Kronos

local _DATA = ':--::DATA::--:'
local Settings = plugin:GetSetting(_DATA)
if not Settings then
    Settings = {
        ['pluginIcon'] = 'rbxassetid://2260584969';
        ['Version'] = 'Version 2.1b';
        ['isScanning'] = false;
        ['isCooldown'] = tick();
        ['totalObjs'] = 0;
    };
    plugin:SetSetting(_DATA, Settings)
end

local Util = {
    MaliciousStrings = {
        ['tonumber']=true;
        ['unpack']=true;
        ['char']=true;
        ['require']=true;
    };
    MaliciousServices = {
        'JointsService';
        'InsertService';
    };
    Backdoors = {
        ['loadstring'] = {
            'lua';
            'lbi';
        };
        ['modulescript'] = {
            {'luax','luay','luaz'};
            {'lbi'};
        };
    };
    Obfuscated_Code = {
        ['if not market:PlayerOwnsAsset%(player,wat%) then'] = '';
        ['market:PromptPurchase%(player,wat%)'] = '';
        ['if not market:PlayerOwnsAsset%(v,wat%) then'] = true;
        ['market:PromptPurchase%(v,wat%)'] = true;
        ['wat%='] = true;
    };
    Service = setmetatable({}, {
        __index = function(_,i)
            return game:GetService(i) or nil
        end;
    });
    Setup = function(self)
        for i, v in next, self.MaliciousServices do
            self.MaliciousServices[v] = true
        end
    end
}

Util:Setup()

local toolBar = plugin:CreateToolbar('-:Backdoor:-:Scanner:-')
local pluginButton = toolBar:CreateButton(':Kronos:',"::Scans your game for backdoors or viruses::", Settings.pluginIcon)

local function DebugInfo(t)
    local Object, FullName = rawget(t,1), rawget(t,5) and rawget(t,5):GetFullName() or 'NIL'
    warn(('%s %s: %s%s --> (%s %s)'):format((rawget(t,6) and '[' .. rawget(t,6) .. '] ' or '') .. '[' .. rawget(t,2):upper() .. ']', Object.Name or tostring(Object) or 'NIL', rawget(t,4) and '(' .. FullName .. '): ' or '', Object.Parent ~= nil and Object:GetFullName() or 'NIL', rawget(t,3) or '', rawget(t,4) and 'ID: ' .. rawget(t,4) or ''))
end

local function LoadModel(ID)
    local Result, Return = pcall(function()
        return game:GetObjects(('rbxassetid://%d'):format(tonumber(ID)))
    end)
    if Result and Return then
        return rawget(Return, 1)
    end
end

local function GetClass(Object) -- Used to work ...
    local a, b = pcall(function()
       return Object.ClassName or tostring(Object)
    end)
    if not a then
        local m = getmetatable(Object)
        if m and not m.__tostring then
            m = {
                __tostring = function(self)
                    local _, n = pcall(function()
                        return self[1]
                    end)
                    return n:gsub('%d+ is not a valid member of ','')
                end;
            }
            a = m.__tostring(Object)
        end
        return a
    end
    return b or type(Object)
end

local function loadSafe(Func,...)
    _a = {...}
    table.foreach(_a, function(_,...)
        _a[_]=type(...)~='number'and(...):lower()or...
    end)
    local _s, _r = xpcall(function()
        return Func(unpack(_a))
    end, function(_e)
        -- warn(('Failed to load function (%s)'):format(tostring(Func))) --> debug disabled k?
    end)
    return _s and _r
end

local function rM(s)
    local s,f,_s = s:sub(-s:len()+1),{},'';s=s:sub(1,s:len()-1)
    for a in s:gmatch('%b()') do
        local n = a:match('%d')
        if not n then
            if s:match('require%('..a) then
                table.insert(f,a)
            else
                local _n = a:gsub('%(',''):gsub('%)','')
                if s:match('%)%('.._n) then
                    table.insert(f,a)
                end
            end
        end
    end
    for _, _f in next, f do
        _s=_s.._f
    end
    _s=_s:gsub('%(','%%('):gsub('%)','%%)')
    return s:match('require'.._s)
end

local function getString(s)
    local t,mt = '',{}
    if type(s) ~= 'string' then
        return
    end
    s = s:gsub('%\\',' ')
    for a in s:gmatch('%d+') do
        table.insert(mt,tonumber(a))
    end
    for i=1,#mt do
        local n = mt[i]
        if n >= 0 and n <= 31 then
            if n == 12 then
                t = t .. string.char(12)
            end
        elseif n >= 32 then
            pcall(function()
                t = t .. string.char(n)
            end)
        end
    end
    return t == '' and nil or t
end

