chaos v2 beta leak src.py

1. # Protected by PyAntiSkid
2. #If you are reading this, you are probably a skid
3. #Good luck deobfing this, skid!
4. from pystyle import Colors, Colorate
5. import ctypes
6. import random
7. import string
8. import pymem
9. import time
10. import re
11. import os
12. import psutil
13. import subprocess
14. import threading
15. import requests
16. import hashlib
17.  
18. p = psutil.Process(os.getpid())
19. p.nice(psutil.HIGH_PRIORITY_CLASS)
20. global selector
21. banner = """
22.  
23. ░█████╗░██╗░░██╗░█████╗░░█████╗░░██████╗██████╗░░█████╗░██╗░░░░░██╗████████╗             [Version]: Beta V2
24. ██╔══██╗██║░░██║██╔══██╗██╔══██╗██╔════╝██╔══██╗██╔══██╗██║░░░░░██║╚══██╔══╝             [Deafult]: [RobloxPlayerBeta.exe]
25. ██║░░╚═╝███████║███████║██║░░██║╚█████╗░██████╔╝██║░░██║██║░░░░░██║░░░██║░░░             [1] WEB
26. ██║░░██╗██╔══██║██╔══██║██║░░██║░╚═══██╗██╔═══╝░██║░░██║██║░░░░░██║░░░██║░░░             [2] UWP
27. ╚█████╔╝██║░░██║██║░░██║╚█████╔╝██████╔╝██║░░░░░╚█████╔╝███████╗██║░░░██║░░░            
28. ░╚════╝░╚═╝░░╚═╝╚═╝░░╚═╝░╚════╝░╚═════╝░╚═╝░░░░░░╚════╝░╚══════╝╚═╝░░░╚═╝░░░          """
29. print(Colorate.Horizontal(Colors.purple_to_blue, banner, 1))
30. selectorsec = input(Colorate.Horizontal(Colors.cyan_to_blue, "\nSelect the Roblox version you want to use: ", 1))
31. if selectorsec == "2":
32.     selector = "Windows10Universal.exe"
33. else:
34.     selector = "RobloxPlayerBeta.exe"
35. def CloseRBLX():
36.     roblox_processes = ChaoSpolit.YieldForProgram(f"{selector}")
37.     if roblox_processes:
38.         os.system(f"taskkill /im {selector}")
39.  
40.     if not roblox_processes:
41.         print("/\{selector} was not found")
42.         exit()
43.  
44. os.system("cls" if os.name == "nt" else "clear")
45.  
46. # This is a flag that the thread will check to see if it should stop
47. stop_thread = False
48.  
49. def undetectname():# silly bypass
50.     global stop_thread
51.     while not stop_thread:
52.         letters = string.ascii_lowercase
53.         appname = ''.join(random.choice(letters) for _ in range(40))
54.         ctypes.windll.kernel32.SetConsoleTitleW(appname)
55.        
56.  
57.  
58. def init():
59.     """# docs by tabnine
60.    This function is used to check for updates and display them to the user.
61.    """
62.     url = "https://capi-3ns5.onrender.com/latestversion"# i am dumb
63.     req = requests.get(url=url)
64.     #convert the output : [1] into only the number in it
65.     res = req.text[1:-1]
66.     # print(res)# debug [purposes]
67.     if res == "1":
68.         print(Colorate.Horizontal(Colors.cyan_to_blue, f"Latest Version : {res}..."))
69.         print(Colorate.Horizontal(Colors.cyan_to_blue, "Discord: https://discord.gg/chaosploit...", 1))
70.         pass
71.     else:
72.         print(Colorate.Horizontal(Colors.cyan_to_blue, "Update Soon Please Join: https://discord.gg/chaosploit...", 1))
73.         exit()
74.        
75.  
76. init()
77.  
78. class ChaoSpolit:
79.     def __init__(self, program_name):
80.         self.program_name = program_name
81.  
82.     def SimpleGetProcesses(self):
83.         return [proc.name() for proc in psutil.process_iter(["name"])]
84.    
