How to remove backdoors from your game

Hello, recently I’ve seen a lot of backdoor, exploit, and hack related posts on the DevForum. A couple of people asked me to release my method of removing backdoors because I usually respond to these posts with a help offering, and fix their games. I’m gonna list steps, strings, and ways to prevent getting your game backdoored.

The main question of all is : “What is a backdoor?”
A backdoor is something that exploiters use to gain server-sided (fully-replicated) access to your games. It is impossible to read Server-Sided scripts with a backdoor however exploiters use backdoors to ruin your game with things such as “Troll Maps”, “Grab Knifes”, “SS Guis”, and so on. Everyone can see replicated items that were added using that backdoor. This is why backdooring is such a problem.
I’m going to provide some steps below.

Step 1 : Check your plugins!
The second most common way to get your game backdoored is by downloading fake or botted plugins. There are 3 indicators to seeing if a plugin is fake
1 : Their Username & Join Date
2 : The amount of sales will look like a crazy amount, but look at the creation date.
3 : The creation date.
Below is a fake plugin.
fakz

Step 2 : Free models are placeholders, not for publishing!
The biggest way games gets viruses are through free models. Fake models will bot themselves usually with highly spammed names or real names but tons of sales. There are 2 steps to checking for free models that are fake and filled with backdoors
Step 1 : Check the creator! Usually the creator has a bot-like name or is a new user.
fakemodel
Step 2 : Look for scripts in the model after insertion and remove them! (this doesn’t apply for tools.)
thisaz
Hopefully this removes those pesky backdoors. Make sure not to use free models for anything other than placeholders and make sure to replace them with your own!

Step 3 : Use CTRL + Shift + F to check for these strings!
Here I’m going to list a bunch of strings to check for using the script finder tool. Always check where the Module ID leads to if you can find the ID of the module causing the backdoor.
List of strings : math. , require , luraph, synapse, string. , I , loadstring, getfenv , setfenv, IsStudio
Those strings are some of the most used strings with backdoors.
Here’s what that palm tree model lead to. There will usually be a “:run” type of function after it in order to activate the model.
virz
vzs
thisbad

Hopefully this solved your virus-related problems. I wish you all a backdoor-free day!
I just wanted to add, backdoors aren’t the same thing as server-side access remotes. Those have the same base functionality, but they are caused by different properties.
~ Sudden_Demise

133 Likes

Nice tutorial but gonna add to this part:

getfenv is also commonly used to hide require.

24 Likes

You should probably look for getfenv since it can get the environment and allow people to do stuff like getfenv()["\108\111\97\100\115\116\114\105\110\103"] instead of loadstring.

Edit: vw_er beat me to it

15 Likes

First what if its a old account
next what if they update a old model
next what if its obfuscated

  1. Those can be PGed and you can usually check their inventories. They most likely have 0 to no other models.
  2. If they update an old model, you will see the update if you insert it into your game. You can use this method every time you’re suspicious of a backdoor.
  3. If it’s obfuscated you can choose to trust the creator or not trust the creator.
2 Likes

Quick tip: RobloxTopPlugins gave me a virus in my game :frowning:

Don’t trust this account

5 Likes

Yeah don’t trust ANY of the top free models like ever. I’ve cataloged like over 15 backdoors in my time. Some of them are more hidden than others. Most of them use obscurification but that can be solved most of the time by just saying require = print. Some of them even detect of you are in studio or not to stop you from doing this. Some of them are easier to crack than others but you can break through every backdoors encryption with a little bit of time.
One of the most deviant i’ve broken trough used every form of encryption know to man. I’m talking 3 different scripts with obscurification and a plugin which when opened had over and i quote 50k trusses inside of it almost causing my studio to crash. The only way i could actually see the code of the plugin was to save it as a roblox XML file and look at the code of that file in notepad++. But it was all worth i to see the panic of the buyers involved lol.
Many of them keep their code hidden because they sell these backdoors to people for around 5-20 dollars a piece depending of how many games they got infected. Once they buy it they will be added to a “whitelist” which is basically just a rank group which the backdoor will check for.
They normally do this via having a discord webhook which will automatically send the game to a discord server for easy access.
image
There’s only been a few that i haven’t been able to break through. If you got the skills the try your hands at this one which i haven’t broken through yet:
https://www.roblox.com/library/4805963492/wooooooooook

8 Likes

I tried running that script in vanilla lua and this is what I got:
https://gyazo.com/35afb6100b7d0e70037eb80b512c2a32

hmm i dont know. maybe it’s broken

1 Like

Do I have to disable my plugin to remove it? cause I already did & its still saying **Unable to teleport to a restricted area or do i have to uninstall it.

1 Like

You need to uninstalled the backdoored plugin and then remove the infectious/malicious scripts.

1 Like

What do these backdoors do? They can’t really steal robux can they so whats to worry?

1 Like

They can ruin your game. Exploiters can come and make everyone buy fake gamepasses, ban everyone, or even change their stats to super high.

2 Likes

I personally search “script” in the explorer and check all of my scripts.
Gameguard Anti-Virus V2 is a good plugin for backdoor scanning

3 Likes

Game backdoors has really advanced, exploiters for some reasons is bigbrain enough to create something realistic as this. This topic was really helpful towards the DevForum Community. The first time I started developing, I didnt realise someone could make something advance like this. One of my first games got backdoored before. Thank you for warning us. Stay safe :+1:t2:.

2 Likes

Sure that’s a good idea but personally, my game has about 2,000 scripts and that can be very tiring to look through all those scripts. Try using the search feature to find specific keywords in the scripts.

1 Like

That’s why I also use that specific plugin.

Stay aware for these things, however not everything is a virus after all. People are oversensitive that everything is a virus, but you just need to check and have awareness! If the model is like “RobloxTopPlugins” or has a group named “Models” it’s most likely a serverside, but remember be aware.

1 Like

To find the backdoor easily, just click CTRL + Shift + F then type require, if this doesn’t work! try getfenv()

4 Likes

There are really many topics about this, I recommend using this plug-in here https://www.roblox.com/library/5121131624/GameGuard-Anti-Virus-V2-ALPHA made by @deluc_t, does it with no hesitation and pretty fast.

Next time before you post something like this check on the forum if it has been answered before.

3 Likes