.exe and join a ROBLOX game. Make sure your character is fully loaded before moving on.
Now switch to the Injector tab. Click the "Inject" button to inject the exploit code into the game. It will say "Connected" when this succeeds.
You can view the exploit's progress in the Console tab. First you will be authenticated, then the exploit will do its initial scan.
The exploit will welcome you when the scan is complete and ready to be used. At this point, there are two main ways to use the exploit.
If you enter Lua commands into the console, they will be sent to the game, similar to the style of the ROBLOX Studio command bar.
Globals will be shared between scripts, which makes command bar style scripting one of Seraph's strengths compared to other exploits.
The alternative way to execute scripts is via the Executor tab, which features a multi-line script editor and an Execute button.


~ Advanced Usage ~

Seraph has some advanced features as well as basic ones. First of all, there are a few upgrades and function implementations that most exploits have.
If you aren't familiar with exploiting, you might not know what a level 7 scripting exploit is capable of. I will do my best to explain it here.
An elevated environment means that Seraph can access API functions and read/write properties that it otherwise wouldn't be able to.
For example, the RobloxLocked property is usually restricted to ROBLOX's core gameplay mechanics, but Seraph's level 7 environment can modify it!
In addition to these extra capabilities, Seraph features a few custom function implementations and re-implementations. They are listed below:

execute(string src)			- uses Seraph's executor to run a Lua script based on a given source string
loadstring(string src)			- compiles Lua code and returns it as a function; re-implementation of the removed loadstring function
getrawmetatable(Instance inst)		- returns the protected metatable of an instance (warning: can cause the game to become extremely unstable)
getlibrary(string lib)			- returns the original untouched version of any loaded ROBLOX library (Instance, CFrame, etc.)
game:GetObjects(string assetUrl)	- loads an asset from the ROBLOX website and returns a table containing all of the fetched objects
game:HttpGet(string url)		- makes a GET request; re-implementation of game:HttpGet, but without the URL trust check
game:HttpPost(string url)		- makes a POST request; re-implementation of game:HttpPost, but without the URL trust check

In addition to these increasaed capabilities and function implementations, Seraph has a variety of extras in the Tools tab of the UI:

Auto-Inject			- Automatically injects Seraph 10 seconds after the ROBLOX player opens
Script Output Redirection	- Captures and sends all ROBLOX developer console output to the Seraph console (warning: may slow execution)
Chat Hook on Prefix		- Allows you to execute Lua by prefixing in-game chat with the given string
Launch RemoteSpy		- Launches and injects Chirality's standalone version of RemoteSpy


~ Using RemoteSpy ~

RemoteSpy is a remote debugging tool for reversing FilteringEnabled games. It logs all your client's calls to Remote/Bindable Events/Functions.
It started as a script I wrote for another exploit called Intriga, but Chiraity was able to create a more robust standalone edition for Seraph.
When you load up RemoteSpy, after authenticating you, it will immediately begin logging calls. Click "Disable" to toggle this if you want.
When a call happens, all relevant info (including the path to the remote, its arguments, and its return values) are logged in the UI.
Along the right is a filter where you can stop logging certain remotes by name. There are also checkboxes to toggle logging by type.
There is also an option to export the logs to a file to study later. This is useful for games that have a lot of remotes firing at once!
Most of RemoteSpy's functionality is self-explanatory, and if you are an experienced scripter, you should find it extremely intuitive.


~ Bugs and Quirks ~

Seraph is a Lua wrapper. Using the freely-available implementation of the Lua 5.1 language, it simulates ROBLOX's Lua environment.
This technique means that, while Seraph may work fine for most people, it has some logic flaws that must be watched out for.
If you are a scripter, these are important to keep in mind. I will do my best to cover everything major that is known so far.

- The coroutine library in Seraph is a wrapper over the spawn function and will have slightly different behavior; do not rely on it for timing
- If the ROBLOX engine calls a function created by Seraph, any yield will cause that call to immediately return nothing to the caller and branch off into a new thread
- Unlike ROBLOX, Seraph's wrapper cannot yield inside of a pcall; the ypcall global is included for compatibility, but simply points to pcall


~ Additional Bugs ~

Below is a list of bugs that, unlike the logical quirks above, have planned upcoming fixes.
If you find any yourself, please let me know so that I can add them here and work them out!

- If seraph was injected before a place teleport, attempting to use it after the teleport will crash the game
- Sometimes, due to the ROBLOX process lingering, the Injector tab will say "Connected" even when it isn't
- Invoking a RemoteEvent or BindableEvent from Seraph will not show up as a call in RemoteSpy (unlike firing RemoteEvents/BindableEvents)


~ Credits ~

I have to thank Chirality first and foremost, for single-handedly being the most helpful person to this exploit.
There is a meme going around that he wrote Seraph. While it isn't entirely true, the exploit couldn't have existed without him.
He contributed to my knowledge of low-level concepts, Lua's internal workings, and ROBLOX catches that otherwise would have made me give up.
RemoteSpy's standalone version was also written by him, which is an amazing tribute to the original thing that sparked my popularity.
If you bought Seraph, you have supported Chirality, as he is getting percentage of the exploit's sales for his wisdom and additions!

Below are the other members who have helped in different pieces of Seraph's development:

Octillion	- For providing helpful scanning functions and sharing important memory-related knowledge
Austin		- For being a goofball and offering occasional expertise alongside Chirality
3dsboy08	- For contributing extremely important security additions during the final step of Seraph's development
nosyliam	- For using his magic Lua powers to create a much improved version of Seraph's coroutine implementation
Babyhamsta	- For adding various features and updates to the Seraph UI

A big thank you goes to everyone else who has contributed bits and pieces. <3

Enjoy the exploit!
~ Autumn