Learn Script 1

1. I am Autumn, the founder of a group called Rain. I am a Lua scripter. I have been interested in scripting for years. When I came to V3rmillion, I didn't expect to convert my Lua knowledge into exploiting knowledge. It's easy to get scared off, because it's intimidating what people talk about. Memory? Assembly? C++? Reverse engineering? It's not like these are impossible to learn, it just seems like it isn't worth it. But there actually is info there that you can pick up very quickly if you try. As proof, look at Seraph, a script execution exploit I'm developing after just a few months. I knew nothing about exploiting before, and now I'm here.
2.  
3. This guide is my attempt at helping others follow the path I did. If you know absolutely nothing about ROBLOX exploiting, but you consider yourself advanced with Lua scripting, I have good news: You are 100% eligible to write your own exploits. So much info today on these sections is 1 of 2 things; it's either regurgitated script kiddie methods that don't teach you anything, or it's complicated info aimed at people who are skilled at C++ and reverse engineering. So where is the middle ground? Can a simple scripter become an exploiter without having some crazy background in obscure fields?
4.  
5. The truth is that there's a huge lack of exploiting guides aimed at scripters. This is true even though there are so many things that scripters can do which not even a game exploiting expert could think of. ROBLOX games are powered by the ROBLOX Lua API, and there will never be a lack of Lua-related things to hack. Having the background that you do makes you special. Your future exploits will do things that others will scratch their heads at. You just need to fill in the blanks. So let's do it!
6.  
7.  
8. [Image: KQUJY8x.gif]
9.  
10.  
11. ~ Part 1: Where to Start ~
12.  
13. This first thread will be aimed at arguably the most important step, and the step most people get wrong. As a Lua scripter who is clueless towards the world of exploiting, how do you start? You're probably spent a lot of time digging through this section trying to apply knowledge you've found. And most of the knowledge you found probably fell into 1 of the 2 dreaded categories I specified above.
14.  
15. There really is no clear path in this kind of thing. By nature, exploiting is chaotic. You are making things happen that were never supposed to happen. You are used to a streamlined and well-documented programming experience, where you have a tool that tells you every time you do something wrong. You are used to tons of pages that guide you in the only direction there is: the right direction. You know when you're going the wrong direction, because things aren't working the way you know they're supposed to.
16.  
17. Exploiting isn't like that. You are breaking the system. You're swimming against the tide. Nobody wanted you to do this, and as people started doing it more and more, it became harder and harder. There are countless systems in place deep inside the scary depths of ROBLOX's source code specifically designed to scare you out of doing what you want to do. There might as well be a flashing neon sign that says "DANGER: Abandon all hope ye who enter here!" That's what you're getting into, and that's why there's no clear direction. It's uncharted land!
18.  
19. So that brings us back to the same question. How DO you start? If it's just a bunch of fog (especially on a community like this) then how do you ever know when you're going the right direction? The answer is to just dive in. I spent a lot of time wondering how to verify information is true, and not enough time actually discovering it for myself. As you follow this guide, I want you to DO the things you read. Get your hands dirty. Get over you fear, because it's not as bad as you think. You're a scripter and you already know all the little quirks the ROBLOX API has.
20.  
21. And that brings me to my final words of motivation and clarity. ROBLOX can never give up their ROBLOX API. The Lua API is what allows the entire platform to run. It's the one thing we can be sure they will NEVER get rid of. And that's what gives us so much power. It isn't a game where everything is confusing and foreign, the API was literally designed for ease of use. By learning to interact with the ROBLOX API from the outside, we can allow ourselves to bypass all the trouble we would otherwise have with the game, because the Lua functions will do everything for us. That's what gives us scripters so much power over other exploiters; familiarity with the entire system we are targeting!
22.  
23.  
24. [Image: KQUJY8x.gif]
25.  
26.  
27. ~ The First Milestone ~
28.  
