Skip to content

SinisterClient overview

SinisterClient is the Windows desktop app for Sinister subscribers. It signs you in, proxies Roblox so joins can be captured, talks to Sinister servers for resolves, and exposes a small localhost bridge for optional custom in-game scripts.

This page is the product overview. Step-by-step guides are linked in the sidebar.


What SinisterClient does

CapabilityDescription
Licensed desktop buildPersonal SCB-* executable tied to your Discord account and PC (HWID)
Roblox proxyLaunches or routes Roblox so connection data can be intercepted for resolves
Pending interceptStores the resolve target (username, job, VIP code, reserved access, etc.) from your join attempt
Resolve UIPower, duration, chains, and resolve types allowed by your plan
Local bridgeHTTP on 127.0.0.1:4771147721 for Lua bridge integrations
Session syncHeartbeat and telemetry so the backend knows you are online

SinisterClient is not Sinister Script. Script subscribers use /get-script for the in-game product. See Sinister Script overview.


Requirements

  1. Active subscription with client access (access_client on your plan). Check with /status.
  2. Windows PC — run the installer as Administrator when the guide asks (proxy needs elevation).
  3. Linked Roblox cookie on your Discord account. See Link your cookie.
  4. Personal build SCB-* from /get-client or /redeem-key. See Download your build.
  5. Launch order: start SinisterClient before Roblox so the proxy and intercept capture work.

Typical workflow

Redeem key / get-client  →  Download SCB-*  →  Sign in (Discord ID + build key + cookie)
        →  Launch Roblox through client  →  Join target (capture intercept)
        →  Press Resolve (or luaBridge.resolve() in-game)  →  Join result IP

Skipping launch through the client is the most common cause of empty intercepts and failed resolves.


Credentials and login

On first run, SinisterClient needs:

FieldSource
Discord user ID/get-client embed or /status
Build key (SCB-…)Same — personal dist key
Roblox cookieCookie portal via /auto-link or client prompt

The app obtains a session JWT from Sinister servers. If it expires, sign in again. The Lua bridge reads that token from GET /token on localhost.


Proxy and pending intercept

When you join a game through SinisterClient’s proxy, the app watches the connection and builds a pending intercept — the same payload you see in the UI before clicking Resolve:

  • Username / snipe targets
  • Place and job IDs from the join flow
  • Reserved server access codes
  • VIP / private server link data

Resolve does not guess the target. It uses this intercept (or an equivalent target from Discord/API flows on supported plans).

Details: Resolve from SinisterClient.


Localhost bridge (Lua bridge)

While signed in, SinisterClient listens on 127.0.0.1 (ports 4771147721) for:

  • Health checks
  • Token export
  • Intercept read
  • Trigger resolve (same as the UI button)
  • Optional schedule feedback

Custom executor scripts use the public module lua_bridge_sinclient.lua from your Sinister host. Full reference: Lua bridge.

Sinister Script may also read intercept data from the same bridge when SinisterClient is running on the same machine.


Resolve types and limits

What you can run depends on plan flags (resolve_normal, resolve_reserved, VIP variants, etc.). The UI and Discord commands hide types you do not have.

Plans also enforce daily resolve counts and cooldowns. Admins and some tiers bypass limits. The client should show a clear message when rate limited.

TypeTypical use
Username / snipeTarget in a public server by name
Game / jobYou already have place ID and job UUID
ReservedReserved server access code captured at join
VIP / privateLink ID, link code, or access code flows

Discord slash commands (/resolve, /vip, etc.) can trigger the same pipeline if your tier includes them.


OOB verification

Some resolves open a browser hCaptcha step before completing. Complete the page and return to the client or Discord for the result.

OOB verification


Security and HWID

Each SCB-* build is bound to one PC (hardware fingerprint). Running the same key on a second machine can trigger leak detection and revocation.

Your build may also block:

  • Virtual machines
  • Debuggers
  • Remote desktop tools
  • VPNs (plan-dependent)

Use /request-security-change in Discord to ask for an exception on your build.


Updates and rebuilds

When Sinister ships a new client version, your build may requeue automatically. Run /get-client again for a fresh download link.

Security toggle changes also repackage your build — wait for the DM/embed to show ready before downloading.


Troubleshooting

ProblemWhat to try
No intercept / resolve does nothingQuit Roblox, start SinisterClient first, rejoin through the client
Not signed in / 401 errorsRe-enter Discord ID, build key, cookie in Settings
HWID / leak messageUse one PC per key, or contact support after a legitimate hardware change
Lua bridge init() falseClient must be running and signed in; executor must allow localhost
VPN blockedDisable VPN or check plan; some tiers block VPN resolves

More: Troubleshooting · FAQ


SinisterClient vs Sinister Script vs Lua bridge

SinisterClientSinister ScriptLua bridge
ProductDesktop app (SCB-*)Licensed script (SSB-*)Public Lua module
Get it/get-client/get-script/script/lua_bridge_sinclient.lua
Resolves viaUI + backendIn-game UI + backend APILocalhost → desktop app
Best forEveryone on client plansIn-game subscribersCustom executor tooling

Next steps

  1. Install
  2. Download your build
  3. Link your cookie
  4. Resolve