API tools faq
paste
Advertisement
franchesco00042

Untitled

franchesco00042
Mar 5th, 2024
2,306
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.07 KB | None | 0 0
raw download clone embed print report
  1. // ==UserScript==
  2. // @name [Working] Roblox Exploits Key System bypasser (ALL Exucutors and Scripts!)
  3. // @homepageURL https://discord.gg/92p6X2drxn
  4. // @description bypasses Roblox Exploits Key Systems (Codex, Fluxus, Arceus, Delta, Valyse, Keyrblx, Pandadevelopment, Tsuohub)
  5. // @author antiworking
  6. // @match https://mobile.codex.lol/*
  7. // @match https://keysystem.fluxteam.net/android/checkpoint/start.php?HWID=*
  8. // @match https://spdmteam.com/key-system-1?hwid=*
  9. // @match https://gateway.platoboost.com/a/8?id=*
  10. // @match https://valyse.best/verification?device_id=*
  11. // @match https://keyrblx.com/getkey/*
  12. // @match https://auth.pandadevelopment.net/getkey?*
  13. // @match https://tsuo-script.xyz/*
  14. // @run-at document-end
  15. // @version 1.23
  16. // @grant GM_getResourceText
  17. // @grant GM_addStyle
  18. // @grant GM_xmlhttpRequest
  19. // @require https://update.greasyfork.org/scripts/484331/1308737/customnotifications.js
  20. // @resource notifCss https://cdn.jsdelivr.net/gh/f3oall/awesome-notifications/dist/style.css
  21. // @license MIT
  22. // @supportURL https://discord.gg/92p6X2drxn
  23. // @namespace https://greasyfork.org/users/1237543
  24. // @downloadURL https://update.greasyfork.org/scripts/484332/%5BWorking%5D%20Roblox%20Exploits%20Key%20System%20bypasser%20%28ALL%20Exucutors%20and%20Scripts%21%29.user.js
  25. // @updateURL https://update.greasyfork.org/scripts/484332/%5BWorking%5D%20Roblox%20Exploits%20Key%20System%20bypasser%20%28ALL%20Exucutors%20and%20Scripts%21%29.meta.js
  26. // ==/UserScript==
  27.  
  28. const notifier = new AWN({ icons: { enabled: false } });
  29.  
  30. const util = {
  31. handleError: function (error, keySystem) {
  32. console.error(error);
  33. navigator.clipboard.writeText(`[${keySystem}] ${error.message}`);
  34. notifier.alert(error.message + '<br><br>bypass failed.<br>please <a href="https://discord.gg/92p6X2drxn">click here to join the discord server</a> to report this issue.', { durations: { alert: 0 } });
  35. window.open('https://discord.gg/92p6X2drxn', '_blank');
  36. },
  37. sleep: function (ms) {
  38. return new Promise(resolve => setTimeout(resolve, ms));
  39. },
  40. linkvertiseSpoof: function (link) {
  41. return new Promise((resolve, reject) => {
  42. GM.xmlHttpRequest({
  43. method: "GET",
  44. url: link,
  45. headers: {
  46. Referer: 'https://linkvertise.com/',
  47. },
  48. onload: function (response) {
  49. resolve(response.responseText);
  50. },
  51. onerror: function (error) {
  52. reject(error);
  53. }
  54. });
  55. });
  56. },
  57. getTurnstileResponse: async function () {
  58. while (typeof turnstile == 'undefined') {
  59. await util.sleep(1000);
  60. }
  61. while (!turnstile?.getResponse()) {
  62. notifier.warning('please solve the captcha', { durations: { warning: 3000 } });
  63. await util.sleep(3500);
  64. }
  65. return turnstile.getResponse();
  66. },
  67. getGrecaptchaResponse: async function () {
  68. while (typeof grecaptcha == 'undefined') {
  69. await util.sleep(1000);
  70. }
  71. while (!grecaptcha?.getResponse()) {
  72. notifier.warning('please solve the captcha', { durations: { warning: 3000 } });
  73. await util.sleep(3500);
  74. }
  75. return grecaptcha.getResponse();
  76. },
  77. getHcaptchaResponse: async function () {
  78. while (typeof hcaptcha == 'undefined') {
  79. await util.sleep(1000);
  80. }
  81. while (!hcaptcha?.getResponse()) {
  82. notifier.warning('please solve the captcha', { durations: { warning: 3000 } });
  83. await util.sleep(3500);
  84. }
  85. return hcaptcha.getResponse();
  86. }
  87. };
  88.  
