How to inspect the source of plugins

With the current state of the Roblox Plugin Marketplace, it’s almost essential to verify the source of any plugin you install that isn’t purchased with Robux. While there are many excellent free plugins, some attempt to infect your game with malicious intents. There are a few different ways to fetch the source of plugins, however, they aren’t widely known; especially since it isn’t natively possible on the website.

Method 1: Using DataModel:GetObjects() in Studio’s Command Bar

This is often the primary choice of most people and the DevHub actually has an article on it (last code example) so I won’t spend too much time repeating. The DataModel:GetObjects() function can be used to fetch entire plugins and insert them into Studio without running their contents for easy inspection, provided they’re freely available or you own them. I thought the code example from the DevHub was a bit excessive, so I whipped up this barebones system for inserting any public-domain plugin:

--Simple example to insert plugins from their AssetId, also works for models, decals, meshes
--Note: This can only be run in the command bar; putting in a script will error
for _, object in pairs(game:GetObjects("rbxassetid://ASSETID")) do
	object.Parent = workspace
end

Method 2: Using Studio’s Local Plugin Cache

This method is less practical than all of the other methods, so I’d recommend using them instead since this method requires the plugin in question to be installed prior.

Whenever you install a plugin, it’s stored locally on your machine. This means that all you have to do is locate it and then insert it into Studio. I’ve formulated a basic guide to help locate such files on both macOS & Windows 10 (I don’t have a device running Windows 7, but I’m sure it’s quite similar):

macOS

It’s fairly simple to find Roblox’s local plugin cache on macOS.

  1. Open up a new Finder window.
  2. Navigate to your user’s documents folder or use Command + Shift + G and type in ~/Documents which should take you to your Documents folder.
  3. Locate the Roblox folder and open it. It should look something like this
  4. Select the folder that’s named with a bunch of numbers. This number should be your UserId, if you’ve signed in with multiple accounts you’ll need to select the appropriate one.
  5. Open the InstalledPlugins folder. Inside this folder, you’ll see more folders with numbers. These numbers correspond to the AssetId of the plugins. Pick the appropriate one.
  6. This next step may be different for some. Either you’ll see more folders with numbers, or you’ll see the plugin.rbxl file of the plugin. If you see the plugin file, proceed to the next step. Otherwise, you should see something like below. Select the folder with the greatest number; I believe these numbers represent the different versions of the plugin it has updated. So the highest number would be the latest version.
  7. Just drag the file into Studio and you’ll now be able to inspect the plugin exactly like Method 1!
Windows 10

I’m a Mac user so I don’t have the greatest knowledge of Windows, but I know enough to get around.

  1. Open Studio and right-click the place in the Explorer you want to plugin to insert to. Click on Insert from File....
  2. Now in the address bar, enter %LocalAppData%. This should take you to a location like C:\Users\USER\AppData\Local.
  3. Select the Roblox folder.
  4. Next, open the folder that consists of a bunch of numbers. This is your Roblox UserId so if you’ve signed in with multiple accounts, you’ll need to pick yours.
  5. You’ll now see a lot of folders housing all of your installed plugins. All of these numbers represent the AssetId of the plugin. Find your appropriate folder and open it; we’re just about done.
  6. This step may vary for some. If you see the Plugin.rbxl file, skip to the next step. Otherwise, you’ll probably see something like this. I believe these numbers represent the version of the plugin (if it has updated). Pick the biggest number; it should be the most recent version of the plugin.
  7. Finally, we’ve reached the plugin file! Select it and open it up; it should insert where you previously selected! Now you can inspect it just like in Method 1!

Method 3: Using BTRoblox

BTRoblox is a free, open-source plugin made by @AntiBoomz0r for both Chrome and Firefox. It includes a lot of things I enjoy, but I’m just going to focus on two additions to the item details page.


As you see, there are two new buttons here that appear for any public-domain asset. The first one may be fairly self-explanatory, but it downloads the asset in a .rbxl file. This means that you can simply insert it into Studio just like that!

I personally use this second button multiple times per day. It opens up a basic explorer and properties window of the asset. I find this feature helpful for a quick peek at anything without the need to open up Studio.


By double-clicking a script, a new tab is created with a plain text copy of the source. This is my goto for verifying all of my plugins.


Method 4: Using Plugin Importer

@ClockworkSquirrel has also created a plugin available for free to insert plugins very easily. Just paste the link or AssetId and you’ll be greeted with the plugin in ServerStorage.



Conclusion

Hopefully this clears some of the confusion around checking the source of plugins. If you have any questions or concerns, drop them below and I’ll do my best to answer them. Happy safe plugin searching :slight_smile: .

65 Likes

Good advice!

In addition to this advice, I’d highly recommend getting a trustworthy anti-infection plugin too. Even as a professional and disciplined player, I’ve managed to accidentally let a couple things slip into my games on rare occasions. Therefore I’d highly recommend installing an anti-infection plugin such as Christbru’s hidden script detector to mitigate these risks. (others are available, but as a user of the aforementioned plugin I can vouch for its integrity at the time of writing)

(also didn’t expect to see my plugin used as part of a demonstration - nice!)

5 Likes

My apologies for such a delay here, I’ve been quite ill since posting this and looking at screens intensified my symptoms. After this long break, I’m feeling much better and motivated to get stuff done again :slight_smile: .


@ClockworkSquirrel added a section on it :wink:


@Elttob I was actually in progress of writing another resource on this exact topic before I went down with my sickness; I’m hoping to finish it up within the next few days. I recently discovered a bunch of your plugins and I’m liking them a lot; thought I’d spread the word haha.

3 Likes

Do you know how to inspect code of BuiltIn plugins?

I believe it’s impossible

I’d also like to add a heads-up to this; almost never trust obfuscated code, unless there is a link to a GitHub repo with the actual source code. Obfuscated code probably means that the module contains some sketchy code and it’s probably a virus.

1 Like

It is possible!

here is a step by step on how to find BuiltIn plugin source codes
(also bad quality pictures, sorry :frowning: )

  1. Go to your Roblox Studio Application, then right click, then press “Open File Location”
    ds

  2. After that scroll to the very top and you should see a folder called “BuiltInPlugins”
    adub
    click that folder and it will take you to rbxm files (ignore the sig files) of the plugins, just insert them in a studio place and they should pop up in the workspace

Its that simple!

3 Likes

thanks for telling me how loll

1 Like

Heads up! Apparently, roblox terminates accounts holding Obuscated code.

you should probably edit the message saying that the plugin importer plugin isnt obtainable anymore

Yeah, also worth saying that they should probably mention their new username, @cxmeels now.

Plugin got discontinued a while ago, can’t remember for what reasons.


Hopefully this doesn’t count as advertising, but as a heads up, if you want to import plugins, my plugin auroraSuite can do it.

image