If you haven’t read the previous posts, please do so. There’s a lot of information built upon previous information in this, so you may or may not understand where addresses, libraries or even Lua came from.
Now that we know how to find addresses of the lua C API in our client and how to capture a valid lua state, we can write our “exploit”. Let’s start with recapping what our end-goal is: We want to be able to run scripts that weren’t originally in our game....
Last post we talked about why games use the Lua VM and how to find some key functions. The Lua VM runs everything based on a state. This state is basically the key to the kingdom, without a valid state with their custom API and environment on it, we really can’t do anything. Well that’s great and all, but how exactly are we going to get a valid Lua State??? How convenient of a question!...
Many games today rely on scripting languages and an internal API to interface with the game engine itself. One of the popular scripting languages used is the Lua language. The reason so many games use Lua as their internal scripting engine is because it is extremely extensible, It’s also extremely lightweight and uses little resources. Today we’re going to be focusing on one game in particular, you’ve might’ve heard of it… ROBLOX....