  89.  
  90. async function codex() {
  91. let session = localStorage.getItem("android-session");
  92. if (!session) {
  93. return;
  94. }
  95. if (document?.getElementsByTagName('a')?.length && document.getElementsByTagName('a')[0].innerHTML.includes('Get started')) {
  96. document.getElementsByTagName('a')[0].click();
  97. }
  98. async function getStages() {
  99. let response = await fetch('https://api.codex.lol/v1/stage/stages', {
  100. method: 'GET',
  101. headers: {
  102. 'Android-Session': session
  103. }
  104. });
  105. let data = await response.json();
  106.  
  107. if (data.success) {
  108. if (data.authenticated) {
  109. return [];
  110. }
  111. return data.stages;
  112. }
  113. else {
  114. throw new Error("failed to get stages");
  115. }
  116. }
  117.  
  118. async function initiateStage(stageId) {
  119. let response = await fetch('https://api.codex.lol/v1/stage/initiate', {
  120. method: 'POST',
  121. headers: {
  122. 'Android-Session': session,
  123. 'Content-Type': 'application/json'
  124. },
  125. body: JSON.stringify({ stageId })
  126. });
  127. let data = await response.json();
  128.  
  129. if (data.success) {
  130. return data.token;
  131. }
  132. else {
  133. throw new Error("failed to initiate stage");
  134. }
  135. }
  136.  
  137. async function validateStage(token, referrer) {
  138. let response = await fetch('https://api.codex.lol/v1/stage/validate', {
  139. method: 'POST',
  140. headers: {
  141. 'Android-Session': session,
  142. 'Content-Type': 'application/json',
  143. 'Task-Referrer': referrer
  144. },
  145. body: JSON.stringify({ token })
  146. });
  147. let data = await response.json();
  148.  
  149. if (data.success) {
  150. return data.token;
  151. }
  152. else {
  153. throw new Error("failed to validate stage");
  154. }
  155.  
  156. }
  157.  
  158. async function authenticate(validatedTokens) {
  159. let response = await fetch('https://api.codex.lol/v1/stage/authenticate', {
  160. method: 'POST',
  161. headers: {
  162. 'Android-Session': session,
  163. 'Content-Type': 'application/json'
  164. },
  165. body: JSON.stringify({ tokens: validatedTokens })
  166. });
  167. let data = await response.json();
  168.  
  169. if (data.success) {
  170. return true;
  171. }
  172. else {
  173. throw new Error("failed to authenticate");
  174. }
  175. }
  176.  
  177. function decodeTokenData(token) {
  178. let decoded = atob(token.split(".")[1]);
  179. return JSON.parse(decoded);
  180. }
  181.  
  182. let stages = await getStages();
  183. console.log(stages);
  184. let stagesCompleted = 0;
  185. while (localStorage.getItem(stages[stagesCompleted]) && stagesCompleted < stages.length) {
  186. stagesCompleted++;
  187. }
  188. if (stagesCompleted == stages.length) {
  189. return;
  190. }
  191.  
  192. let validatedTokens = [];
  193. try {
  194. while (stagesCompleted < stages.length) {
  195. let stageId = stages[stagesCompleted].uuid;
  196. let initToken = await initiateStage(stageId);
  197.  
  198. await util.sleep(16000);
  199.  
  200. let tokenData = decodeTokenData(initToken);
  201. let referrer = tokenData.link.includes('workink') ? 'https://work.ink/' : 'https://linkvertise.com/';
  202. let validatedToken = await validateStage(initToken, referrer);
  203. validatedTokens.push({ uuid: stageId, token: validatedToken });
  204. notifier.info(`${stagesCompleted + 1}/${stages.length} stages completed`);
  205. await util.sleep(3000);
  206.  
  207. stagesCompleted++;
  208. }
  209. if (authenticate(validatedTokens)) {
  210. notifier.success('bypassed successfully', { durations: { success: 0 } });
  211. await util.sleep(5000);
  212. window.location.reload();
  213. }
  214. }
  215. catch (e) {
  216. util.handleError(e, 'codex');
  217. }
  218. }
  219.  