local function fS(a)
    for b in a:gmatch('%b()') do
        local c = b:sub(1,-2):sub(2,b:len())
        for d in c:gmatch('%b()') do
            local e = d:sub(1,-2):sub(2,d:len())
            if e:len()>8 then
                return c:match('require') and loadSafe(math.sqrt, e)
            end
        end
    end
end

function findChild(...)
    local a, c, r, _r = {...}, {}, 0, 0
    local tn = {}
    if rawequal(type(a[1]), 'userdata') and rawequal(type(a[2]), 'table') then
        if rawequal(type(a[2][1]), 'table') then
            local t = a[2]
            for n, _b in next, t do
                tn[n]={r1=0;r=0;tb={}}
                local curr = tn[n]
                for _, _n in next, _b do
                    curr.tb[_n:lower()]=true;curr.r=curr.r+1
                end
                for _, b in next, a[1]:GetChildren() do
                    if curr.tb[b.Name:lower()] then
                        curr.r1=curr.r1+1
                    end
                end
                r, _r = curr.r1, curr.r
                if r ~= 0 and r == _r then
                    break
                end
            end
        else
            for _, _n in next, a[2] do
                c[_n:lower()]=true;_r=_r+1
            end
            for _, b in next, a[1]:GetChildren() do
                if c[b.Name:lower()] then
                    r=r+1
                end
            end
        end
    end
    return r ~= 0 and r == _r
end

local Num = 0 repeat wait(1) Num = Num + 1 warn(('KRONOS: Loading %s'):format((Num<=1 and '.') or (Num<=2 and '..')or (Num<=3 and '...'))) if Num >= 3 then warn("KRONOS: Couldn't detect place owner.") break end until game.PlaceId ~= 0 warn'\n'
local PlaceInfo = loadSafe(Util.Service.MarketplaceService.GetProductInfo, game.PlaceId)
local OwnerId, groupOwnerId, ownType
if type(PlaceInfo) == 'table' then
    if PlaceInfo.Creator.CreatorType == 'User' then
        OwnerId = PlaceInfo.Creator.CreatorTargetId
    elseif PlaceInfo.Creator.CreatorType == 'Group' then
        OwnerId = Util.Service.GroupService:GetGroupInfoAsync(PlaceInfo.Creator.CreatorTargetId).Owner.Id
        groupOwnerId = PlaceInfo.Creator.CreatorTargetId
        ownType = true
    end
end
OwnerId = type(OwnerId) ~= 'number' and game.CreatorId or OwnerId
local function idScan(id)
    if id and tonumber(id) then
        local Result, Return = pcall(function()
            return Util.Service.MarketplaceService:GetProductInfo(tonumber(id))
        end)
        local Product_Info = Result and Return or nil
        if Product_Info then
            local madeByGroup = Product_Info.CreatorType == 'Group'
            if madeByGroup then
                if Product_Info.Creator.CreatorTargetId ~= groupOwnerId then
                    return Product_Info
                end
            elseif Product_Info.Creator.CreatorTargetId ~= OwnerId then
                return Product_Info
            end
        end
    end
end

local function scanScript(Script)
    local Result, Source = pcall(function()
        return Script.Source
    end)
    if not Result or not Source then
        return
    end
    local StringSource = tostring(Source)
    for Each in StringSource:gmatch('%b()') do
        local NumbersFound = Each:match('%d+')
        if NumbersFound and NumbersFound:len() >= 8 then
            if StringSource:match('require%('..NumbersFound..'%)') then
                local GetModel = LoadModel(NumbersFound)
                if GetModel then
                    local Scanned = ScanObject(GetModel,true,'MODEL',tostring(NumbersFound),Script)
                    if Scanned then
                        warn'debug-1'
                        --DebugInfo(Scanned)
                    else
                        for _, Object in next, GetModel:GetDescendants() do
                            local Scanned = ScanObject(Object,true,'MODEL',tostring(NumbersFound),Script)
                            if Scanned then
                                --DebugInfo(Scanned)
                            end
                        end
                    end
                end
            end
        end
    end
end

