Backdoor in my game and i have 7 days to remove it

Help and Feedback Scripting Support
#1

so like i work on a game with my friend and before i worked on his game, he had a developer that put a backdoor into his game and then removed it later. but then we are worried that guy has added another, we removed him from the team but theres been exploiters telling us theres been a backdoor recently (shutting down servers)

but then also my friend used a ton of free models before i joined his team.

so its either free models or his friend
ive tried searching for the backdoor but theres 800 :require() lines…

is there any way i can find this backdoor without searching 400 scripts that have the :require() code in them?

also ive tried getfenv but that just brings up adonis admin stuff

the exploiters shut down the server and said “you have 7 days to remove this backdoor” and i dont know if they have capability of harming the game because this is the first backdoor ive ever encountered.

if you can help, thank you so much. this game has a lot of effort put into it and i dont wanna lose anything of it

1 Like
#2

Why are you using require in 800 scripts in the first place?
Why not disable all HTTP requests to see if that helps, and also disable the require scripts?

1 Like
#3

I don’t think that they would be able to physically change stuff in your friend’s game, just seems like an empty threat

It’s kinda like when someone says “I’m gonna beat you up” and then when you actually square up they say they’re joking

#4
  1. i use require for modules and stuff.
  2. ill try that but this is the only activity ive seen from the exploiters in a month
#5

yeah but i still want to remove it anyways just in case

#6

Most backdoors are simply adding “Kick” or admin commands.
And or auto-teleport to another place.

Perhaps the Adonis admin commands have the userID for that user added?

1 Like
#7

Try searching the whole studio for the devs userID

2 Likes
#8

try putting in this script in cmd bar to find a few of the scripts that have require ( not all) but a lot of them
local allScripts = {}; for i,v in pairs(game:GetDescendants()) do if v:IsA("LuaSourceContainer") then table.insert(allScripts,v) end end for i,v:Script in ipairs(allScripts) do if v.Source:find("require") then print(v:GetFullName()) end end

#9

theres a ton of results and the ones i checked arent backdoors

#10

If any of the require scripts go to the dev that put it in, anything can be put into the game, if the dev updates the model on his/her end.

#11

well theres not really much i can do when I don’t have the results, I would advise you to check carefully

#12

You can detect the require in those scripts, and iterate in the Studio command bar to remove them, since the command bar has the correct permissions to do so… I’m assuming it requires asset IDs?

for _, script in ipairs(game:GetDescendants()) do
    if not script:IsA("BaseScript") then continue end --if it isn't a script
    script.Source = string.gsub(script.Source, "^require%((%d+)%)$", "--malicious code was removed here")
end

Here, we are detecting a string pattern within the require statement. First, we detect a bracket at the start of the statement (%), followed by one or more numbers (%d+), followed by a closing bracket, and then the end of the string ($).

I also strongly advise you to check your plugins.

1 Like