  220. async function fluxus() {
  221. try {
  222. window.stop();
  223. let response = await util.linkvertiseSpoof('https://fluxteam.net/android/checkpoint/check1.php');
  224. if (response?.includes('bypass')) {
  225. throw new Error('bypass detected');
  226. }
  227. notifier.info('1/2 stages completed');
  228. await util.sleep(3000);
  229.  
  230. response = await util.linkvertiseSpoof('https://fluxteam.net/android/checkpoint/main.php');
  231. if (response?.includes('bypass')) {
  232. throw new Error('bypass detected');
  233. }
  234. notifier.info('2/2 stages completed');
  235. await util.sleep(3000);
  236.  
  237. let documentParser = new DOMParser();
  238. let newBodyData = documentParser.parseFromString(response, 'text/html');
  239. document.body.innerHTML = newBodyData.body.innerHTML;
  240. document.querySelector('a button:nth-child(2)').onclick = function () {
  241. navigator.clipboard.writeText(document.querySelector('code').innerHTML.trim());
  242. }
  243. notifier.success('bypassed successfully', { durations: { success: 0 } });
  244. }
  245. catch (e) {
  246. util.handleError(e, 'fluxus');
  247. }
  248. }
  249.  
  250. async function arceus() {
  251. if (document.title == 'Just a moment...') { return; }
  252. try {
  253. let url = new URL(window.location.href);
  254. let hwid = url.searchParams.get('hwid');
  255. await fetch(`https://spdmteam.com/api/keysystem?hwid=${hwid}&zone=Europe/Rome&advertiser=linkvertise`, { mode: "no-cors" })
  256. for (let checkpointsDone = 1; checkpointsDone <= 3; checkpointsDone++) {
  257. await util.linkvertiseSpoof(`https://spdmteam.com/api/keysystem?step=${checkpointsDone}&advertiser=linkvertise`);
  258. notifier.info(`${checkpointsDone}/3 stages completed`);
  259. await util.sleep(2000);
  260. }
  261. notifier.success('bypassed successfully', { durations: { success: 0 } });
  262. await util.sleep(5000);
  263. window.location.assign('https://spdmteam.com/key-system-getkey');
  264. }
  265. catch (e) {
  266. util.handleError(e, 'arceus');
  267. }
  268. }
  269.  
  270. async function delta() {
  271. if (document.title == 'Just a moment...') { return; }
  272. let id = new URL(window.location.href).searchParams.get('id');
  273. let linkInfo = await (await fetch('https://api-gateway.platoboost.com/v1/authenticators/8/' + id)).json();
  274. if (linkInfo.key) {
  275. notifier.success('bypassed successfully', { durations: { success: 0 } });
  276. return;
  277. }
  278. let token = new URL(window.location.href).searchParams.get('tk');
  279. if (!token) {
  280. let captchaRequired = linkInfo.captcha;
  281. let data = await fetch('https://api-gateway.platoboost.com/v1/sessions/auth/8/' + id, {
  282. method: 'POST',
  283. headers: {
  284. 'Content-Type': 'application/json'
  285. },
  286. body: JSON.stringify({
  287. "captcha": captchaRequired ? await util.getTurnstileResponse() : "",
  288. "type": captchaRequired ? "Turnstile" : ""
  289. })
  290. })
  291. data = await data.json();
  292.  
  293. notifier.info('1/1 stages completed');
  294.  
  295.  
  296. let followedUrl = data.redirect;
  297. let decryptedUrl = followedUrl;//await (await fetch(`https://bypass.rblx.workers.dev/delta-decrypt?url=${encodeURIComponent(followedUrl)}`)).text();
  298.  
  299. let encodedDest = new URL(decryptedUrl).searchParams.get('r');
  300. let followedDest = atob(encodedDest);
  301. window.location.assign(followedDest);
  302. }
  303. else {
  304. await util.sleep(5000);
  305. await (await fetch(`https://api-gateway.platoboost.com/v1/sessions/auth/8/${id}/${token}`, {
  306. method: 'PUT',
  307. })).json().then(async res => {
  308. notifier.success('bypassed successfully', { durations: { success: 0 } });
  309. await util.sleep(5000);
  310. window.location.assign(res.redirect);
  311. }).catch(e => {
  312. util.handleError(e, 'delta');
  313. })
  314. }
  315. }
  316.  