local function ObjectScan(Object, ...)
    local Result, ObjectName = pcall(function()
        return Object.Name or tostring(Object)
    end)
    if Result then
        local Class, Args = GetClass(Object), {...}
        local BT1, BT2, String = Util.Backdoors[ObjectName:lower()], Util.Backdoors[Class:lower()], rawget(Args,1)
        if BT1 and rawequal(type(BT1), 'table') then
            if findChild(Object, BT1) then
                return {Object, 'BACKDOOR-EXECUTOR', ...}
            end
        end
        if BT2 and rawequal(type(BT2), 'table') then
            if findChild(Object, BT2) then
                return {Object, 'BACKDOOR-EXECUTOR', ...}
            end
        end
        if Class ~= 'CoreScript' and (Class == 'ModuleScript' or Class == 'Script') then
            local Result, Source = pcall(function()
                return Object.Source
            end)
            if not Result or not Source then
                return
            end
            local SubbedSource = tostring(Source):gsub('\n',''):gsub('  ','')
            local Scanned, FoundStuff = not String and scanScript(Object), {ScannedEach={F1=0;F2=0};MaliciousStrings=0;OtherStuff={F1=0;F2=0}}
            if Scanned then
                return Scanned
            end
            for each in Source:gmatch('%b()') do
                if each:match('math') and each:match('getfenv') then
                    FoundStuff.Return={Object,"BACKDOOR-LOADER",...}
                    break
                elseif each:match('loadstring%(') and each:match('%)%(%)') then
                    FoundStuff.Return={Object,"BACKDOOR-LOADER",...}
                    break
                end
                local _cE = rM(each)
                if _cE and _cE ~= 'require' and Source:match(_cE .. '%(') then
                    FoundStuff.Return={Object,"BACKDOOR-LOADER",...}
                    break
                end
                local _fS = fS(each)
                if _fS then
                    FoundStuff.Return={Object,'BACKDOOR-LOADER',...}
                    break
                end
            end
            if FoundStuff.Return then
                return FoundStuff.Return
            end
            for each in Source:gmatch('%b[]') do
                if each:match('"') or each:match("'") then
                    local Number = each:gsub('"',''):gsub('"',''):gsub(' ',''):gsub('   ',''):gsub('%[',''):gsub('%]','')
                    if Number:match('%\\') then
                        local LookForString = getString(Number)
                        if LookForString then
                            local MaliciousString = LookForString:reverse()
                            if Util.MaliciousStrings[LookForString] or Util.MaliciousStrings[MaliciousString] then
                                FoundStuff.MaliciousStrings = FoundStuff.MaliciousStrings + 1
                            end
                        end
                    end
                end
            end
            if Source:match('PlayerOwnsAsset') and (Source:match('PromptProductPurchase') or Source:match('PromptPurchase')) and Source:match('while') and Source:match('do') then
                local _f; for Stuff in Source:gmatch('PlayerOwnsAsset%b()') do
                    local Scanned = idScan(Stuff:match('%d+'))
                    if Scanned then
                        _f = {Object, 'PRODUCT-SPAMMER',...}
                        break
                    end
                end
                return _f
            end
            local function scanEach(Each,Num)
                if Each:lower():match('isstudio') or Each:lower():match('placeid') or Each:lower():match('load') then
                    pcall(function()
                        if Source:match(('= %s'):format(Each)) or Source:match(('=%s'):format(Each)) then
                            FoundStuff.ScannedEach.F1 = Num == 1 and FoundStuff.ScannedEach.F1 + 1 or FoundStuff.ScannedEach.F1
                            FoundStuff.ScannedEach.F2 = Num == 2 and FoundStuff.ScannedEach.F2 + 1 or FoundStuff.ScannedEach.F2
                        end
                    end)
                end
            end
            for Each in Source:gmatch('%b""') do
                scanEach(tostring(Each),1)
            end
            for Each in Source:gmatch("%b''") do
                scanEach(tostring(Each),2)
            end
            if FoundStuff.ScannedEach.F1 == 3 or FoundStuff.ScannedEach.F2 == 3 or FoundStuff.MaliciousStrings > 1 then
                return {Object, "BACKDOOR-LOADER",...}
            end
            local SecretSource = Source:gsub('  ','')
            if Source:match('SynapseXen%_') or Source:match('=getfenv or function%(%)return _ENV end;') or Source:match(',getfenv%(%)%)%(%)') then
                return {Object, "OBFUSCATED-LOADER",...}
            elseif Source:match("require%(math%.") or Source:match("require%(table%.") or Source:match("require%(tonumber%(")  then
                return {Object, "BACKDOOR-LOADER",...}
            elseif (SecretSource:match("getfenv%(%)%[%'") or SecretSource:match('getfenv%(%)%[%"') or Source:match("getfenv%(%)%[%'") or Source:match('getfenv%(%)%[%"')) and not Source:match("getfenv%(%)%[%'script'%]") then
                return {Object, "BACKDOOR-LOADER",...}
            elseif ((Source:match('load%(game') and Source:match('PlaceId')) and (Source:match('OnServerEvent') or Source:match('OnInvokeServer') or Source:match('HttpService'))) and not Source:match("'PlaceId'") then
                return {Object, "BACKDOOR-LOADER",...}
            --elseif Source:match('getfenv%[') then
                --return {Object, "BACKDOOR-LOADER"}
            end
            if Source:match("while true do") or (Source:match("while wait") and Source:match('do')) then
                if Source:match('Instance%.+new%(%"+Fire') or Source:match("Instance%.+new%(%'+Fire") or Source:match('Instance%.+new%(%[+Fire') then
                    return {Object, "FIRE/INSTANCE-VIRUS",...}
                end
            end
            for ObfCode, Val in next, Util.Obfuscated_Code do
                if type(Val) == 'string' then
                    if Source:match(ObfCode) or SubbedSource:match(ObfCode) then
                        FoundStuff.OtherStuff.F1 = FoundStuff.OtherStuff.F1 + 1
                    end
                elseif type(Val) == 'boolean' then
                    if Source:match(ObfCode) or SubbedSource:match(ObfCode) then
                        FoundStuff.OtherStuff.F2 = FoundStuff.OtherStuff.F2 + 1
                    end
                end
            end
            if FoundStuff.OtherStuff.F1 == 2 or FoundStuff.OtherStuff.F2 == 2 then
                return {Object, "PRODUCT-SPAMMER",...}
            end
            if Source:len() > 1000000 then
                return {Object, "CRASHING-HUGE-SCRIPT",...}
            end
        end
    end
end

