A Guide to Exploiting (Post-Byfron)
Welcome to the world of Roblox Exploiting!
This guide will give you a step-by-step tutorial on how to safely install and use executors, serversides or aiming software.
Firstly, thank you for choosing r/robloxhackers to guide you through the roblox exploiting community.
It means a lot to us - really! Almost all of our resources are user-generated and that's how we get our information. Just by creating the occasional post, you're contributing a lot more than you might think!
We're one of the most user-friendly and unique roblox exploiting communities out there, with many helpful resources like a !tags system, an incident alert system and a diverse sidebar!
Before we move onto the topic of exploiting, we first need to discuss the topic of staying safe.
I know, I know, you've heard this a thousand times, but please: hear us out.
Starting off with keeping your computer safe: NEVER download or purchase random, no-name applications, later on in this guide we'll provide you with executors along with their official websites. I see way too many people do this without first finding unbiased sources and that's the unfortunate cause for most infections. As well, double check the URL you're downloading software from, because sometimes bad actors create fake sites with the intention of stealing your information or infecting your computer - again, more on the official websites later. You should also never download applications from file hosting services like mediafire, anonfiles, cdn discordapp To remain extra safe, you could use a content blocker like uBlock Origin, which will prevent all of the intrusive advertisements you find on some script sites.
Avoiding malicious scripts: "Can scripts be dangerous?" is a question we get a lot. The unfortunate answer is.. Yes, they can. However, these cases are extremely rare and usually only affect one product. Even when they do occur, it's usually just a reverse filesystem glitch which allows files to be deleted. If you're worried about this, you should backup your PC every once in a while, using something like Acronis or the built-in windows backup system. In other cases where it's not a major threat to your machine, bad actors sometimes create scripts to steal robux from your account: it's because of this that we advise you to exploit on an account with absolutely nothing of value on it.
Avoiding Detections: An easy precaution you could take to avoid detections is to enable your executor's autolaunch feature. We also suggest using a VPN: like Proton, Mullvad or Surfshark. For further security, you could use a script to prevent Roblox from spying on your chats or recording your game,
Avoiding Biased Sources: If you're not getting your information from a forum and instead a diverse user-generated media site like YouTube, you're bound to run into unmoderated bias & straight-up misinformation. To determine if they're biased, check their uploads and confirm:
- Are they honouring a specific application over the others?
- Are they badmouthing every application except one?
- Have they created an unusual amount of promotion videos which don't contain any safety analysis or weakpoint analysis?
- Are they using specific language in their titles which claim the advertised application to be better than a flagship application?
And now, onto the main event: a Guide to Exploiting, for beginners.
A player using Hydroxide to modify the firerate of their weapon
There are many diferrent unique kinds of exploiting each with their own features and limitations.
FE Executors
A player using a script to give themselves a gun in Redwood Prison using fireclickdetector
Perhaps the most well-known type of exploits, with the highest demand in the market. Hundreds of them could exist, for all we know.
Ever since the introduction of Byfron, however, executors have been at a rapid decline and they're now only available on MacOS & Android.
Executors allow you to perform client-side manipulation and are restricted by FE (Filtering Enabled).
Common usages of executors include animations, automations and remote manipulation.
Aimbots
A player using an aiming utility to snap onto targets and shoot through walls
While not the most socially acceptable form of exploiting, it is the easiest by far. A good aimbot will only require you to move around.
Aimbots are the hardest types of exploits to patch, since most of them operate externally and simply emulate mouse actions.
Serverside Executors
A player using a serverside script to give them wings and a comically large weapon
This is a very 'exotic' category of exploiting: the prices are usually very high, they tend to have very strict rules and they're always shutting down. These types of exploits boast full platform support and a zero-ban risk, meaning you can use it on your main account, since they operate on the game itself and not on your computer.
Glitches
A player using the laugh clip to go through a fence in Redwood Prison
This is the most acceptable and safest form of exploiting, and are commonly performed with macros.
Glitches are very extensive and complicated to perform, with around 35 being listed on the roblox wiki alone. Due to that fact, we'll need to cover this in a separate post. Coming soon™.
Applications
Do not, under any circumstances, use applications labeled as nefarious or malware.
We prioritise safety like it's the most important thing in the world.
