ROBLOX's Recovery

Bye bye bytecode see you in, wait we will never see you again.


What is bytecode?

Bytecode a set of machine-readable instructions. Programming languages like Lua are high-level abstractions that make it easier for humans to write code. Before code can be executed by a computer or a virtual machine (VM), it needs to be translated to low-level instructions – the most very fundamental operations that the CPU or VM supports.

A simple code snippet like this:

print("Hello World!")

Becomes this in bytecode (transformed into a standard hex dump for readability):

00000000 1B 4C 75 61 51 00 01 04 04 04 08 00 12 00 00 00 .LuaQ………..
00000010 3D 57 6F 72 6B 73 70 61 63 65 2E 53 63 72 69 70 =Workspace.Scrip
00000020 74 00 01 00 00 00 03 00 00 00 00 00 00 02 04 00 t……………
00000030 00 00 05 00 00 00 41 40 00 00 1C 40 00 01 1E 00 ……A@…@….
00000040 80 00 02 00 00 00 04 06 00 00 00 70 72 69 6E 74 €……….print
00000050 00 04 0C 00 00 00 48 65 6C 6C 6F 20 57 6F 72 6C ……Hello Worl
00000060 64 00 00 00 00 00 04 00 00 00 02 00 00 00 02 00 d……………
00000070 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 00 …………….
00000080 00 00 ..

In the standard Lua library, there is a function called loadstring that you can use to convert a string into a function. Going forward, this will still work:

fn = loadstring("print('Hello World!')")

fn()

However, if you prefix your argument to loadstring with ASCII character 27, it can load bytecode too:

fn = loadstring('\27\76\117\97\81\0\1\4\8\4\8\0\47\0\0\0\0\0\0\0\114\101\116

\117\114\110\32\102\117\110\99\116\105\111\110\40\41\32\10\112\114\105\110

\116\40\34\72\101\108\108\111\32\87\111\114\108\100\33\34\41\10\10\32

\101\110\100\0\1\0\0\0\4\0\0\0\0\0\0\2\4\0\0\0\5\0\0\0\65\64\0\0\28\64\0

\1\30\0\128\0\2\0\0\0\4\6\0\0\0\0\0\0\0\112\114\105\110\116\0\4\13\0

\0\0\0\0\0\0\72\101\108\108\111\32\87\111\114\108\100\33\0\0\0\0\0\4\0\0\0

\2\0\0\0\2\0\0\0\2\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0')

fn()

In both cases calling fn() will print “Hello World!”

Last night ROBLOX shipped a release that prevents the standard Lua library function loadstring from loading bytecode. This function was used exclusively by some of our advanced scripters and breaks at most a couple hundred places that were using loadstring to do sinful (and sometimes very clever) things. So why did we do it? Two reasons.

#1. Security – loadstring(bytecode) is impossible to sandbox

ROBLOX sandboxes the Lua execution environment into multiple security contexts. This is to create functions that only ROBLOX-authored scripts can call, or that only game servers can call. There’s a lot of functions, like loadCharacter(userId) or httpGet(url) that are very useful, but that we don’t want regular users to have access to. For example, loadCharacter would allow widespread identity spoofing and httpGet would allow someone to DDoS ROBLOX.com using our own game servers.

Unfortunately, the version of Lua that ROBLOX uses (5.1) has several virtual machine-level defects that can be exploited with the use of bytecode. ROBLOX user Necrobumpist found this article that discusses some of them. The nastiest one allows you to hijack the stack of another function running in another security context. In short, if you know what you are doing, you can craft a privilege elevation attack using bytecode.

The Lua community at one point was working on a bytecode validator for loadstring to prevent these sorts of shenanigans, but it was eventually deemed infeasible and it is now the responsibility of developers embedding Lua to filter out bad bytecode themselves (presumably by disabling it).

#2. Version Specific – loadstring(bytecode) is not future proof

The ROBLOX team tries very very hard not to break any of the tens of millions of user scripts that exist in the ecosystem whenever a new release, because we respect the time and effort that coders have spent making those scripts.

The ability of loadstring to ingest bytecode seriously compromises our ability to change anything relating to the underlying Lua internals without breaking client scripts. We could not, for instance, update to a more recent version of Lua than 5.1 or experiment with making our Lua script execution 2-10x faster by implementing LuaJIT. There are very good reasons for us to want to be able to do both of these things.

How does this affect me?

It probably doesn’t affect you. There are a small number of ROBLOX levels are using loadstring(bytecode) as an obfuscation method to protect their source code from theft or modification. These levels won’t function correctly until their creators update their code. If you are interested in learning more about low-level Lua hacks, the ROBLOX scripters forum is a great place to start.

