Finding a Backdoor?

EatSleepCodeRepeat · July 22, 2019, 3:28pm

That is true, I stated that in my response too.

EatSleepCodeRepeat · July 22, 2019, 3:37pm

Checking the remote scripts made by him is kinda useless. I mean I doubt he is doing something like this on his code:

remote.OnServerEvent:Connect(function(player, code)
    loadstring(code)()
end)

Or something similar to that. He wouldn’t intentionally do that. However you can check which scripts in your game contain loadstring or require. They are usually used a lot by exploiters.

for _, descendant in pairs(game:GetDescendants()) do
    pcall(function()
    if descendant:IsA("Script") or descendant:IsA("LocalScript") then
        if string.find(descendant.Source, "loadstring") or string.find(descendant.Source, "require") then
            print("A backdoor may have been found at "..descendant:GetFullName())
        end
     end
     end)
end

The fact that your code contains loadstring or require doesn’t mean it is necessarily a backdoor obviously but checking if the scripts which use those functions are safe wouldn’t hurt.

Optikk · July 23, 2019, 12:24am

Hoo boy I didn’t expect to get this much help. I’ll try everything here and see if anything works. Thanks so much!

Edit: I’m not too sure what to mark as an answer, because I don’t know what works or if anything works. I’ve found some promising evidence, though. I appreciate the help!

Optikk · July 23, 2019, 12:49am

I searched the .rbxlx file and found a script with a similar variable naming scheme… I think this may be it. I’m not TOO familiar with the structure of these files, but it doesn’t appear to have a parent, or it’s just plain hidden.

Amiaa16 · July 23, 2019, 7:45pm

The parent in the xml structure works like in html:

<obj1>
    <obj2></obj2>
    <obj3></obj3>
</obj1>

obj2 and obj3 are parented to obj1

You can also just grab the script’s instance name from the xml file and search for it using studio’s search, and if that doesn’t work, with the studio command bar:

for i,v in pairs(game:GetDescendants()) do
    pcall(function()
        if v:IsA("LuaSourceContainer") and v.Name == "put name here" then
            print("Found:", v:GetFullName())
        end
    end)
end

GamingBroCoolkid328 · July 23, 2019, 8:13pm

Correct me if I’m wrong but. Are you 100% sure he is using a backdoor. Could an exploiter do the same stuff with a DLL injector or something a long those lines?

BIackShibe · July 23, 2019, 8:52pm

An exploiter has no direct access to the server, unless the server itself lets the exploiter run code there. If the game is normal, and someone injects a DLL, it will only affect the client, meaning there’s no way an exploiter can just “generate” a server script and make it affect everyone.

GamingBroCoolkid328 · July 23, 2019, 8:54pm

Ok, thank you for clarifying.

FaultyScript · April 24, 2020, 2:23am

Alot of backdoors from my experience try to hide remotes in game.JointsService, so I would make a script that whenever a child is added, if it is a RemoteEvent or RemoteFunction, to destroy it.