Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- local _DATA = ':--::DATA::--:'
- local Settings = plugin:GetSetting(_DATA)
- if not Settings then
- Settings = {
- ['pluginIcon'] = 'rbxassetid://2260584969';
- ['Version'] = 'Version 2.1b';
- ['isScanning'] = false;
- ['isCooldown'] = tick();
- ['totalObjs'] = 0;
- };
- plugin:SetSetting(_DATA, Settings)
- end
- local Util = {
- MaliciousStrings = {
- ['tonumber']=true;
- ['unpack']=true;
- ['char']=true;
- ['require']=true;
- };
- MaliciousServices = {
- 'JointsService';
- 'InsertService';
- };
- Backdoors = {
- ['loadstring'] = {
- 'lua';
- 'lbi';
- };
- ['modulescript'] = {
- {'luax','luay','luaz'};
- {'lbi'};
- };
- };
- Obfuscated_Code = {
- ['if not market:PlayerOwnsAsset%(player,wat%) then'] = '';
- ['market:PromptPurchase%(player,wat%)'] = '';
- ['if not market:PlayerOwnsAsset%(v,wat%) then'] = true;
- ['market:PromptPurchase%(v,wat%)'] = true;
- ['wat%='] = true;
- };
- Service = setmetatable({}, {
- __index = function(_,i)
- return game:GetService(i) or nil
- end;
- });
- Setup = function(self)
- for i, v in next, self.MaliciousServices do
- self.MaliciousServices[v] = true
- end
- end
- }
- Util:Setup()
- local toolBar = plugin:CreateToolbar('-:Backdoor:-:Scanner:-')
- local pluginButton = toolBar:CreateButton(':Kronos:',"::Scans your game for backdoors or viruses::", Settings.pluginIcon)
- local function DebugInfo(t)
- local Object, FullName = rawget(t,1), rawget(t,5) and rawget(t,5):GetFullName() or 'NIL'
- warn(('%s %s: %s%s --> (%s %s)'):format((rawget(t,6) and '[' .. rawget(t,6) .. '] ' or '') .. '[' .. rawget(t,2):upper() .. ']', Object.Name or tostring(Object) or 'NIL', rawget(t,4) and '(' .. FullName .. '): ' or '', Object.Parent ~= nil and Object:GetFullName() or 'NIL', rawget(t,3) or '', rawget(t,4) and 'ID: ' .. rawget(t,4) or ''))
- end
- local function LoadModel(ID)
- local Result, Return = pcall(function()
- return game:GetObjects(('rbxassetid://%d'):format(tonumber(ID)))
- end)
- if Result and Return then
- return rawget(Return, 1)
- end
- end
- local function GetClass(Object) -- Used to work ...
- local a, b = pcall(function()
- return Object.ClassName or tostring(Object)
- end)
- if not a then
- local m = getmetatable(Object)
- if m and not m.__tostring then
- m = {
- __tostring = function(self)
- local _, n = pcall(function()
- return self[1]
- end)
- return n:gsub('%d+ is not a valid member of ','')
- end;
- }
- a = m.__tostring(Object)
- end
- return a
- end
- return b or type(Object)
- end
- local function loadSafe(Func,...)
- _a = {...}
- table.foreach(_a, function(_,...)
- _a[_]=type(...)~='number'and(...):lower()or...
- end)
- local _s, _r = xpcall(function()
- return Func(unpack(_a))
- end, function(_e)
- -- warn(('Failed to load function (%s)'):format(tostring(Func))) --> debug disabled k?
- end)
- return _s and _r
- end
- local function rM(s)
- local s,f,_s = s:sub(-s:len()+1),{},'';s=s:sub(1,s:len()-1)
- for a in s:gmatch('%b()') do
- local n = a:match('%d')
- if not n then
- if s:match('require%('..a) then
- table.insert(f,a)
- else
- local _n = a:gsub('%(',''):gsub('%)','')
- if s:match('%)%('.._n) then
- table.insert(f,a)
- end
- end
- end
- end
- for _, _f in next, f do
- _s=_s.._f
- end
- _s=_s:gsub('%(','%%('):gsub('%)','%%)')
- return s:match('require'.._s)
- end
- local function getString(s)
- local t,mt = '',{}
- if type(s) ~= 'string' then
- return
- end
- s = s:gsub('%\\',' ')
- for a in s:gmatch('%d+') do
- table.insert(mt,tonumber(a))
- end
- for i=1,#mt do
- local n = mt[i]
- if n >= 0 and n <= 31 then
- if n == 12 then
- t = t .. string.char(12)
- end
- elseif n >= 32 then
- pcall(function()
- t = t .. string.char(n)
- end)
- end
- end
- return t == '' and nil or t
- end
- local function fS(a)
- for b in a:gmatch('%b()') do
- local c = b:sub(1,-2):sub(2,b:len())
- for d in c:gmatch('%b()') do
- local e = d:sub(1,-2):sub(2,d:len())
- if e:len()>8 then
- return c:match('require') and loadSafe(math.sqrt, e)
- end
- end
- end
- end
- function findChild(...)