85.     def SetParent(self, Instance, Parent, parentOffset):
86.         ChaoSpolit.Pymem.write_longlong(Instance + parentOffset, Parent)
87.  
88.     def __init__(self, ProgramName=None):# init
89.         self.ProgramName = ProgramName
90.         self.Pymem = pymem.Pymem()
91.         self.Addresses = {}
92.         self.Handle = None
93.         self.is64bit = True
94.         self.ProcessID = None
95.         self.PID = self.ProcessID
96.         if type(ProgramName) == str:
97.             self.Pymem = pymem.Pymem(ProgramName)
98.             self.Handle = self.Pymem.process_handle
99.             self.is64bit = pymem.process.is_64_bit(self.Handle)
100.             self.ProcessID = self.Pymem.process_id
101.             self.PID = self.ProcessID
102.         elif type(ProgramName) == int:
103.             self.Pymem.open_process_from_id(ProgramName)
104.             self.Handle = self.Pymem.process_handle
105.             self.is64bit = pymem.process.is_64_bit(self.Handle)
106.             self.ProcessID = self.Pymem.process_id
107.             self.PID = self.ProcessID
108.  
109.     def h2d(self, hz: str, bit: int = 16) -> int:
110.         if type(hz) == int:
111.             return hz
112.         return int(hz, bit)
113.  
114.     def d2h(self, dc: int, UseAuto=None) -> str:
115.         if type(dc) == str:
116.             return dc
117.         if UseAuto:
118.             if UseAuto == 32:
119.                 dc = hex(dc & (2**32 - 1)).replace("0x", "")
120.             else:
121.                 dc = hex(dc & (2**64 - 1)).replace("0x", "")
122.         else:
123.             if abs(dc) > 4294967295:
124.                 dc = hex(dc & (2**64 - 1)).replace("0x", "")
125.             else:
126.                 dc = hex(dc & (2**32 - 1)).replace("0x", "")
127.         if len(dc) > 8:
128.             while len(dc) < 16:
129.                 dc = "0" + dc
130.         if len(dc) < 8:
131.             while len(dc) < 8:
132.                 dc = "0" + dc
133.         return dc
134.  
135.     def PLAT(self, aob: str):
136.         if type(aob) == bytes:
137.             return aob
138.         trueB = bytearray(b"")
139.         aob = aob.replace(" ", "")
140.         PLATlist = []
141.         for i in range(0, len(aob), 2):
142.             PLATlist.append(aob[i : i + 2])
143.         for i in PLATlist:
144.             if "?" in i:
145.                 trueB.extend(b".")
146.             if "?" not in i:
147.                 trueB.extend(re.escape(bytes.fromhex(i)))
148.         return bytes(trueB)
149.  
150.     def AOBSCANALL(self, AOB_HexArray, xreturn_multiple=False):
151.         """
152.        Searches for a given AOB (Address-Of-Buffer) pattern in the currently opened process.
153.  
154.        Parameters:
155.        AOB_HexArray (str): The AOB pattern to search for, represented as a hex string.
156.        xreturn_multiple (bool): Whether to return all matches or only the first match.
157.  
158.        Returns:
159.        A list of addresses where the AOB pattern was found, or None if the pattern was not found.
160.        """
161.         try:
162.             # Open the process with the appropriate access rights
163.             ChaoSpolit.Pymem.process_handle = ctypes.windll.kernel32.OpenProcess(
164.                 0x1F0FFF,  # PROCESS_ALL_ACCESS
165.                 False,  # False = do not inherit handles
166.                 ChaoSpolit.Pymem.process_id,
167.             )
168.  
169.             # Define necessary ChaoSpolit functions
170.             PAGE_EXECUTE_READWRITE = 0x40
171.             ntdll = ctypes.windll.ntdll
172.             NtProtectVirtualMemory = ntdll.NtProtectVirtualMemory
173.             NtProtectVirtualMemory.restype = ctypes.c_long
174.  
