So I was going thru the models of my game, and Isaw a script named ‘Welding’ inside of a cliff model.
I checked inside of it and it said:
–This an script of ROBLOX Studio. Do not delete it, this script secures your game from exploiters.
if not game:GetService(“RunService”):IsStudio() then
It was only in one of the models, So i got worried and came here for support.
Anybody know what this could be?
It’s a virus, its requiring something.
100% a virus.
Roblox doesn’t add scripts into your game
until the game is run.
that is not entirely true…
Normal scripts can require an ID. Plugin creators use
require() to automatically update their scripts in-game.
Don’t know exactly what it could do, but it is
definitely a virus. Delete that, and it also makes no sense, as a welding script would not secure your game from exploiters. And as @ram4c said,
Delete it and just go on with life, good luck on whatever you are building!
It’s a backdoor, I decoded it down and it took me to this module:
This is the layout of a backdoor I could dump the constants of the obfuscated script inside but i’m to lazy if you want to do that yourself then here’s a tutorial:
My English is kinda bad so bare with me
Well You Know exploiters using obfuscation to hide their code in some forums
we can at least constant dump it to get some info what are they doing and hopefully you can patch stuff
i will use Repl.it for this tutorial
let’s say we have a sample of ironbrew which is print(“Hello”)
Now i am gonna go to repl.it an put a table.concat which will take arrays and concatenate them put it above the code
local oldtable = table.concat
I traced back the ID to this:
this is a math equation. Here is the ID if you put it into a calculator:
this script puts the virus into ServerScriptService
and this is the execution:
for what this really is in post 9 lol) /
You are wrong, this is not a lag nor a promptpurchase script. The script can be easily reverse-engineered using require=print! This is a ROBLOX backdoor which users sell access to buyers. This basically allows people to exploit your game and bypass filtering enabled as this is server-sided.
Hope this helps!
Why would you need to reverse engineer it with require=print? The equation is simple math it will take a simple google search to trace it back to the module.
I was not talking about the math equation, I was talking about the following image.
This is basically require(number) encoded into various strings. require=print forces the backdoor ID to be printed into the ROBLOX console.