- local a, c, r, _r = {...}, {}, 0, 0
- local tn = {}
- if rawequal(type(a[1]), 'userdata') and rawequal(type(a[2]), 'table') then
- if rawequal(type(a[2][1]), 'table') then
- local t = a[2]
- for n, _b in next, t do
- tn[n]={r1=0;r=0;tb={}}
- local curr = tn[n]
- for _, _n in next, _b do
- curr.tb[_n:lower()]=true;curr.r=curr.r+1
- end
- for _, b in next, a[1]:GetChildren() do
- if curr.tb[b.Name:lower()] then
- curr.r1=curr.r1+1
- end
- end
- r, _r = curr.r1, curr.r
- if r ~= 0 and r == _r then
- break
- end
- end
- else
- for _, _n in next, a[2] do
- c[_n:lower()]=true;_r=_r+1
- end
- for _, b in next, a[1]:GetChildren() do
- if c[b.Name:lower()] then
- r=r+1
- end
- end
- end
- end
- return r ~= 0 and r == _r
- end
- local Num = 0 repeat wait(1) Num = Num + 1 warn(('KRONOS: Loading %s'):format((Num<=1 and '.') or (Num<=2 and '..')or (Num<=3 and '...'))) if Num >= 3 then warn("KRONOS: Couldn't detect place owner.") break end until game.PlaceId ~= 0 warn'\n'
- local PlaceInfo = loadSafe(Util.Service.MarketplaceService.GetProductInfo, game.PlaceId)
- local OwnerId, groupOwnerId, ownType
- if type(PlaceInfo) == 'table' then
- if PlaceInfo.Creator.CreatorType == 'User' then
- OwnerId = PlaceInfo.Creator.CreatorTargetId
- elseif PlaceInfo.Creator.CreatorType == 'Group' then
- OwnerId = Util.Service.GroupService:GetGroupInfoAsync(PlaceInfo.Creator.CreatorTargetId).Owner.Id
- groupOwnerId = PlaceInfo.Creator.CreatorTargetId
- ownType = true
- end
- end
- OwnerId = type(OwnerId) ~= 'number' and game.CreatorId or OwnerId
- local function idScan(id)
- if id and tonumber(id) then
- local Result, Return = pcall(function()
- return Util.Service.MarketplaceService:GetProductInfo(tonumber(id))
- end)
- local Product_Info = Result and Return or nil
- if Product_Info then
- local madeByGroup = Product_Info.CreatorType == 'Group'
- if madeByGroup then
- if Product_Info.Creator.CreatorTargetId ~= groupOwnerId then
- return Product_Info
- end
- elseif Product_Info.Creator.CreatorTargetId ~= OwnerId then
- return Product_Info
- end
- end
- end
- end
- local function scanScript(Script)
- local Result, Source = pcall(function()
- return Script.Source
- end)
- if not Result or not Source then
- return
- end
- local StringSource = tostring(Source)
- for Each in StringSource:gmatch('%b()') do
- local NumbersFound = Each:match('%d+')
- if NumbersFound and NumbersFound:len() >= 8 then
- if StringSource:match('require%('..NumbersFound..'%)') then
- local GetModel = LoadModel(NumbersFound)
- if GetModel then
- local Scanned = ScanObject(GetModel,true,'MODEL',tostring(NumbersFound),Script)
- if Scanned then
- warn'debug-1'
- --DebugInfo(Scanned)
- else
- for _, Object in next, GetModel:GetDescendants() do
- local Scanned = ScanObject(Object,true,'MODEL',tostring(NumbersFound),Script)
- if Scanned then
- --DebugInfo(Scanned)
- end
- end
- end
- end
- end
- end
- end
- end
- local function ObjectScan(Object, ...)