175.             # Get the base address of the process
176.             base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
177.  
178.             # Remove read/write protection from the process memory
179.             old_protect = ctypes.c_ulong()
180.             size = ctypes.c_size_t(0x1000)
181.             NtProtectVirtualMemory(
182.                 ChaoSpolit.Pymem.process_handle,
183.                 ctypes.byref(ctypes.c_void_p(base_address)),
184.                 ctypes.byref(size),
185.                 PAGE_EXECUTE_READWRITE,
186.                 ctypes.byref(old_protect),
187.             )
188.  
189.             # Get the base address of the process again (after removing read/write protection)
190.             base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
191.  
192.             # Re-enable read/write protection for the process memory
193.             NtProtectVirtualMemory(
194.                 ChaoSpolit.Pymem.process_handle,
195.                 ctypes.byref(ctypes.c_void_p(base_address)),
196.                 ctypes.byref(size),
197.                 old_protect,
198.                 ctypes.byref(ctypes.c_ulong()),
199.             )
200.  
201.             # Now attempt the pattern scan
202.             return pymem.pattern.pattern_scan_all(
203.                 self.Pymem.process_handle,
204.                 self.PLAT(AOB_HexArray),
205.                 return_multiple=xreturn_multiple,
206.             )
207.         except Exception as e:
208.             print(f"WinAPI Error: {e}")
209.             # Let's try bypassing read/write protection first.
210.             try:
211.                 ChaoSpolit.Pymem.process_handle = ctypes.windll.kernel32.OpenProcess(
212.                     0x1F0FFF,  # PROCESS_ALL_ACCESS
213.                     False,  # False = do not inherit handles
214.                     ChaoSpolit.Pymem.process_id,
215.                 )
216.  
217.                 # Define necessary ChaoSpolit functions
218.                 PAGE_EXECUTE_READWRITE = 0x40
219.                 ntdll = ctypes.windll.ntdll
220.                 NtProtectVirtualMemory = ntdll.NtProtectVirtualMemory
221.                 NtProtectVirtualMemory.restype = ctypes.c_long
222.  
223.                 # Get the base address of the process
224.                 base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
225.  
226.                 # Remove read/write protection from the process memory
227.                 old_protect = ctypes.c_ulong()
228.                 size = ctypes.c_size_t(0x1000)
229.                 NtProtectVirtualMemory(
230.                     ChaoSpolit.Pymem.process_handle,
231.                     ctypes.byref(ctypes.c_void_p(base_address)),
232.                     ctypes.byref(size),
233.                     PAGE_EXECUTE_READWRITE,
234.                     ctypes.byref(old_protect),
235.                 )
236.  
237.                 # Get the base address of the process again (after removing read/write protection)
238.                 base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
239.  
240.                 # Re-enable read/write protection for the process memory
241.                 NtProtectVirtualMemory(
242.                     ChaoSpolit.Pymem.process_handle,
243.                     ctypes.byref(ctypes.c_void_p(base_address)),
244.                     ctypes.byref(size),
245.                     old_protect,
246.                     ctypes.byref(ctypes.c_ulong()),
247.                 )
248.  
249.                 # Now attempt the pattern scan
250.                 return pymem.pattern.pattern_scan_all(
251.                     self.Pymem.process_handle,
252.                     self.PLAT(AOB_HexArray),
253.                     return_multiple=xreturn_multiple,
254.                 )
255.             except WindowsError as we:
256.                 if we.winerror == 5:
257.                     ChaoSpolit.Pymem.process_handle = ctypes.windll.kernel32.OpenProcess(
258.                         0x1F0FFF,  # PROCESS_ALL_ACCESS
259.                         False,  # False = do not inherit handles
260.                         ChaoSpolit.Pymem.process_id,
261.                     )
262.  
263.                 # Define necessary ChaoSpolit functions
264.                 PAGE_EXECUTE_READWRITE = 0x40
265.                 ntdll = ctypes.windll.ntdll
266.                 NtProtectVirtualMemory = ntdll.NtProtectVirtualMemory
267.                 NtProtectVirtualMemory.restype = ctypes.c_long
268.  
