Skip to content

Instantly share code, notes, and snippets.

@TheGreatSageEqualToHeaven
Last active October 28, 2024 18:40
Show Gist options
  • Save TheGreatSageEqualToHeaven/79835da046388d67522165ff56524b82 to your computer and use it in GitHub Desktop.
Save TheGreatSageEqualToHeaven/79835da046388d67522165ff56524b82 to your computer and use it in GitHub Desktop.
Datastore Rollback Playground Course

In the previous github gist we went over multiple ways DataStoreService could be abused to rollback data. This time we will be taking a more hands-on approach where you, the reader will be trying to figure out how to rollback data in a playground specifically created with the intention to teach you how to rollback data.

This time nothing you do will be pseudo-code. Everything you abuse, fire and interact with be real. Nothing is emulated in the playground and your data is actually rolled back because the datastore threw an error, all datastore requests use SetAsync and if datastores fail UpdateAsync is used to pull your old data and include a notice for when you rejoin to notify you that you have successfully rolled back your data.

An example notice: Example_Note

You will need:

  • A working exploit You can use the testing menu for firing remotes
  • A remote spy Remotes and their arguments are printed to the console
  • A brain

You will be able to know if you rolled back your data by playing with the shopping system, buy a few items and leave so your data will save. Then when you rejoin buy or sell some of the items you have and try to rollback your data and see if your items are restored.

When you are tasked with finding a solution, try reading the previous gist and inserting your newly found knowledge into the playground rather than looking at the solutions instantly.

The Playground

Messaging Bob

Our first target will be focusing on the chatting system with bob, its a simple chat system without any filtering. Any messages we send will have Bob respond with Bob. If we now try sending bob a message with invalid utf-8 (128 -> 255 byte range) we'll be able to rollback data.

Try doing this yourself by sending bob a message and editing the remote's arguments with a string datastores wont accept.

Solution 1 Code: https://paste.sh/VFNI-fiG#x9EIFbHeEs27L_WUqcJG9q9Z

Solution 1 works because datastores cant accept bytes larger than 127. This is because those bytes are commonly used to start utf-8 characters

Solution 2. Code: https://paste.sh/CAg48_hc#gj0iY51nEFY0FOzcYadjBQVN

Solution 2 works because datastores cant accept strings longer than 65536 characters.

Manipulating Settings

Our second target is a vulnerable settings system. The simple settings we have to work with are Nametags and Bloom. If we press any of them it'll fire a remote with the name and a boolean indicating the setting is enabled or not. We can do multiple things here, such as firing a different setting name and replacing the value of the setting. There is multiple solutions here.

Solution 1 Code: https://paste.sh/noiPYnHv#vIqtuMtNOTeRI91IL1r2mZLx

Solution 1 works because datastores cant serialise instances.

Other solutions Previous 2 solutions from the other problem will also work here because the setting name is not protected

The gifts

Our last target is the gifting system, it intentionally has a vulnerable analytic included in its remote to provide one final example. Using all of the methods you learned from the previous gist and this gist you'll be able to rollback your data on your own with your own way.

All previous solutions will work.

Final words

Please consider learning from what I write rather than hoping someone else will dumb it down for you because you aren't willing to put in the time to figure something out. Asking for help is ok but only when you're struggling with a specific part, rather than the entire topic. We're not a school we're a public forum for developers and skids but my posts are meant for developers.

If you are a skid, consider taking up programming as a hobby, there is a lot to learn relating to it but it is much more rewarding and meaningful to spend time developing your own tooling rather than copy-pasting code which could be getitng you detected, banned or even ip-logging you.

@sametcetinkaya1447
Copy link

pretty detailed explation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment