Skip to content

Instantly share code, notes, and snippets.

View Quenty's full-sized avatar
🎉
Follow me on Twitter @Quenty

James Onnen Quenty

🎉
Follow me on Twitter @Quenty
View GitHub Profile
@hello-42
hello-42 / LSP.sublime-settings
Last active February 23, 2024 23:35
Meant to be installed via setup-sublime.ps1
// Settings in here override those in "LSP/LSP.sublime-settings"
{
"clients": {
"luau-lsp": {
"command":
[
"luau-lsp",
"lsp",
"--definitions=$home\\.luau-lsp\\globalTypes.d.lua",
"--docs=$home\\.luau-lsp\\api-docs.json",
@TheGreatSageEqualToHeaven
TheGreatSageEqualToHeaven / READ.md
Last active November 12, 2024 10:36
Data store vulnerabilities

Write-up

A warning to Roblox developers about a powerful exploit primitive. In this, I will detail the research I’ve conducted into this attack vector and walk you through how you as a developer, can protect against exploits with primitives like this.

DataStoreService lets you store data that needs to persist between sessions, such as items in a player’s inventory or skill points. Data stores are consistent per experience, so any place in an experience can access and change the same data, including places on different servers.

By default, experiences tested in Studio cannot access data stores, so you must first enable API services. You will need to do this to test the vulnerabilities.

The idea I wanted to explore when pondering the above question was; can we exploit remotes to prevent data from saving? It is easy to blame the developer for not protecting themselves against such a simple exploit but it ends up being more complicated than that. I found plenty of examples of these vulnerabilities occurring

@boatbomber
boatbomber / GlobalStorage.lua
Last active March 28, 2024 00:20
This is a module for handling data that can be read from/written to from multiple servers at a time. It is made only for commutative updates. This is so that your operations can be applied locally and globally at different times and still end up at the same value eventually. Uses MemoryStore for atomic locking.
--[[
GlobalStorage
by boatbomber (c) 2021
This is a module for handling data that can be read from/written to
from multiple servers at a time. It is made only for commutative updates.
This is so that your operations can be applied locally and globally at different
times and still end up at the same value eventually. Uses MemoryStore for atomic locking.
@boatbomber
boatbomber / InfStore.lua
Last active December 13, 2022 18:53
InfStore - Storing inf size dictionaries in Roblox Datastores via automagic efficient chunking
-- InfStore.lua
-- boatbomber
-- A module to have DataStores hold an inf size dictionary
-- by automagically chunking the data behind the scenes
-- Example:
-- local store = InfStore.new("Global_v0.1.0", "Tutorials")
-- store:Get()
-- store:Add("UniqueTutorialId", TutorialData)
local fs = require("bee.filesystem")
local fsu = require("fs-utility")
local furi = require("file-uri")
local workspace = require("workspace")
local foundFileCache = {}
local function relativePathToDotPath(relPath)
-- Convert posix path to dots, and remove file extension.
return tostring(relPath):gsub(".lua", ""):gsub("\\", "."):gsub("/", ".")
@EgoMoose
EgoMoose / ViewportModel.lua
Last active September 7, 2024 18:54
Lua class to calculate camera distance/cframe for fitting models into viewport frames
--[[
MIT License
Copyright (c) 2021 EgoMoose
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
namespace ConsoleApp1
{
@Fraktality
Fraktality / Zones.lua
Last active October 31, 2023 20:02
Fast trigger volumes
local RunService = game:GetService("RunService")
-- compile an oriented bounding box into a scaled CFrame
local function compileBBox(cframe: CFrame, size: Vector3)
return CFrame.fromMatrix(
cframe.Position,
cframe.XVector/size.X,
cframe.YVector/size.Y,
cframe.ZVector/size.Z
):Inverse()
@jovannic
jovannic / MockTree.lua
Last active November 26, 2020 02:44
MockTree: A module for handling Welds and Motor6Ds outside of Workspace
local MockTree = {}
local function addJointEdge(joints, joint, me, other)
local edgeList = joints[me]
if not edgeList then
edgeList = {}
joints[me] = edgeList
end
table.insert(edgeList, {joint, other})
end
---
-- @classmod CameraChallenge
-- @author Quenty
local require = require(game:GetService("ReplicatedStorage"):WaitForChild("Nevermore"))
-- Challenge:
-- 1. Make `camera' always point to the the current or last known camera.
-- a. Problem: CurrentCamera can be nil.
-- b. Guarantee that `camera' is never nil.