A giant, according to Wikipedia is a monster of human appearance but prodigious size and strength. This basically means that they are big and strong. This is very much the case in this place as all the giants are big... and strong... Yeah. Anyway, on to the review
Gameplay 8/10
The game starts by loading a popular model as a shelter such as the the ROBLOX HQ, Haunted Hill, a castle, and many others. After giving you a minute to find a suitable corner to live out the last few minutes of your life a large giant appears. The giants are also all different and you never get the same one twice in a row. To name a few of the giants there are the Ice Giant, the Fire Giant, the God Giant, the Knight Giant, and the Invisible Giant. All of these giants are incredibly fun to fight against and are all different. For example, the Ice Giant sends rolling snowballs of death out of it's mouth in an attempt to crush you. The Fire Giant is able to burn all the buildings. The God Giant is extremely fast and has 5000 health.  All of the giants are unique. Anyway, after the giant spawns your goal is to shoot it as much as possible until it dies or the round is over. For each time you hit it with your gun you get one point. You can buy new guns with your points and each hit will give you more points. Or you can purchase gear such as the gravity coil to aid your in your attempt to destroy the monstrosity.
Effort 7/10
The scripting for the place is lovely (even if it does glitch sometimes) and all the giants are uniquely scripted in their own way. However, the only problem I have with this place is that none of the maps were made by him. They're all classic ROBLOX places.
Creativity 7/10
If you look back in time you can see that there were a lot of places like this in the past.Either way, this place has changed it up a bit by allowing you to fight back.
Overall 7.5/10
Suggestions

• Make some maps yourself, classic places are nice but they shouldn't all be classic places.
• More giants.

Tips

• The reload time of all the guns is agonizingly slow, after you've gotten a few guns it's a good idea to switch guns right after you fire them allowing you to fire rapidly and get more points.
• Don't be a hero, stay away from the giant. Try getting him near the spawn so he'll always have someone new to go for that isn't you.

ROBLOX or Minecraft?

The idea of “Crafting” has been in the gaming world for a long time; DotA, Ultima, Everquest, and even Minecraft have featured their own versions of the concept. It’s an undeniably interesting idea that is worth exploring in the world of ROBLOX. In order to better explain ROBLOX’s idea  of taking crafting system, let’s split the notion into two categories: materials and recipes.

The general idea is that, after years and years of playing ROBLOX, many users have acquired things, either from the Catalog or the game itself, they simply don’t need. We’ve all got some hats from four years ago that we’d never wear today. So  how to make use of these useless items that are gathering virtual dust in our inventories?

A prototype interface for a crafting and recycling system

The crafting system would give users the ability to recycle items and harvest their core materials. Then, users would be able to mix and match all of these materials in order to create custom items that can only be shaped by alchemy. That way, no item in your inventory can be considered useless, as it may be a key component in developing a customized creation when mixed with other items, and can also be seen as a valuable item for bartering, as someone may need that component to make something much more complex.

That leads to the second half of the equation: recipes. Recipes would exist to create both existing items, and brand new ones—this would present a new way to leverage the trading system, as you would want to trade items with other users in order to get the core materials you need to build your creative concoction.

You wouldn’t want to be limited to the specific confines of written recipes either; if you have a bunch of random items you don’t feel you need, throw them all together and see what happens! You could end up randomly discovering a new item, or making an existing item that could be useful to you in the future.

Let’s hypothesize, to get an idea of how this system could work. Say you wanted a DarkAge Ninja Swordpack, but didn’t have enough Robux to buy it, but you did have the recipe for it.

The recipe is as follows: 3x Polished Steel and 1x Shard of Darkheart, a rare material used to craft items in the Fighting genre. So you decide to recycle your existing sword pack and come away with 2x Polished steel from it. You’re almost there!

Now you have a couple of options to obtain the rest of your ingredients. Find something of value to a friend, and trade him/her for the additional Polished steel ingredient you need, then pop over to the catalog and purchase the Shard of Darkheart. So, with a few recycled materials, trades, and a single purchase, you’ve got your shiny new DarkAge Ninja Swordpack.

This is just a quick and simple example of how this system could potentially work. ROBLOX staff are always thinking of ways to further enrich and enhance the ROBLOX experience, and that usually involves giving users more creative freedom. Crafting would lead to the creation of new and unique items, while simultaneously enhancing our recently released trade system so that users could trade and barter for items to recycle and harvest.

Three Stooges Hits Roblox.

There have been some The Three Stooges themed items in the catalog recently. For example, there is a Three Stooges Cap and a Three Stooges Shirt by ROBLOX. There are also some other Three Stooges items, that are unobtainable and some people have been asking how to get them. To get the unobtainable Three Stooges items, simply earn accomplishments in Welcome to Stoogeville! This event promotes The Three Stooges The Movie, which is coming out on April 13th. In this game you can win up to four items, and they are Moe's Hair, Larry's Hair, the Wooden Mallet, and the Lobster. It is much like ROBLOX Base Wars FPS and even has the same scripts, just edited a bit. However, it is a well built and scripted game.