269.                 # Get the base address of the process
270.                 base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
271.  
272.                 # Remove read/write protection from the process memory
273.                 old_protect = ctypes.c_ulong()
274.                 size = ctypes.c_size_t(0x1000)
275.                 NtProtectVirtualMemory(
276.                     ChaoSpolit.Pymem.process_handle,
277.                     ctypes.byref(ctypes.c_void_p(base_address)),
278.                     ctypes.byref(size),
279.                     PAGE_EXECUTE_READWRITE,
280.                     ctypes.byref(old_protect),
281.                 )
282.  
283.                 # Get the base address of the process again (after removing read/write protection)
284.                 base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
285.  
286.                 # Re-enable read/write protection for the process memory
287.                 NtProtectVirtualMemory(
288.                     ChaoSpolit.Pymem.process_handle,
289.                     ctypes.byref(ctypes.c_void_p(base_address)),
290.                     ctypes.byref(size),
291.                     old_protect,
292.                     ctypes.byref(ctypes.c_ulong()),
293.                 )
294.  
295.                 # Now attempt the pattern scan
296.                 return pymem.pattern.pattern_scan_all(
297.                     self.Pymem.process_handle,
298.                     self.PLAT(AOB_HexArray),
299.                     return_multiple=xreturn_multiple,
300.                 )
301.             except Exception as e:
302.                 print(f"Unknown error: ")
303.  
304.  
305.     def hex2le(self, hex: str):
306.         lehex = hex.replace(" ", "")
307.         lelist = []
308.         if len(lehex) > 8:
309.             while len(lehex) < 16:
310.                 lehex = "0" + lehex
311.             for i in range(0, len(lehex), 2):
312.                 lelist.append(lehex[i : i + 2])
313.             lelist.reverse()
314.             return "".join(lelist)
315.         if len(lehex) < 9:
316.             while len(lehex) < 8:
317.                 lehex = "0" + lehex
318.             for i in range(0, len(lehex), 2):
319.                 lelist.append(lehex[i : i + 2])
320.             lelist.reverse()
321.             return "".join(lelist)
322.  
323.  
324.     def isProgramGameActive(self):
325.         try:
326.             self.Pymem.read_char(self.Pymem.base_address)
327.             return True
328.         except:
329.             return False
330.  
331.     def DRP(self, Address: int, is64Bit: bool = None) -> int:
332.         Address = Address
333.         if type(Address) == str:
334.             Address = self.h2d(Address)
335.         if is64Bit:
336.             return int.from_bytes(self.Pymem.read_bytes(Address, 8), "little")
337.         if self.is64bit:
338.             return int.from_bytes(self.Pymem.read_bytes(Address, 8), "little")
339.         return int.from_bytes(self.Pymem.read_bytes(Address, 4), "little")
340.  
341.  
342.     def getRawProcesses(self):
343.         toreturn = []
344.         for i in pymem.process.list_processes():
345.             toreturn.append(
346.                 [
347.                     i.cntThreads,
348.                     i.cntUsage,
349.                     i.dwFlags,
350.                     i.dwSize,
351.                     i.pcPriClassBase,
352.                     i.szExeFile,
353.                     i.th32DefaultHeapID,
354.                     i.th32ModuleID,
355.                     i.th32ParentProcessID,
356.                     i.th32ProcessID,
357.                 ]
358.             )
359.         return toreturn
360.  
361.     def SimpleGetProcesses(self):
362.         toreturn = []
363.         for i in self.getRawProcesses():
364.             toreturn.append({"Name": i[5].decode(), "Threads": i[0], "ProcessId": i[9]})
365.         return toreturn
366.  
367.     def YieldForProgram(self, programName, AutoOpen: bool = False, Limit=1):
368.         Count = 0
369.         while True:
370.             if Count >= Limit:
371.                 return False
372.             ProcessesList = self.SimpleGetProcesses()
373.             for i in ProcessesList:
374.                 if i["Name"] == programName:
375.  
