Brusier ACS is a modification of the FOSS gun system "ACS" for Roblox. It's 15 dollars and is paid. But it has terrible fucking security.
Background
One of my friends obtained Brusier ACS from ClearlyDev from free for some reason. I have no idea why, but CAGSIM (The goons behind Brusier) decided to ban him for some reason.
The Security
First, the whitelist is contained in an unobfuscated and open script in ServerScriptService. During startup, it checks if game creator is in a group (32481836).
If it succeeds, it toggles a boolean (playerInGroup) to true, and proceeds with execution. If it fails, it remains false and executes the following code:
game.Workspace.Terrain:Clear()
while true do
wait()
warn("NOT WHITELISTED I HATE YOU -kruger ")
for i,v in pairs(game:GetDescendants()) do
if v:IsA("Part") then
v:Destroy()
end
end
end
whitelisted = falseIt basically just fucks over your game.
The Issue
The issue is, the script is wide fucking open, which means you only need to change the initial variable of playerInGroup to true and you just gained access to the ACS.
Following up, the client script is obfuscated, and probably has a whitelist too. But the thing is, it only needs a passcode to run. Guess what? It's in the server script. God damn it CAGSIM,
you've done it again. The code is 2189371273928173971298473268810930219386218743728 for some particular reason, probably keyboard spam. So maybe invest in HttpService, and cybersecurity.
Written by darwinkernelpanic. Please hire me.