Here's how the game works. You first get to choose which stooge you will play as. You can either play as Moe, Larry, or Curly. You then join either the red team or the blue team. The goal is to explore your hometown, Stoogeville, and work with your team to make 830,000$ before the other team does. You can earn 1,000$ for defeating someone and you can earn 3,000$ for capturing a capture point. To capture a capture point simply find one and stand on it for ten seconds. You can poke or slap your enemies, but there is also weapons hidden throughout the map you can also use. You can also block to avoid attacks. Now, here's how you can get all four items. To get Moe's Hair, simply win a round as Moe. To get Larry's Hair, win a round as Larry. Curly does not have any hair so if you win a round as him you will get the Wooden Mallet instead of hair. The hardest Three Stooges item to get is the Lobster. In order to get the Lobster you must have more money than everybody else at the end of a round. In other words, you must be the MVP. (Most Valuable Player) Time for some tips!

 Tips:
 - The only difference between Moe, Larry, and Curly is what they look like and what items you earn by playing as them. If you're trying to get MVP it doesn't matter who you're playing as.

- If a capture point is white, that means no one has captured it yet. If a capture point is blue, that means the blue team has captured it. If a capture point is red, that means the red team has captured it.

- It's faster to capture capture points rather than to attack the opposing team.

- When trying to steal capture points from the opposing team, it's better to attack with others rather than to attack alone.

- If you are on the blue team, it's a good idea to get the capture points near the fountain and in the movie theater when the game begins.

- If you are on the red team, it's a good idea to get the capture points near the apartments and in the church when the game begins.

- Be careful if you go underground to get the underground capture point; the ladders are tough to climb and so it can be hard to get out of the underground.

- Always get a weapon before you attack a lot of people; poking and slapping isn't very effective. Weapons such as the broom do great damage.

- If your computer lags a lot on this game, it's a good idea to try to get MVP when not many people are playing.

- You can always check the leaderboard by pressing Q while you have the Poke Attack, the Block, or the Slap Attack equipped.

- If you are in a server with tons of people who get outrageous high scores, you should probably go to a different server to have a better chance of getting MVP.

Currency Exchange And Catalog Offline.

Yesterday Roblox had an unusal falt in the system here's what David had to say.


We experienced a site issue yesterday evening that triggered alerts, and we intentionally took the site offline. Two things happened prior to taking the site offline:

• Several assets were released from our backlog that were not ready for production
• Several accounts were incorrectly granted large amounts of ROBUX. Some of these ROBUX were subsequently traded with other accounts

We have a virtual-economy failsafe that has kicked in, and for some time this morning all catalog purchases and currency trading will be turned off while we undo the incorrect transactions that occurred late yesterday afternoon. We will keep you updated as to when we turn purchases back on.

To some of us what happened yesterday was annoying for others it might of just been confusing, so let us hope everything turns out all right.

Telamons's name changed!

Many of you will slate this as 'old news', but since there has been no real officialannouncement or forum post; I just wanted to let you guys know!

Telamon has changed his username to Shedletsky - which is his surname and also his username for his twitter account. This will make it easier for users to find him on twitter as now both his ROBLOX and twitter usernames are the same. 

It is not strictly true however, that his username was changed; it was actually swapped with his alternate account which was previously called Shedletsky, but which is now called Telamon.


Some old users may dislike this change as they have been used to John Shedletsky being known simply as 'Telamon'. However, it has standardised his username which from his point of view is a positive thing because more ROBLOX users can follow him on twitter and give him their feedback on all things ROBLOX.

Place Review: Galactic Domination

Space, the final frontier. These are the reviews of the A.R.N Enterprise. It's ongoing mission, to explore creative new places. To seek out new ideas and brilliant places. To boldly go where no robloxian has gone before. After exploring robloxia extensively I have found a brilliant new place.
Gameplay 10/10
The basic goal of this game is to conquer all the planets. To do so you need to destroy all the buildings on the planet and then take over the control point. You can make buildings on your planet in order to defend it such as turrets, ship spawners, and reactors. Each building has a specific purpose. The reactors give you credits so you can buy more buildings, turrets constantly fire on enemy ships. There are also extremely intense dog-fights in this game that rely on skill and agility. There are 6 different ships and all are good for different things. The scout is great at looking at other planets but is terrible in combat. The fighter can take out most ships but is slow. The bomber has a lot of health but is very slow. There are also other ships called blast boats that are very slow but do devastating amounts of damage.
Effort 10/10
There are tons of scripts at work here. There are 6 different ships, a ton of buildings that are scripted to do certain things. The maps are also brilliantly made.
Creativity 10/10
This game is completely unique. I have never seen another game like this, sure there have been sci-fi games but none of them ever went to this scale.
Overall 10/10
Suggestions

• Add more buildings
• Add a secret cake planet
• Fix the glitch where you spawn on top of the space station (add more spawns?)
• Add some kind of KO/WO system.