376.                     if AutoOpen:
377.                         self.Pymem.open_process_from_id(i["ProcessId"])
378.                         self.ProgramName = programName
379.                         self.Handle = self.Pymem.process_handle
380.                         self.is64bit = pymem.process.is_64_bit(self.Handle)
381.                         self.ProcessID = self.Pymem.process_id
382.                         self.PID = self.ProcessID
383.                     return True
384.             time.sleep(1)
385.             Count += 1
386.  
387.  
388.  
389.  
390. ChaoSpolit = ChaoSpolit()
391.  
392.  
393. print(Colorate.Horizontal(Colors.cyan_to_blue, f"Waiting for {selector}", 1))
394. while True:
395.     if ChaoSpolit.YieldForProgram(f"{selector}", True, 15):
396.         break
397.  
398.                
399.  
400. def ReadRobloxString(ExpectedAddress: int) -> str:
401.         try:
402.             StringCount = ChaoSpolit.Pymem.read_int(ExpectedAddress + 0x10)
403.             if StringCount > 15:
404.                 return ChaoSpolit.Pymem.read_string(ChaoSpolit.DRP(ExpectedAddress), StringCount)
405.             return ChaoSpolit.Pymem.read_string(ExpectedAddress, StringCount)
406.         except TypeError as e:
407.             print(f"TypeError: {e} \n" + "Rsp3")
408.             exit()
409.  
410. def GetClassName(Instance: int) -> str:
411.     ExpectedAddress = ChaoSpolit.DRP(ChaoSpolit.DRP(Instance + 0x18) + 8)
412.     return ReadRobloxString(ExpectedAddress)
413.  
414. def setParent(Instance, Parent, parentOffset, childrenOffset):
415.     ChaoSpolit.Pymem.process_handle = ctypes.windll.kernel32.OpenProcess(
416.                     0x1F0FFF,  # PROCESS_ALL_ACCESS
417.                     False,  # False = do not inherit handles
418.                     ChaoSpolit.Pymem.process_id,
419.                 )
420.  
421.                 # Define necessary ChaoSpolit functions
422.     PAGE_EXECUTE_READWRITE = 0x40
423.     ntdll = ctypes.windll.ntdll
424.     NtProtectVirtualMemory = ntdll.NtProtectVirtualMemory
425.     NtProtectVirtualMemory.restype = ctypes.c_long
426.  
427.                 # Get the base address of the process
428.     base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
429.  
430.                 # Remove read/write protection from the process memory
431.     old_protect = ctypes.c_ulong()
432.     size = ctypes.c_size_t(0x1000)
433.     NtProtectVirtualMemory(
434.         ChaoSpolit.Pymem.process_handle,
435.         ctypes.byref(ctypes.c_void_p(base_address)),
436.         ctypes.byref(size),
437.         PAGE_EXECUTE_READWRITE,
438.         ctypes.byref(old_protect),
439.     )
440.  
441.                 # Get the base address of the process again (after removing read/write protection)
442.     base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
443.  
444.                 # Re-enable read/write protection for the process memory
445.     NtProtectVirtualMemory(
446.                     ChaoSpolit.Pymem.process_handle,
447.                     ctypes.byref(ctypes.c_void_p(base_address)),
448.                     ctypes.byref(size),
449.                     old_protect,
450.                     ctypes.byref(ctypes.c_ulong()),
451.     )
452.    
453.     ChaoSpolit.Pymem.write_longlong(Instance + parentOffset, Parent)
454.     newChildren = ChaoSpolit.Pymem.allocate(0x400)
455.     ChaoSpolit.Pymem.write_longlong(newChildren, newChildren + 0x40)
456.  
457.     ptr = ChaoSpolit.Pymem.read_longlong(Parent + childrenOffset)
458.     childrenStart, childrenEnd = ChaoSpolit.Pymem.read_longlong(ptr), ChaoSpolit.Pymem.read_longlong(ptr + 8)
459.  
