Prometheus icon indicating copy to clipboard operation
Prometheus copied to clipboard
verified publisher icon prometheus-lua

Antitamper vulnerability found

Open 3skue opened this issue 10 months ago • 7 comments

I have found a vulnerability in the Antitamper. By simply replacing pcall and making it return a metatable, you can take advantage of the way the antitamper validates error messages.

do -- ANTI-ANTITAMPER
	local unpack = unpack or table.unpack
	
	local oldPcall = pcall
	pcall = function(f, ...)
		local result = { oldPcall(f, ...) }
		local message = result[2]

		if (not result[1] and type(message) == "string" and string.find(message, "attempt to perform arithmetic")) then
			local sourcePos = message:find(":(%d*):")
			local source = message:sub(1, sourcePos).."1:"

			local spoof
			spoof = setmetatable({ gsub = function() return spoof end }, {
				__eq = function() return true end;
				__tostring = function() return source.." attempt to perform arithmetic (pow) on string and number" end
			})

			return false, spoof
		end

		return unpack(result)
	end
end

(Tested on Roblox without UseDebug)

3skue avatar Apr 27 '25 16:04 3skue