search

Riz-ve / Xeno

Xeno: An external script executor for Roblox made entirely in C++. It uses a working but semi-detected method of overwriting the bytecode of a corescript to manage script execution
https://rizve.us.to/Xeno/
Apache License 2.0
30 stars 15 forks source link
cpp cpp-httplib csharp executors-for-roblox exploit exploit-development httplib learning-resources lua luau roblox roblox-executer visual-studio xxhash zstd

readme

[!WARNING] You are most likely going to be banned since this is detected by Byfron. Use an alt account while running Xeno. Use the repository to understand what's happening and how it works. I am not liable for any bans

Xeno

An executor made for the web version of Roblox.

It uses the common method of writing unsigned bytecode into a Roblox core module script to manage execution, also more stable and flexible than most executors that has used this exact method.

Donation

I have made a total of $11.62 from making the project Xeno. I would highly appreciate any donations that were given to me by anyone since I have spent a lot of time working on this project.

CashApp: $RizveA

PayPal: RizveA

Top 3 Donators:

  1. kq: $11.62
  2. None
  3. None

Note

If you're going to use my source and "skid" off of it atleast use the license and give credits. Don't be like the others who used my entire source code and claimed it as their own without mentioning anything about Xeno nor the publisher + distributing & selling to others.

Features

I have only used this project to learn C++ and a bit of C#.

Do not expect the best code and memory management. You will see really bad code and design on the XenoUI C# WPF project since it was only made as a prototype.

This executor has many vulnerabilities because only I have used Xeno and did not make a public release.

Custom functions examples:

-- get real address
local address = Xeno.get_real_address(game:GetService("ScriptContext"))
print("Script context address:", string.format("0x%x", address))

-- spoof instance
Xeno.spoof_instance(game:GetService("CoreGui"), 0) -- set the address of coregui to 0
Xeno.spoof_instance(game.Players.LocalPlayer, Instance.new("Part")) -- set the localplayers address to a part

-- http spy
Xeno.HttpSpy() -- set http spy to true
Xeno.HttpSpy(false) -- set httpspy to false

-- globals (shared across all clients, saved inside the executor)
-- similar to Instance:GetAttribute() but supports tables
-- global name, value
Xeno.SetGlobal("__test", { -- can only set table, number, and string as a global
    ["test_text"] = "hello, world!"
})

local t = Xeno.GetGlobal("__test") -- the table we just set
print(t.test_text) -- hello, world!

-- other
print(Xeno.PID) -- current roblox process id
print(Xeno.GUID) -- the guid it is using to communicate with the external

The current method of adding HttpGet to "game" interferes with some scripts like dex. To execute dex run this script:

getgenv().game = workspace.Parent

This will remove HttpGet from game! You can use the modified version of dex made for Xeno inside the released files

Preview

This is the UI of the version 1.0.1:

Preview

The Current UNC is ~75%

Preview

Dependencies

This project uses the following libraries:

Dependencies are managed with vcpkg. Install them with this command:

vcpkg install xxhash zstd openssl

The proper version of httplib is already included inside this project

Credits

Thank you Incognito for the method.

Thanks to others that has helped me with decompressing, and compressing the bytecode.

Thanks to the Init script of TaaprWareV2 by plusgiant5

Thanks to nhisoka for helping me out at the start of this project