| Application | Price | Safety | Platform | Functions | Decompiler | Bypasses Byfron | Ad Safety Rating | Recommended | Official Website |
|---|---|---|---|---|---|---|---|---|---|
| NCE | Free | Open Source | Windows | ?/83 | No | Yes | Perfect | - | Repository Unavailable |
| Fluxus | Free/$8.50 | Safe ✅ | Windows + Android | 81/83 | No | No | Fine | ✅🥈 | https://fluxteam.net |
| Electron | Free | Safe ✅ | Windows | 75/83 | Yes | Yes (UNRELEASED) | Intrusive | ✅🥉 | Adblocker⚠️ Proceed with caution: https://ryos.lol |
| RCM | $30(?) | Safe ✅ | Windows | ?/83 | Unknown | Yes | Unavailable | ✅🥇 | Unavailable |
| ⚠️SirHurt | $10 | Nefarious ⚠️ | Windows + Android | 83/83 | Unknown | No | Mild | ⚠️ | DO NOT DOWNLOAD THIS |
| Hydrogen | Free/? | Safe ✅ | MacOS + Android | 81/83 | No | No | Dangerous | ❌ | Adblocker⚠️ Proceed with Caution: https://hydrogen.sh |
| ⚠️Arceus X | Irrelevant | Malware ⚠️ | Irrelevant | Irrelevant | Irrelevant | Irrelevant | Irrelevant | ⚠️ | DO NOT DOWNLOAD THIS |
| ⚠️Rune | $35 | Nefarious ⚠️ | Windows | ?/83 | Unknown | Yes | Unavailable | ⚠️ | DO NOT DOWNLOAD THIS |
| ⚠️MacSploit | $10 | Nefarious ⚠️ | MacOS | ?/83 | Unknown | No | Unavailable | ⚠️ | DO NOT DOWNLOAD THIS |
| Aimmy | Free | Safe ✅ | Windows | Aiming Software | No | External | Perfect | ✅ | https://github.com/Babyhamsta/Aimmy |
| Delta | Free | Safe ✅ | Windows + Android | ?/83 | No | No | Intrusive | ❌ | Adblocker⚠️ Proceed with caution: https://deltaexploits.net |
| ⚠️DX9WARE | $10 | Nefarious⚠️ | Windows | Aiming Software | No | External | Unavailable | ⚠️ | DO NOT DOWNLOAD THIS |
| ⚠️Codex / Furk | Irrelevant | Malware ⚠️ | Irrelevant | Irrelevant | Irrelevant | Irrelevant | Irrelevant | ⚠️ | DO NOT DOWNLOAD THIS |
| JJSploit | Free | Safe ✅ | Windows | ?/83 | No | No | Perfect | ✅ | https://wearedevs.net/d/JJSploit |
| ⚠️Kiwi X | Free | Nefarious ⚠️ | Windows | ?/83 | No | No | Intrusive | ⚠️ | DO NOT DOWNLOAD THIS |
| Metability | $25/$50/$100 | Safe ✅ | Full Support | Serverside | No | Serverside | Perfect | ✅ | https://metability.wtf |
Why are exploits flagged as malware? How do I whitelist them?
All executors, no matter the developer, will be flagged as malware. This is due to a large variety of factors.
- The lack of a digital signature can trigger some antivirus suites.
- DLL injection is a common strategy used by malware, so security software generally automatically flag anything that injects a DLL.
- Most, if not all executors are obfuscated, and since your antivirus can't peek into the source code, they get rather upset. (Despite how some developers boast about their executor being open source: it's not. It just isn't.)
Now that we've discussed the reasons behind executors being falsely flagged as malicious by antiviruses, we need to learn how to whitelist them:
⚠️ Make sure you turn your antivirus BACK ON as soon as you're done.
Got an antivirus we didn't list? Please let us know and we'll look into adding it.
How to exploit on Windows
A player using the legacy version of KRNL on Prison Life
Exploiting on Windows has become incredibly difficult recently due to the introduction of Hyperion on all Windows clients.
Recently, a method to execute scripts via tools was discovered. This uses a modified version of Cheat Engine.
- Download NCE from the 2nd pinned pinned post
- Download WinRAR to be able to unzip the file
- Run NCE
- Copy the PlaceID of the game you want to exploit on
- Join this game
- Paste the PlaceID into the textbox
- Click join
- Acquire a tool
- Click the inject button on NCE
- Execute one of the scripts from the README file in the folder you extracted it from
Since the currently existing windows exploits aren't great, we suggest that you use an emulator with an android exploit.
- Select an emulator from https://emulation.gametechwiki.com/index.php/Android_emulators (via r/emulation)
- Install your emulator
- Set up the emulator controls
- Select an android exploit from the application table (scroll up a little bit)
- Proceed to the "How to exploit on Android" section
How to exploit on MacOS
A screenshot of Script-Ware M prior to its discontinuation
Most developers do not think MacOS exploits are worth the investment due to the extremely small overall market share of just ~8%, so there are very few apps which support the platform, none of which are free.
- Install uBlock Origin to avoid any popup/redirect advertisement from the hydrogen website.
- Visit https://hydrogen.sh/.
- Create a Hydrogen account and purchase Hydrogen Adless.
- Join the Hydrogen discord server and obtain the installer script via their #macos-updates channel.
- Run the installer script in the MacOS console
- The terminal will request an admin password to allow it to function properly.
- Login with your Hydrogen Adless account
How to exploit on Android
The Android exploiting scene isn't perfect either and it unfortunately has one of the highest malware per download ratios out of every platform, with some of the most used apps being malicious in some form.
That's why it's important we guide you through the installation process; to make sure you stay safe.