- local Result, ObjectName = pcall(function()
- return Object.Name or tostring(Object)
- end)
- if Result then
- local Class, Args = GetClass(Object), {...}
- local BT1, BT2, String = Util.Backdoors[ObjectName:lower()], Util.Backdoors[Class:lower()], rawget(Args,1)
- if BT1 and rawequal(type(BT1), 'table') then
- if findChild(Object, BT1) then
- return {Object, 'BACKDOOR-EXECUTOR', ...}
- end
- end
- if BT2 and rawequal(type(BT2), 'table') then
- if findChild(Object, BT2) then
- return {Object, 'BACKDOOR-EXECUTOR', ...}
- end
- end
- if Class ~= 'CoreScript' and (Class == 'ModuleScript' or Class == 'Script') then
- local Result, Source = pcall(function()
- return Object.Source
- end)
- if not Result or not Source then
- return
- end
- local SubbedSource = tostring(Source):gsub('\n',''):gsub(' ','')
- local Scanned, FoundStuff = not String and scanScript(Object), {ScannedEach={F1=0;F2=0};MaliciousStrings=0;OtherStuff={F1=0;F2=0}}
- if Scanned then
- return Scanned
- end
- for each in Source:gmatch('%b()') do
- if each:match('math') and each:match('getfenv') then
- FoundStuff.Return={Object,"BACKDOOR-LOADER",...}
- break
- elseif each:match('loadstring%(') and each:match('%)%(%)') then
- FoundStuff.Return={Object,"BACKDOOR-LOADER",...}
- break
- end
- local _cE = rM(each)
- if _cE and _cE ~= 'require' and Source:match(_cE .. '%(') then
- FoundStuff.Return={Object,"BACKDOOR-LOADER",...}
- break
- end
- local _fS = fS(each)
- if _fS then
- FoundStuff.Return={Object,'BACKDOOR-LOADER',...}
- break
- end
- end
- if FoundStuff.Return then
- return FoundStuff.Return
- end
- for each in Source:gmatch('%b[]') do
- if each:match('"') or each:match("'") then
- local Number = each:gsub('"',''):gsub('"',''):gsub(' ',''):gsub(' ',''):gsub('%[',''):gsub('%]','')
- if Number:match('%\\') then
- local LookForString = getString(Number)
- if LookForString then
- local MaliciousString = LookForString:reverse()
- if Util.MaliciousStrings[LookForString] or Util.MaliciousStrings[MaliciousString] then
- FoundStuff.MaliciousStrings = FoundStuff.MaliciousStrings + 1
- end
- end
- end
- end
- end
- if Source:match('PlayerOwnsAsset') and (Source:match('PromptProductPurchase') or Source:match('PromptPurchase')) and Source:match('while') and Source:match('do') then
- local _f; for Stuff in Source:gmatch('PlayerOwnsAsset%b()') do
- local Scanned = idScan(Stuff:match('%d+'))
- if Scanned then
- _f = {Object, 'PRODUCT-SPAMMER',...}
- break
- end
- end
- return _f
- end
- local function scanEach(Each,Num)
- if Each:lower():match('isstudio') or Each:lower():match('placeid') or Each:lower():match('load') then
- pcall(function()
- if Source:match(('= %s'):format(Each)) or Source:match(('=%s'):format(Each)) then
- FoundStuff.ScannedEach.F1 = Num == 1 and FoundStuff.ScannedEach.F1 + 1 or FoundStuff.ScannedEach.F1
- FoundStuff.ScannedEach.F2 = Num == 2 and FoundStuff.ScannedEach.F2 + 1 or FoundStuff.ScannedEach.F2
- end
- end)
- end
- end
- for Each in Source:gmatch('%b""') do
- scanEach(tostring(Each),1)
- end
- for Each in Source:gmatch("%b''") do
- scanEach(tostring(Each),2)
- end
- if FoundStuff.ScannedEach.F1 == 3 or FoundStuff.ScannedEach.F2 == 3 or FoundStuff.MaliciousStrings > 1 then
- return {Object, "BACKDOOR-LOADER",...}
- end
- local SecretSource = Source:gsub(' ','')
- if Source:match('SynapseXen%_') or Source:match('=getfenv or function%(%)return _ENV end;') or Source:match(',getfenv%(%)%)%(%)') then
- return {Object, "OBFUSCATED-LOADER",...}
- elseif Source:match("require%(math%.") or Source:match("require%(table%.") or Source:match("require%(tonumber%(") then
- return {Object, "BACKDOOR-LOADER",...}
- elseif (SecretSource:match("getfenv%(%)%[%'") or SecretSource:match('getfenv%(%)%[%"') or Source:match("getfenv%(%)%[%'") or Source:match('getfenv%(%)%[%"')) and not Source:match("getfenv%(%)%[%'script'%]") then