  317. async function valyse() {
  318. if (document.title == 'Just a moment...') { return; }
  319. function completeCheckpoint(link) {
  320. return new Promise((resolve, reject) => {
  321. GM.xmlHttpRequest({
  322. method: "GET",
  323. url: link,
  324. synchronous: true,
  325. headers: {
  326. Referer: 'https://loot-links.com/',
  327. },
  328. onload: function (response) {
  329. resolve();
  330. },
  331. onerror: function (error) {
  332. reject(error);
  333. },
  334. });
  335. });
  336. }
  337. let deviceId = new URL(window.location.href).searchParams.get('device_id');
  338.  
  339. await fetch('https://api.valyse.best/api/create-device?device_id=' + deviceId);
  340.  
  341. await fetch('https://api.valyse.best/checkpoint/1?device_id=' + deviceId);
  342. await util.sleep(2000);
  343. await completeCheckpoint('https://valyse.best/verification?checkpoint=2');
  344. notifier.info('1/2 stages completed');
  345.  
  346. await util.sleep(1000);
  347.  
  348. await fetch('https://api.valyse.best/checkpoint/2?device_id=' + deviceId);
  349. await util.sleep(2000);
  350. await completeCheckpoint('https://valyse.best/verification?completed=true');
  351. notifier.info('2/2 stages completed');
  352.  
  353. await util.sleep(3000);
  354. notifier.success('bypassed successfully', { durations: { success: 0 } });
  355. await util.sleep(5000);
  356. window.location.assign('https://valyse.best/verification?completed=true');
  357. }
  358.  
  359.  
  360. async function keyrblx() {
  361. if (document.documentElement.innerHTML.includes('You successfully got key!')) {
  362. notifier.success('bypassed successfully', { durations: { success: 0 } });
  363. return;
  364. }
  365. const customSleepTimes = {
  366. 'project_nexus': 11000,
  367. 'L-HUB': 11000,
  368. 'butif': 11000,
  369. 'KeySystemm': 11000,
  370. 'NilHub': 11000,
  371. 'RaitoHub': 16000,
  372. 'BonezHub': 16000,
  373. };
  374. try {
  375. let hubName;
  376. let hwid;
  377. let currentUrl = new URL(window.location.href);
  378. try {
  379. hubName = currentUrl.pathname.split('/')[2];
  380. hwid = document.cookie.split('; ').filter(cookie => {
  381. return cookie.includes(hubName)
  382. })
  383. hwid = hwid[0].split('=')[1];
  384. }
  385. catch (e) {
  386. hwid = currentUrl.searchParams.get('hwid');
  387. if (!hwid) {
  388. throw new Error('HWID not found!');
  389. }
  390. }
  391.  
  392. let adUrl = await fetch(`https://api.keyrblx.com/api/application/captcha?name=${hubName}&token=${await util.getGrecaptchaResponse()}&hwid=${hwid}`).then(res => res.json());
  393. let encodedDest = new URL(adUrl['redirect_to']).searchParams.get('r');
  394. let dest;
  395. if (encodedDest) {
  396. dest = atob(encodedDest);
  397. }
  398. else {
  399. dest = `https://keyrblx.com/getkey/${hubName}`
  400. let checkpointInfo = document.getElementsByTagName('h2')[0].childNodes;
  401. if (checkpointInfo[6].data != '1') {
  402. dest += `?step=${checkpointInfo[2].data}`;
  403. }
  404. }
  405.  
  406. let sleepTime = 6000;
  407. Object.keys(customSleepTimes).forEach(key => {
  408. if (hubName == key) {
  409. sleepTime = customSleepTimes[key];
  410. }
  411. });
  412. await util.sleep(sleepTime);
  413.  
  414. await util.linkvertiseSpoof(dest);
  415.  
  416. notifier.info('stage completed');
  417. await util.sleep(3000);
  418. window.location.reload();
  419. }
  420. catch (e) {
  421. util.handleError(e, 'keyrblx');
  422. }
  423. }
  424.  
