An old vulnerability is being exploited to backdoor games

Smellypooper3 · August 3, 2021, 12:11am

Basically there’s a way that games are being backdoored without anything from the backdoor showing in the CTRL Shift F

Check your games and make sure that the Linkedsource properties on your script are set to nothing with the command bar (Linkedsource is hidden from properties tab)

I was the one who originally made this method but I quit the community where backdoors come from so I’m reporting it so skids like @TopQualityModels and Enable can’t leech off of my old stuff

MichaelEpicA · August 3, 2021, 12:18am

The best thing to do is to probably turn on the setting that unhides hidden things in this case.

Smellypooper3 · August 3, 2021, 12:20am

No they need to remove Linkedsource completely, it’s supposed to be depricated but it’s just hidden

MichaelEpicA · August 3, 2021, 12:20am

Does linkedsource basically just contain code, or does it contain a website address.

Smellypooper3 · August 3, 2021, 12:22am

The property allows the rbxassetid:// thing and then you can bypass the onsale/offsale thing using a funny hacer hack that only a few people have that I can’t leak. I found this method a while ago I’m just reporting it cuz skids from the Exoliner backdoor have it from my old malicious plugins I uploaded

MichaelEpicA · August 3, 2021, 12:23am

Huh, thats weird it isn’t even marked as hidden on roblox’s website. But, yeah thats pretty bad.

aguythatsreallybored · August 3, 2021, 1:28am

I have made some code that you can put into your command bar that clears all script’s LinkedSource, use it if you want.

for _, descendant in ipairs(game:GetDescendants()) do
    pcall(function()
        -- really long condition i know
        if descendant:IsA("Script") or descendant:IsA("LocalScript") or descendant:IsA("MoudleScript")
        not descendant:IsA("CoreScript") then
            descendant.LinkedSource = ""
        end
    end)
end

deluc_t · August 3, 2021, 3:43pm

That won’t work, I’d recommend you use this instead:

for _,v in pairs(game:GetDescendants()) do
	pcall(function()
		if v:IsA("BaseScript") then
			v.LinkedSource = ""
		end
	end)
end

aguythatsreallybored · August 3, 2021, 4:09pm

Forget to pcall it, thank’s for letting me know.

yourlocal_ratttt · August 4, 2021, 12:24am

What where do you learn about backdoors i think my game might have a backdoor and idk where to find it or the methods this people use cause i looked everywhere in studio and nothing is showing but werid stuff happens in my game

hboogy101 · August 28, 2021, 5:43am

Thank you for telling us this, but it’s concerning that the only reason you cared to tell us was because you hate a few people.

hboogy101 · August 28, 2021, 5:44am

This is a good thread to help with that.

Smellypooper3 · September 3, 2021, 4:18pm

I used to work in the roblox backdoor industry, I normally wouldn’t tell developers my methods.

e_dited · September 3, 2021, 4:20pm

Uhmm… SUS! But I guess its cool just never do it again I find it interesting though

e_dited · September 3, 2021, 4:21pm

Anyways how did you get that Japanese/Chinese Display name?

Smellypooper3 · September 3, 2021, 4:22pm

It’s Chinese, basically you can use the Chinese ROBLOX (Luobu) API (users.roblox.qq.com/docs) with your cookie and just change it to something in Chinese.

e_dited · September 3, 2021, 4:24pm

Ah ok seems sussy though, I wish I had the guts to do it

HakaiShin_AOD · September 8, 2021, 7:21pm

HakaiShin_AOD · September 8, 2021, 7:21pm