29. Now that we have some clarity about where we want to go, we need a milestone to reach. We want to target the ROBLOX Lua API. You probably have no idea how to do that, but at least you know that it's there, right? There is a very clear (and arguably very fun) process that you can go through to learn what it takes to do this. Before even touching the ROBLOX player, before even delving into the confusing things people talk about, you're going to learn an aspect of Lua that you've probably never even heard about: the Lua C API.
30.  
31. If you've spent some time on this section, you actually might have heard about Lua C API. But the things people talk about here are far from reality. Clear away any myths, clear away basically anything that you've read in a thread, because you want to approach this without being tainted by the misinformation and spoonfeeding that happens all the time around this forum. The Lua C API isn't a magical exploiting device, nor is it ROBLOX-specific, nor is it difficult to use. It's an official and well-documented part of the Lua programming language that allows you to interact with Lua's internals outside of any actual Lua scripting. It's what ROBLOX uses internally, behind the scenes, every time you script in ROBLOX.
32.  
33. Anything that you do in a Lua script is affecting something called a Lua state. A state in Lua is a single important object that works in the background and holds all the info about a script and what it's doing. The part of a state that's the most widely used is called the stack. The stack be visualized as an actual literal stack, like a stack of books. It's just a stack of Lua data (numbers, booleans, tables, whatever else) that is manipulated every time you do anything that requires manipulating data in the language.
34.  
35. If you set a variable to a number, you can bet that number went onto the stack before being assigned. If you call a function, that function and all its arguments went onto the stack, an internal Lua function was called to do what needs to be done, and then all the function's return values went on the stack before being given back to your script. It's how Lua keeps track of the latest piece of data whenever something has to happen.
36.  
37. These concepts might seem foreign, but they are how Lua internals work, and you are going to have to get familiar with them. The Lua C API comes in here, because it allows you to implement the entire Lua scripting language into a C++ program, then interact with these internals we just talked about (states, stacks, etc) using a bunch of well-documented C functions. All you need to know is the basics of C++ for this. You don't need to be a guru, but if you don't know how to use C++, you should go learn the minimal requirements. You can pick up the basics in a week or less. After that, get familiar with the Lua C API.
38.  
39. There are guides all over the Internet. We aren't doing anything with ROBLOX yet, but I promise that this is the hardest thing you need to learn. It WILL apply to exploiting, because ROBLOX implements the Lua C API too, and we're going to be messing with that later. So go try it out! Learn the absolute basic necessities C++ (if you haven't already), download and include the Lua 5.1 library in a C++ project (it's important you pick Lua 5.1, since that's what ROBLOX uses), then follow a guide on how to use the toolset you've been given. It will be complicated at first, but so was scripting. This is all Lua stuff and you're ready for it.
40.  
41. The way I learned was actually through a Lua tutorial on YouTube, where after the entire Lua scripting language was taught, the YouTuber decided to continue it by teaching the C API. I picked it up very quickly and you can do the same. Mess with the Lua C API in your own C++ project and make sure you are comfortable with it by the time you read step 2 of this guide. Trust me, all of this will pay off, and none of this will go to waste.
42.  
43.  
44. [Image: KQUJY8x.gif]
45.  
46.  
47. ~ In the Next Guide ~
48.  
49. In part 2 of a Lua scripter's guide to ROBLOX exploiting, I will go into reverse engineering, and teach you to study the Lua internals that are hidden away inside of ROBLOX. I'll explain the different methods of getting into ROBLOX, the techniques that the pros use to figure out ROBLOX's quirks, and how to feel confident jumping into the deep end. Hopefully, by the end of part 2, you will begin to see the big picture of how your first exploit will work.
50.  
51. Thank you for reading this guide, and I hope you enjoyed it! This was my first contribution to this new wonderful section. I plan to continue this guide until it's finished (probably 4 or 5 parts in total) and bundle everything together as a resource people can use when they want to get into exploiting. If this benefits you, please post your thoughts and questions, and point others in this direction if they are looking for answers.
52.  
53. EDIT: Part 2 is here!
54. https://v3rmillion.net/showthread.php?tid=188952
55.  
56. Enjoy Tongue