  425. async function pandadevelopment() {
  426. if (document.documentElement.innerHTML.includes('you got the key')) {
  427. notifier.success('bypassed successfully', { durations: { success: 0 } });
  428. return;
  429. }
  430. else if (document.documentElement.innerHTML.includes('Server Error')) {
  431. return;
  432. }
  433. else if (document.documentElement.innerHTML.includes('session invalidated')) {
  434. window.location.reload();
  435. return;
  436. }
  437. else if (document.documentElement.innerHTML.includes('Select Checkpoint')) {
  438. let providers = Array.from(document.getElementsByTagName('a'));
  439. for (let provider of providers) {
  440. let providerName = provider.firstChild.innerHTML;
  441. if (providerName == 'Linkvertise' || providerName == 'Short Jambo') {
  442. window.location.assign(provider.href);
  443. return;
  444. }
  445. }
  446. throw new Error('no supported ad provider found');
  447. }
  448. function getAdLink(hwid, service, token) {
  449. return new Promise(async (resolve, reject) => {
  450. GM.xmlHttpRequest({
  451. method: "POST",
  452. url: 'https://auth.pandadevelopment.net/getkey/proceed',
  453. headers: {
  454. 'Content-Type': 'application/x-www-form-urlencoded',
  455. 'Referer': window.location.href,
  456. },
  457. data: `hwid=${hwid}&service=${service}&token=${token}&provider=linkvertise&cf-turnstile-response=${await util.getTurnstileResponse()}`,
  458. onload: function (response) {
  459. resolve(response.finalUrl);
  460. },
  461. onerror: function (error) {
  462. reject(error);
  463. }
  464. });
  465. });
  466. }
  467. function getDestUrl(link) {
  468. let url = new URL(encodeURI(link));
  469. switch (url.hostname) {
  470. case 'linkvertise.com': {
  471. return atob(url.searchParams.get('r'));
  472. }
  473. case 'short-jambo.com': {
  474. return url.search.split('&url=')[1];
  475. }
  476. default: {
  477. throw new Error('unsupported ad provider');
  478. }
  479. }
  480. }
  481. const customSleepTimes = {
  482. 'vegax': 11000,
  483. 'laziumtools': 11000,
  484. };
  485. try {
  486. let currentUrl = new URL(window.location.href);
  487. let hwid = currentUrl.searchParams.get('hwid');
  488. let service = currentUrl.searchParams.get('service');
  489. let token = currentUrl.searchParams.get('sessiontoken');
  490. let provider = currentUrl.searchParams.get('provider');
  491.  
  492. let adUrl = await getAdLink(hwid, service, token);
  493. let dest = getDestUrl(adUrl);
  494.  
  495. let sleepTime = 3000;
  496. Object.keys(customSleepTimes).forEach(key => {
  497. if (service == key) {
  498. sleepTime = customSleepTimes[key];
  499. }
  500. });
  501. await util.sleep(sleepTime);
  502.  
  503. await util.linkvertiseSpoof(dest);
  504. notifier.info('stage completed');
  505.  
  506. await util.sleep(3000);
  507.  
  508. let newUrl = new URL(dest);
  509. token = newUrl.searchParams.get('sessiontoken');
  510. let nextCheckpoint = `https://auth.pandadevelopment.net/getkey?hwid=${hwid}&service=${service}&sessiontoken=${token}`;
  511. if (provider) {
  512. nextCheckpoint += `&provider=${provider}`;
  513. }
  514. window.location.assign(nextCheckpoint);
  515. }
  516. catch (e) {
  517. util.handleError(e, 'pandadevelopment');
  518. }
  519. }
  520.  
  521. async function tsuohub() {
  522. let url = new URL(window.location.href);
  523. if (url.pathname == '/complete') {
  524. notifier.success('bypassed successfully', { durations: { success: 0 } });
  525. return;
  526. }
  527. else if (!(['/getkey', '/step'].includes(url.pathname))) {
  528. return;
  529. }
  530. function getDestUrl() {
  531. console.log(url);
  532. return new Promise(async (resolve, reject) => {
  533. GM.xmlHttpRequest({
  534. method: "GET",
  535. url: `${url.origin + url.pathname + url.search}${url.search ? '&' : '?'}g-recaptcha-response=${await util.getGrecaptchaResponse()}`,
  536. onload: function (response) {
  537. resolve(response.finalUrl);
  538. },
  539. onerror: function (error) {
  540. reject(error);
  541. },
  542. headers: {
  543. Referer: window.location.href,
  544. }
  545. });
  546. });
  547. }
  548. function spoofAdView() {
  549. return new Promise((resolve, reject) => {
  550. GM.xmlHttpRequest({
  551. method: "GET",
  552. url: 'https://tsuo-script.xyz/complete',
  553. headers: {
  554.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!