460.     if childrenStart == 0 or childrenEnd == 0 or childrenEnd <= childrenStart or (length := childrenEnd - childrenStart) < 0:
461.         print("\033[91mError: Invalid children range. Line: Rsp16\033[0m" if childrenStart == 0 or childrenEnd == 0 or childrenEnd <= childrenStart else "\033[91mError: Negative length for children array. Line: Rsp17\033[0m")
462.         exit()
463.  
464.     b = ChaoSpolit.Pymem.read_bytes(childrenStart, length)
465.     ChaoSpolit.Pymem.write_bytes(newChildren + 0x40, b, len(b))
466.     e = newChildren + 0x40 + length
467.     ChaoSpolit.Pymem.write_longlong(e, Instance)
468.     ChaoSpolit.Pymem.write_longlong(e + 8, ChaoSpolit.Pymem.read_longlong(Instance + 0x10))
469.     e += 0x10
470.     ChaoSpolit.Pymem.write_longlong(newChildren + 0x8, e)
471.     ChaoSpolit.Pymem.write_longlong(newChildren + 0x10, e)
472.  
473.  
474. def inject():
475.     nameOffset = 72
476.     parentOffset = 96
477.     childrenOffset = 80
478.  
479.     def GetDataModel() -> int:# lua and cipher
480.         guiroot_pattern = b"\\x47\\x75\\x69\\x52\\x6F\\x6F\\x74\\x00\\x47\\x75\\x69\\x49\\x74\\x65\\x6D"
481.         guiroot_address = ChaoSpolit.AOBSCANALL(guiroot_pattern, xreturn_multiple=False)
482.         if guiroot_address != 0:
483.             RawDataModel = ChaoSpolit.DRP(guiroot_address + 0x38)
484.             DataModel = RawDataModel + 0x150
485.             return DataModel - 0x8
486.         else:
487.             print("Critical Error please restart the program")
488.             exit()  
489.     dataModel = GetDataModel()
490.     for i in range(0x10, 0x200 + 8, 8):
491.         ptr = ChaoSpolit.Pymem.read_longlong(dataModel + i)
492.         if ptr:
493.             try:
494.                 childrenStart = ChaoSpolit.Pymem.read_longlong(ptr)
495.                 childrenEnd = ChaoSpolit.Pymem.read_longlong(ptr + 8)
496.                 if childrenStart and childrenEnd:
497.                     diff = childrenEnd - childrenStart
498.                     if diff > 1 and diff < 0x1000:
499.                         childrenOffset = i
500.                         break
501.             except:
502.                 pass
503.     print(Colorate.Horizontal(Colors.cyan_to_blue, "Done", 1))
504.  
505.     def GetNameAddress(Instance: int) -> int:
506.         try:
507.        
508.                 ExpectedAddress = ChaoSpolit.DRP(Instance + nameOffset, True)
509.  
510.  
511.                 return ExpectedAddress
512.         except TypeError as e:
513.             print(f"TypeError: {e} \n" + "Line: Rsp8")
514.             exit()
515.  
516.        
517.  
518.     def GetName(Instance: int) -> str:
519.         ExpectedAddress = GetNameAddress(Instance)
520.         return ReadRobloxString(ExpectedAddress)
521.  
522.     def GetChildren(Instance: int) -> str:
523.         ChaoSpolit.Pymem.process_handle = ctypes.windll.kernel32.OpenProcess(
524.                     0x1F0FFF,  # PROCESS_ALL_ACCESS
525.                     False,  # False = do not inherit handles
526.                     ChaoSpolit.Pymem.process_id,
527.                 )
528.  
529.                 # Define necessary ChaoSpolit functions
530.         PAGE_EXECUTE_READWRITE = 0x40
531.         ntdll = ctypes.windll.ntdll
532.         NtProtectVirtualMemory = ntdll.NtProtectVirtualMemory
533.         NtProtectVirtualMemory.restype = ctypes.c_long
534.  