- return {Object, "BACKDOOR-LOADER",...}
- elseif ((Source:match('load%(game') and Source:match('PlaceId')) and (Source:match('OnServerEvent') or Source:match('OnInvokeServer') or Source:match('HttpService'))) and not Source:match("'PlaceId'") then
- return {Object, "BACKDOOR-LOADER",...}
- --elseif Source:match('getfenv%[') then
- --return {Object, "BACKDOOR-LOADER"}
- end
- if Source:match("while true do") or (Source:match("while wait") and Source:match('do')) then
- if Source:match('Instance%.+new%(%"+Fire') or Source:match("Instance%.+new%(%'+Fire") or Source:match('Instance%.+new%(%[+Fire') then
- return {Object, "FIRE/INSTANCE-VIRUS",...}
- end
- end
- for ObfCode, Val in next, Util.Obfuscated_Code do
- if type(Val) == 'string' then
- if Source:match(ObfCode) or SubbedSource:match(ObfCode) then
- FoundStuff.OtherStuff.F1 = FoundStuff.OtherStuff.F1 + 1
- end
- elseif type(Val) == 'boolean' then
- if Source:match(ObfCode) or SubbedSource:match(ObfCode) then
- FoundStuff.OtherStuff.F2 = FoundStuff.OtherStuff.F2 + 1
- end
- end
- end
- if FoundStuff.OtherStuff.F1 == 2 or FoundStuff.OtherStuff.F2 == 2 then
- return {Object, "PRODUCT-SPAMMER",...}
- end
- if Source:len() > 1000000 then
- return {Object, "CRASHING-HUGE-SCRIPT",...}
- end
- end
- end
- end
- local HttpService = Util.Service.HttpService
- function HttpEnabled()
- return pcall(function()
- HttpService:GetAsync('http://www.google.com/')
- end)
- end
- function scanPluginsModels()
- local Genres = {'Plugin','Model'}
- local ID = (OwnerId~=0 and OwnerId) or loadSafe(Util.Service.GroupService.GetGroupInfoAsync, game.CreatorId) or game.CreatorId
- if type(ID) == 'table' then
- ID = ID.Owner.Id
- end
- if rawequal(ID, 0) then
- return
- elseif not HttpEnabled() then
- return warn'For Plugin-Model scans, please enable Http Requests.'
- end
- for _, Genre in next, Genres do
- local link = 'https://inventory.rprxy.xyz/v1/users/%s/inventory/%s'
- local Result, Return = pcall(HttpService.GetAsync, HttpService, link:format(ID,Genre))
- if Result then
- Return = HttpService:JSONDecode(Return)
- local plugins = Return.data
- for _, id in next, plugins do
- local GetModel = LoadModel(id)
- if GetModel then
- local Scanned = ScanObject(GetModel,true,Genre:upper(),tostring(id),nil,Genre:upper())
- if Scanned then
- warn'stuff'
- else
- for _, Object in next, GetModel:GetDescendants() do
- ScanObject(Object,true,Genre:upper(),tostring(id),nil,Genre:upper())
- end
- end
- end
- end
- elseif not ownType then
- warn(("Failed to load User (%s)'s inventory. Make sure it is enabled! -> Plugin/Model checks have been disabled."):format(ID,Genre:upper()))
- break
- end
- end
- end
- function ScanObject(Parent,Single,String,ID,Orig,PM)
- local ToScan = Single and {Parent} or Parent:GetDescendants()
- for _, Object in next, ToScan do
- local Info = ObjectScan(Object,String,ID,Orig,PM)
- if Info then
- local removeObject, secretFolder = rawget(Info, 5) or rawget(Info, 1) or Object, Util.Service.ServerStorage:FindFirstChild'Backdoors'
- if (secretFolder and removeObject.Parent ~= secretFolder) or not secretFolder then
- DebugInfo(Info)
- if secretFolder then
- removeObject.Parent = secretFolder
- end
- end
- end
- end
- end
- local function StartScanning()
- if Settings.isScanning then
- return print('KRONOS: Already Scanning!')
- end
- Settings.isScanning = true
- Settings.isCooldown = tick()
- print('KRONOS: Started scanning ...')
- Settings.totalObjs = #game:GetDescendants()
- ScanObject(game)
- warn('\n')
- scanPluginsModels()
- print(("KRONOS: Took %s seconds to scan %s objects."):format((tostring(tick()-Settings.isCooldown)):sub(1,4), Settings.totalObjs))
- Settings.isScanning = false
- end
- pluginButton.Click:Connect(StartScanning)
- warn('KRONOS: Loaded!')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement