ROBLOX's Recovery

Bye bye bytecode see you in, wait we will never see you again.


What is bytecode?

Bytecode a set of machine-readable instructions. Programming languages like Lua are high-level abstractions that make it easier for humans to write code. Before code can be executed by a computer or a virtual machine (VM), it needs to be translated to low-level instructions – the most very fundamental operations that the CPU or VM supports.

A simple code snippet like this:

print("Hello World!")

Becomes this in bytecode (transformed into a standard hex dump for readability):

00000000 1B 4C 75 61 51 00 01 04 04 04 08 00 12 00 00 00 .LuaQ………..
00000010 3D 57 6F 72 6B 73 70 61 63 65 2E 53 63 72 69 70 =Workspace.Scrip
00000020 74 00 01 00 00 00 03 00 00 00 00 00 00 02 04 00 t……………
00000030 00 00 05 00 00 00 41 40 00 00 1C 40 00 01 1E 00 ……A@…@….
00000040 80 00 02 00 00 00 04 06 00 00 00 70 72 69 6E 74 €……….print
00000050 00 04 0C 00 00 00 48 65 6C 6C 6F 20 57 6F 72 6C ……Hello Worl
00000060 64 00 00 00 00 00 04 00 00 00 02 00 00 00 02 00 d……………
00000070 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 00 …………….
00000080 00 00 ..

In the standard Lua library, there is a function called loadstring that you can use to convert a string into a function. Going forward, this will still work:

fn = loadstring("print('Hello World!')")

fn()

However, if you prefix your argument to loadstring with ASCII character 27, it can load bytecode too:

fn = loadstring('\27\76\117\97\81\0\1\4\8\4\8\0\47\0\0\0\0\0\0\0\114\101\116

\117\114\110\32\102\117\110\99\116\105\111\110\40\41\32\10\112\114\105\110

\116\40\34\72\101\108\108\111\32\87\111\114\108\100\33\34\41\10\10\32

\101\110\100\0\1\0\0\0\4\0\0\0\0\0\0\2\4\0\0\0\5\0\0\0\65\64\0\0\28\64\0

\1\30\0\128\0\2\0\0\0\4\6\0\0\0\0\0\0\0\112\114\105\110\116\0\4\13\0

\0\0\0\0\0\0\72\101\108\108\111\32\87\111\114\108\100\33\0\0\0\0\0\4\0\0\0

\2\0\0\0\2\0\0\0\2\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0')

fn()

In both cases calling fn() will print “Hello World!”

Last night ROBLOX shipped a release that prevents the standard Lua library function loadstring from loading bytecode. This function was used exclusively by some of our advanced scripters and breaks at most a couple hundred places that were using loadstring to do sinful (and sometimes very clever) things. So why did we do it? Two reasons.

#1. Security – loadstring(bytecode) is impossible to sandbox

ROBLOX sandboxes the Lua execution environment into multiple security contexts. This is to create functions that only ROBLOX-authored scripts can call, or that only game servers can call. There’s a lot of functions, like loadCharacter(userId) or httpGet(url) that are very useful, but that we don’t want regular users to have access to. For example, loadCharacter would allow widespread identity spoofing and httpGet would allow someone to DDoS ROBLOX.com using our own game servers.

Unfortunately, the version of Lua that ROBLOX uses (5.1) has several virtual machine-level defects that can be exploited with the use of bytecode. ROBLOX user Necrobumpist found this article that discusses some of them. The nastiest one allows you to hijack the stack of another function running in another security context. In short, if you know what you are doing, you can craft a privilege elevation attack using bytecode.

The Lua community at one point was working on a bytecode validator for loadstring to prevent these sorts of shenanigans, but it was eventually deemed infeasible and it is now the responsibility of developers embedding Lua to filter out bad bytecode themselves (presumably by disabling it).

#2. Version Specific – loadstring(bytecode) is not future proof

The ROBLOX team tries very very hard not to break any of the tens of millions of user scripts that exist in the ecosystem whenever a new release, because we respect the time and effort that coders have spent making those scripts.

The ability of loadstring to ingest bytecode seriously compromises our ability to change anything relating to the underlying Lua internals without breaking client scripts. We could not, for instance, update to a more recent version of Lua than 5.1 or experiment with making our Lua script execution 2-10x faster by implementing LuaJIT. There are very good reasons for us to want to be able to do both of these things.

How does this affect me?

It probably doesn’t affect you. There are a small number of ROBLOX levels are using loadstring(bytecode) as an obfuscation method to protect their source code from theft or modification. These levels won’t function correctly until their creators update their code. If you are interested in learning more about low-level Lua hacks, the ROBLOX scripters forum is a great place to start.