535.                     # Get the base address of the process
536.         base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
537.  
538.                     # Remove read/write protection from the process memory
539.         old_protect = ctypes.c_ulong()
540.         size = ctypes.c_size_t(0x1000)
541.         NtProtectVirtualMemory(
542.             ChaoSpolit.Pymem.process_handle,
543.             ctypes.byref(ctypes.c_void_p(base_address)),
544.             ctypes.byref(size),
545.             PAGE_EXECUTE_READWRITE,
546.             ctypes.byref(old_protect),
547.         )
548.  
549.                     # Get the base address of the process again (after removing read/write protection)
550.         base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
551.  
552.                     # Re-enable read/write protection for the process memory
553.         NtProtectVirtualMemory(
554.                         ChaoSpolit.Pymem.process_handle,
555.                         ctypes.byref(ctypes.c_void_p(base_address)),
556.                         ctypes.byref(size),
557.                         old_protect,
558.                         ctypes.byref(ctypes.c_ulong()),
559.         )
560.         ChildrenInstance = []
561.         InstanceAddress = Instance
562.         if not InstanceAddress:
563.             return False
564.         ChildrenStart = ChaoSpolit.DRP(InstanceAddress + childrenOffset, True)
565.         if ChildrenStart == 0:
566.             return []
567.         ChildrenEnd = ChaoSpolit.DRP(ChildrenStart + 8, True)
568.         OffsetAddressPerChild = 0x10
569.         CurrentChildAddress = ChaoSpolit.DRP(ChildrenStart, True)
570.         try:
571.             for i in range(0, 9000):
572.                 if i == 8999:
573.                     raise ValueError("Invalid children please rerun the program! Line: Rsp9")
574.  
575.                 if CurrentChildAddress == ChildrenEnd:
576.                     break
577.                 ChildrenInstance.append(ChaoSpolit.Pymem.read_longlong(CurrentChildAddress))
578.                 CurrentChildAddress += OffsetAddressPerChild
579.             return ChildrenInstance
580.         except ValueError as e:
581.             print(f"\033[91mError: {e}\033[0m")
582.             exit()
583.  
584.     def GetParent(Instance: int) -> int:
585.         return ChaoSpolit.DRP(Instance + parentOffset, True)
586.  
587.     def FindFirstChild(Instance: int, ChildName: str) -> int:
588.         ChildrenOfInstance = GetChildren(Instance)
589.         for i in ChildrenOfInstance:
590.             if GetName(i) == ChildName:
591.                 return i
592.  
593.     def FindFirstChildOfClass(Instance: int, ClassName: str) -> int:
594.         ChildrenOfInstance = GetChildren(Instance)
595.         for i in ChildrenOfInstance:
596.             if GetClassName(i) == ClassName:
597.                 return i
598.            
599.     def GetDescendants(Instance: int) -> list:
600.  
601.         descendants = []
602.  
603.         def _get_descendants_recursive(current_instance: int):
604.             children = GetChildren(current_instance)
605.             descendants.extend(children)  # Add direct children
606.  
607.             # Recurse into each child
608.             for child in children:
609.                 _get_descendants_recursive(child)
610.  
611.         _get_descendants_recursive(Instance)
612.         return descendants
613.    
614.  
615.  
616.  
617.     class toInstance:
618.         def __init__(self, address: int = 0):
619.             self.Address = address
620.             self.Self = address
621.             self.Name = GetName(address)
622.             self.ClassName = GetClassName(address)
623.             self.Parent = GetParent(address)
624.  
625.         def getChildren(self):
626.             return GetChildren(self.Address)
627.  
628.         def findFirstChild(self, ChildName):
629.             return FindFirstChild(self.Address, ChildName)
630.  
631.         def findFirstClass(self, ChildClass):
632.             return FindFirstChildOfClass(self.Address, ChildClass)
633.  
634.         def setParent(self, Parent):
635.             setParent(self.Address, Parent)
636.  
637.         def GetChildren(self):
638.             return GetChildren(self.Address)
639.  