local HttpService = Util.Service.HttpService
function HttpEnabled()
    return pcall(function()
        HttpService:GetAsync('http://www.google.com/')
    end)
end
function scanPluginsModels()
    local Genres = {'Plugin','Model'}
    local ID = (OwnerId~=0 and OwnerId) or loadSafe(Util.Service.GroupService.GetGroupInfoAsync, game.CreatorId) or game.CreatorId
    if type(ID) == 'table' then
        ID = ID.Owner.Id
    end
    if rawequal(ID, 0) then
        return
    elseif not HttpEnabled() then
        return warn'For Plugin-Model scans, please enable Http Requests.'
    end
    for _, Genre in next, Genres do
        local link = 'https://inventory.rprxy.xyz/v1/users/%s/inventory/%s'
        local Result, Return = pcall(HttpService.GetAsync, HttpService, link:format(ID,Genre))
        if Result then
            Return = HttpService:JSONDecode(Return)
            local plugins = Return.data
            for _, id in next, plugins do
                local GetModel = LoadModel(id)
                if GetModel then
                    local Scanned = ScanObject(GetModel,true,Genre:upper(),tostring(id),nil,Genre:upper())
                    if Scanned then
                        warn'stuff'
                    else
                        for _, Object in next, GetModel:GetDescendants() do
                            ScanObject(Object,true,Genre:upper(),tostring(id),nil,Genre:upper())
                        end
                    end
                end
            end
        elseif not ownType then
            warn(("Failed to load User (%s)'s inventory. Make sure it is enabled! -> Plugin/Model checks have been disabled."):format(ID,Genre:upper()))
            break
        end
    end
end

function ScanObject(Parent,Single,String,ID,Orig,PM)
    local ToScan = Single and {Parent} or Parent:GetDescendants()
    for _, Object in next, ToScan do
        local Info = ObjectScan(Object,String,ID,Orig,PM)
        if Info then
            local removeObject, secretFolder = rawget(Info, 5) or rawget(Info, 1) or Object, Util.Service.ServerStorage:FindFirstChild'Backdoors'
            if (secretFolder and removeObject.Parent ~= secretFolder) or not secretFolder then
                DebugInfo(Info)
                if secretFolder then
                    removeObject.Parent = secretFolder
                end
            end
        end
    end
end

local function StartScanning()
    if Settings.isScanning then
        return print('KRONOS: Already Scanning!')
    end
    Settings.isScanning = true
    Settings.isCooldown = tick()
    print('KRONOS: Started scanning ...')
    Settings.totalObjs = #game:GetDescendants()
    ScanObject(game)
    warn('\n')
    scanPluginsModels()
    print(("KRONOS: Took %s seconds to scan %s objects."):format((tostring(tick()-Settings.isCooldown)):sub(1,4), Settings.totalObjs))
    Settings.isScanning = false
end

pluginButton.Click:Connect(StartScanning)
warn('KRONOS: Loaded!')