A giant, according to Wikipedia is a monster of human appearance but prodigious size and strength. This basically means that they are big and strong. This is very much the case in this place as all the giants are big... and strong... Yeah. Anyway, on to the review
Gameplay 8/10
The game starts by loading a popular model as a shelter such as the the ROBLOX HQ, Haunted Hill, a castle, and many others. After giving you a minute to find a suitable corner to live out the last few minutes of your life a large giant appears. The giants are also all different and you never get the same one twice in a row. To name a few of the giants there are the Ice Giant, the Fire Giant, the God Giant, the Knight Giant, and the Invisible Giant. All of these giants are incredibly fun to fight against and are all different. For example, the Ice Giant sends rolling snowballs of death out of it's mouth in an attempt to crush you. The Fire Giant is able to burn all the buildings. The God Giant is extremely fast and has 5000 health.  All of the giants are unique. Anyway, after the giant spawns your goal is to shoot it as much as possible until it dies or the round is over. For each time you hit it with your gun you get one point. You can buy new guns with your points and each hit will give you more points. Or you can purchase gear such as the gravity coil to aid your in your attempt to destroy the monstrosity.
Effort 7/10
The scripting for the place is lovely (even if it does glitch sometimes) and all the giants are uniquely scripted in their own way. However, the only problem I have with this place is that none of the maps were made by him. They're all classic ROBLOX places.
Creativity 7/10
If you look back in time you can see that there were a lot of places like this in the past.Either way, this place has changed it up a bit by allowing you to fight back.
Overall 7.5/10
Suggestions

• Make some maps yourself, classic places are nice but they shouldn't all be classic places.
• More giants.

Tips

• The reload time of all the guns is agonizingly slow, after you've gotten a few guns it's a good idea to switch guns right after you fire them allowing you to fire rapidly and get more points.
• Don't be a hero, stay away from the giant. Try getting him near the spawn so he'll always have someone new to go for that isn't you.

ROBLOX or Minecraft?

The idea of “Crafting” has been in the gaming world for a long time; DotA, Ultima, Everquest, and even Minecraft have featured their own versions of the concept. It’s an undeniably interesting idea that is worth exploring in the world of ROBLOX. In order to better explain ROBLOX’s idea  of taking crafting system, let’s split the notion into two categories: materials and recipes.

The general idea is that, after years and years of playing ROBLOX, many users have acquired things, either from the Catalog or the game itself, they simply don’t need. We’ve all got some hats from four years ago that we’d never wear today. So  how to make use of these useless items that are gathering virtual dust in our inventories?

A prototype interface for a crafting and recycling system

The crafting system would give users the ability to recycle items and harvest their core materials. Then, users would be able to mix and match all of these materials in order to create custom items that can only be shaped by alchemy. That way, no item in your inventory can be considered useless, as it may be a key component in developing a customized creation when mixed with other items, and can also be seen as a valuable item for bartering, as someone may need that component to make something much more complex.

That leads to the second half of the equation: recipes. Recipes would exist to create both existing items, and brand new ones—this would present a new way to leverage the trading system, as you would want to trade items with other users in order to get the core materials you need to build your creative concoction.

You wouldn’t want to be limited to the specific confines of written recipes either; if you have a bunch of random items you don’t feel you need, throw them all together and see what happens! You could end up randomly discovering a new item, or making an existing item that could be useful to you in the future.

Let’s hypothesize, to get an idea of how this system could work. Say you wanted a DarkAge Ninja Swordpack, but didn’t have enough Robux to buy it, but you did have the recipe for it.

The recipe is as follows: 3x Polished Steel and 1x Shard of Darkheart, a rare material used to craft items in the Fighting genre. So you decide to recycle your existing sword pack and come away with 2x Polished steel from it. You’re almost there!

Now you have a couple of options to obtain the rest of your ingredients. Find something of value to a friend, and trade him/her for the additional Polished steel ingredient you need, then pop over to the catalog and purchase the Shard of Darkheart. So, with a few recycled materials, trades, and a single purchase, you’ve got your shiny new DarkAge Ninja Swordpack.

This is just a quick and simple example of how this system could potentially work. ROBLOX staff are always thinking of ways to further enrich and enhance the ROBLOX experience, and that usually involves giving users more creative freedom. Crafting would lead to the creation of new and unique items, while simultaneously enhancing our recently released trade system so that users could trade and barter for items to recycle and harvest.