640.         def GetDescendants(self):
641.             return GetDescendants(self.Address)
642.  
643.         def FindFirstChild(self, ChildName):
644.             return FindFirstChild(self.Address, ChildName)
645.  
646.         def FindFirstClass(self, ChildClass):
647.             return FindFirstChildOfClass(self.Address, ChildClass)
648.  
649.         def SetParent(self, Parent):
650.             setParent(self.Address, Parent, parentOffset, childrenOffset)
651.  
652.     game = toInstance(dataModel)
653.     players = toInstance(game.FindFirstClass("Players"))
654.     localPlayer = toInstance(players.GetChildren()[0])
655.     workspace = toInstance(game.GetChildren()[0])
656.     character_found = False
657.  
658.     for obj in workspace.GetDescendants():
659.         obj_name = GetName(obj)
660.         if obj_name == localPlayer.Name:
661.             character = toInstance(obj)
662.             print("Found Character")
663.             character_found = True
664.             break
665.  
666.     if not character_found:
667.         print("No Character")
668.         return None
669.  
670.     animateScript = character.findFirstClass("LocalScript")
671.     if animateScript is None:
672.         print("No Animate")
673.         return None
674.     print("Injecting...")
675.     targetScript = toInstance(animateScript)
676.     injectScript = None
677.     results = ChaoSpolit.AOBSCANALL("496E6A656374????????????????????06", True)
678.     if results == []:
679.         print("\033[35mPlease find another teleporter! Line: Rsp11\033[0m")
680.         return None
681.     for rn in results:
682.         result = rn
683.         bres = ChaoSpolit.d2h(result)
684.         aobs = "".join(bres[i - 1: i] for i in range(1, 17))
685.         aobs = ChaoSpolit.hex2le(aobs)
686.         first = False
687.         res = ChaoSpolit.AOBSCANALL(aobs, True)
688.         if res:
689.             valid = False
690.             for i in res:
691.                 result = i
692.                 offset_result = result - nameOffset
693.                 try:
694.                     if ChaoSpolit.Pymem.read_longlong(offset_result + 8) == offset_result:
695.                         injectScript = offset_result
696.                         break
697.                 except:
698.                     pass
699.         if valid:
700.             break
701.     injectScript = toInstance(injectScript)
702.     print("Attached to :", ChaoSpolit.d2h(injectScript.Self))
703.     chunk_size = 20
704.  
705.  
706.     original_data = b""
707.  
708.     for i in range(0, 0x150, chunk_size):
709.         chunk = ChaoSpolit.Pymem.read_bytes(injectScript.Self + 0x100 + i, chunk_size)
710.         original_data += chunk
711.         time.sleep(random.uniform(0.05, 0.1))
712.     original_hash = hashlib.md5(ChaoSpolit.Pymem.read_bytes(injectScript.Self + 0x100, 0x150)).hexdigest()
713.     if original_hash != hashlib.md5(original_data).hexdigest():
714.         for i in range(0, 0x150, chunk_size):
715.             chunk = original_data[i:i + chunk_size]
716.             ChaoSpolit.Pymem.write_bytes(targetScript.Self + 0x100 + i, chunk, len(chunk))
717.             time.sleep(random.uniform(0.05, 0.1))
718.     coreGui = toInstance(game.GetChildren()[31])
719.     targetScript.SetParent(coreGui.Self)
720.     return True
721.  
722.  
723. if __name__ == "__main__":
724.     global name
725.     input("Press Enter to inject!")
726.     name = threading.Thread(target=undetectname)
727.     name.start()
728.     if inject():
729.         Roblox = ChaoSpolit.YieldForProgram(f"{selector}")
730.         print("Reset your character to load the executor")
731.         stop_thread = True  # Stop the thread
732.         name.join()  # Wait for the thread to finish
733.         os._exit(1)
734.     else:
735.         Roblox = ChaoSpolit.YieldForProgram(f"{selector}")
736.         print("\033[35mError during injection! Line: Rsp12\033[0m")