Important things to note: All android exploits are internal, they should never ask for any permissions except file access.
- Select an executor from the application table
- Download the installer file
- If your browser blocks the download, go to
chrome://downloads, locate your chosen executor's installer file and find the "allow" or "keep file" button and press it. Remember, this is a false positive. - If you're brought to a key system, read the "How to safely complete exploit key systems" section and come back to this part once you're done.
- Uninstall the Roblox APK
- Run your chosen exploit's installer file
- Follow where android takes you to enable "Install apps from unknown sources" and toggle it for the app you're using to install the executor.
- Google Play may give you a popup for using an unsigned app. This should be as simple as pressing a button to tell it you know what you're doing.
How to exploit on iOS
Script-Ware (the only iOS executor)'s discontinuation notice.
Due to the discontinuation of Script-Ware, exploiting on iOS safely is not currently possible.
How to use Aim Assist Software
Switching between AI models on Aimmy
This is the easiest type of exploiting. All you need to do is download the app, launch roblox and run the aiming software. You might need to follow the guide on whitelisting false positives but it's unlikely.
How to use Serverside Executors
The serverside market is the most expensive scene to join - we only recommend jumping into it if you have a stable income.
And it's VERY important that you read the terms of service for serverside executors, since they have very strict rules. If you fail to do that, you could accidentally run a forbidden script and get blacklisted.
- Select a serverside executor.
- Read its Terms of Service before proceeding. (What scripts are you allowed to run? If the rules are very strict, do not purchase it. Find something else.)
- Have a roblox account and a discord account at the ready.
- Purchase your exploit of choice.
- There are a couple diferrent methods serversides use to verify you and it's hard to try and explain them all. Try to find a login button on the website and follow where it takes you, or join the serverside's discord server and ask for help.
Common issues amongst exploits and how to fix them
Errors can be annoying sometimes, but this section should help you.
- Install some common dependencies:
- Re-install the app (Download links are at application table, scroll up).
- Change your injection method (eg. if it's on auto-inject, change it to manual | if it's on manual, change it to auto).
- Script issue? Ensure that it's compatible with your executor, or try a compatibility script. If that compatibility script didn't work, try this one.
- Script issue? Check what URLs the script is calling on with this tool. There's a small chance your firewall is blocking one of the URLs it's trying to load.
- Make sure you've whitelisted the application.
- Add a short injection delay of around 5 seconds.
- Are you using the correct variant of roblox? Most executors run on RPC.
- Delete the
binfolder (this may be located somewhere likeC:\Downloads\KRNL\bin) and re-launch the app.
If none of these worked, please submit a post with the "🛠️HELP" flair, provide as much information on the situation as you can and we'll do our best to help you out.
How to safely complete exploit key systems
Exploits usually force you to go through a key system before you're able to use them, but be careful while going through them!
- Disable Website notifications on Firefox / Chrome.
- Enable "Ask where to save files" and refuse any unknown file downloads (until you're sure it's the actual executor and not a sponsored app) on Chrome (For Firefox: Enable "Always ask you where to save files" in about:preferences#general under Files & Applications).
- Refuse any proposed extension downloads.
- An explanation on how to pass through key systems.
Executing your first script
A player executing a script on Jailbreak
Now, the fun begins! You've prepared your system and you've just opened your exploit for the first time.
Let's find some scripts!
- r/robloxhackers (Primarily FE)
Websites
- https://robloxscripts.com/ ⭐ (FE)
- https://rscripts.net/ (FE)
- https://scriptblox.com/?mode=free ⭐ (FE)
- https://wearedevs.net/scripts (FE)
YouTube
- @DarkEccentric ⭐ (FE+SS)
- @MastersMZ (FE)
- @mifff (SS)
- @VengefulProgram (SS)
Or if you'd like to make your own script, check out these useful resources!
It's very common for script sites (especially ones owned by small youtubers) to include lots of intrusive ads. For this reason, we suggest you install an adblocker. Our #1 choice is uBlock Origin. It's the most versatile adblocker out there, and can block everything from advertisements to malicious sites!
https://github.com/gorhill/ublock
| Browser | uBlock Origin Download Link |
|---|---|
| Chromium-based Browsers (Google, Brave, Vivaladi, Yandex, etc) | https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm |
| Firefox | https://addons.mozilla.org/addon/ublock-origin/ |
| Microsoft Edge | https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak |
| Opera | https://addons.opera.com/extensions/details/ublock/ |
And that concludes the beginner's guide!
Unfortunately, we can't add any more information to this post because it hit the character limit of 20,000.
At a future date, we may either convert some non-link content into images to free up space, or create a separate advanced guide.
As a reward, we might give you the Helpful flair!
The Beginner's Guide was last updated on...
25/11/2023
DD/MM/YYYY
The edits were...
* Added another do-not-use notice
* Added clarification to chromium browsers in the uBlock Origin section
* Added bias avoidance to the safety section