[Deprecated] Rovird - Advanced Virus Detection

Update before I go to sleep:

First, I fixed some detection issues with hidden code. That should work fine now.

After a ton of fiddling, children should actually be properly resolved (again) regardless of external layer.

The web interface is kinda coming along, you can input asset ids into it now. It’s not pretty, I just want to say I suck at front-end development so this is a challenge. UX is not my thing. Anyways I’ll lay it out here:

If you go to https://rovird.xyz/ you will be greeted by this page:

To test this I will be using a known virus. When you enter the asset id and click submit, you’ll be redirected to a page like this:

You can click on any of the highlighted lines to see all the flags:

Click on the gray area inside of that block to close it.

And that’s really it. The UX is terrible, I’ll admit. But it works for now and I’m fine with that.

This works with assets that have a top level lua source container. This means it probably wont work with plugins or models yet. That is a planned feature though so stay tuned!

No changes to the plugin were made

The website will now support any asset id and search for scripts anywhere in the model’s hierarchy! This means you can now look through any model or plugin!

I don’t think I’ll ever use a virus detector, but if I do, I know which one to use.

I think you could make this even more “Advanced” by adding more customizability.

P.S. you must have JavaScript enabled for the website to work! (In case you set your browser to block it)

2 Likes

I should’ve mentioned that, yeah. All of the source code for the website is available here: GitHub - steven4547466/Rovird-Website (specifically here). This includes the detection api. There’s links to this in the original post, but I should put it here as well. The javascript is so the front end can make requests to the back end api.

Also, the website tracks nothing other than rate limiting information. And it has no persistent storage of anything. Once you click submit the job is deleted off the machine so if you refresh while looking at the results, they will disappear.

1 Like

You can now upload rbxm’s and rbxmx’s directly to https://rovird.xyz if you want to. Uploaded files are deleted as soon as they are read and processed (assuming no errors occur). I’m not sure if there is actually a use for this, but in case anyone wants it, that option is available.

I wanted to upload a short video on the website which you can find here:

https://rovird.xyz/assets/Rovird.mp4

It goes over how to use it properly and what it’s capable of.

1 Like

I just pushed a small update to the API that should fix an issue with some assets causing an error and returning malformed data. That should no longer happen. Though some assets can’t be downloaded, these will be flagged as such.

I was thinking of making a chrome/firefox extension that would be able to scan assets directly from the library. If this is something you’d be interested in, let me know as it’s a bit of a time commitment. Just know with things like extensions it is extremely important you get them from reputable sources. Meaning if/when I do make it, you should only ever go to the link from this post. If you don’t it can possibly be a clone. And as the other things on this project, it will be open source and you will be able to load it from its unpacked state.

This is really cool, never seen anything like it!

1 Like

Roblox is finally catching on, though I don’t think they scan it for you for malicious code, this still is a big step to protecting your games built right into the engine and studio:

As an aside and follow up to my last comment, I do have a rudimentary extension done, but honestly I don’t know if it’s worth releasing because of the potential negatives extensions come with, but it looks like this right now:

3 Likes

I decided to just put the extension on a github. I don’t really want to pay the fee to put something on the chrome store regardless, so if you want to use this, you’ll have to load it as an unpacked extension.

It can be found here: GitHub - steven4547466/Rovird-Extension.

All it does is add that extra button to the end of the more options tab that was shown in the video in the above comment, and you can inspect the source code.

To download it, click the green Code button and download it as a zip, then extract it. Once you extract it head over to chrome://extensions (if on chrome) click on Load Unpacked and select the folder. Once you do that it should be working.

The button just opens the website in a new tab and automatically searches for it in the library. Perhaps in the future I will make it not directly take you to the website, but for now this should be fine as a quick way to use Rovird directly from the Roblox Library.

Edit (so it doesn’t bump):
I’m aware of a false-positive that happens when you call a function inside of a require. I’m working on good ways to fix this and still detect unwanted requires that may be harmful.

2 Likes

This is simply great.
I haven’t used antivirus plugins before and this will probably be the first one and the best one I’ll ever use in future.

1 Like

So, I was testing your antivirus but I always get this error when I scan one of my games.

I’ll look into it, the server may have gone offline. Thank you for reporting

Hm, mine seems to work:

If you want to send me a private message with a little bit of information about the hierarchy of your game I’ll see what I can do.

I’ve added a secondary json encoder if the primary json encoder doesn’t work. This means there shouldn’t be issues if roblox’s json encode is encoding things incorrectly. However it is a little slower than roblox’s json encode, which is why it’s only used when it’s needed.

3 Likes

Hey, I’m unsure if this project is still supported, but I’m getting an error 525 when trying to visit rovird.xyz over HTTPS:

As the top of this lists, I don’t host rovird anymore, if you want to use it you’ll need to clone the website from github and run it from your computer and set the host in the plugin to localhost. There’s instructions in the post:
https://devforum.roblox.com/t/rovird-advanced-virus-detection/1537021#hosting-it-yourself-9

1 Like

Even though the project is deprecated, will it still be updated?

If there’s a need to update it, maybe, but I’m pretty busy at the moment.

1 Like