Hi Guys!
Apologies that there are other posts similar to this, but I want to discuss more in-depth about how these backdoor plugins work so the community can get a better understanding of them. I’ve never seen a forum post about what their purpose is, I only seen posts about how to handle them. So, here goes:
What Are Backdoor Plugins & How Do They Work?
They’re seemingly harmless but useful plugins with backdoors hidden in them. However, these backdoor plugins usually do more than an ordinary in-game virus, they are sometimes almost untraceable. They embed themselves very well into games, and they allow for exploiters to run admin or even FE-disabled code in your games. Basically, they can become super-saiyan, spawn buildings, change the maps, have admin, etc.
Furthermore, some of these backdoors are set up to notify a discord server about your game being infected with the backdoor and so their members know to join your game and begin using these exploits right away.
This is why Roblox bans accounts that are caught creating these backdoor plugins.
Example: (TopK3k 5.0 - Relies on a backdoor plugin to give exploiters Server-Side Exploits):
Upon seeing a showcase video on this, I think this is from that example picture:
How Do Plugin Backdoors Spread?
They basically bot the (Backdoor) Plugin a ton of fake sales…maybe even some fake likes. This supposedly helps it get found more easily in the random list of recommended plugins to install. It out-ranks many normal plugins and so there’s a higher chance that a player will install this plugin.
Example of a botted backdoor plugin: - (Note: The date of this forum post was on 7/9/2020)
What Are The Signs That It’s a Backdoor and Not Legit?
-
Usually, backdoor plugins are made by an obvious “alt account” like a bacon-hair, be sure to always check the creator of the plugin before installing the plugin and running your game with it.
-
If you download the contents of such a plugin and inspect the code of it, they’re sometimes obfuscated and very hard to find. So, they may do what you want it to do, but you may also get some new and undesirable in-game lag - that’s a major red flag to lookout for. In the code they mix a ton of lowercase L’s and uppercase I’s or O’s with 0’s, then obfuscate it, and hide it as best they can.
What the “Invite Players” backdoor Plugin’s code looked like (Yeah, unnecessarily obfusicated):
What Can I Do If My Game Has A Backdoor?
The answer to this topic goes to other community forum-posters and I’ll give credits for this one…Sometimes, it just takes a thorough scan to stop them.
You will want to use this guide on how to find backdoors.
-
You can try using XxMystical_SecretsxX’s method on how to find & remove backdoors manually.
-
If that fails, try using Kronos. Sadly, Christbru01’s plugin doesn’t work anymore, it just spins its wheel and says the game needs time because it’s big.
Unfortunately for me, I came across a very bad one and I read online and tried many methods…but to no avail.
“The most truthful answer I can give to you is that, if all else fails…your last and only option is to revert your game back to a version before you installed the backdoor plugin.”
For the backdoor that I dealt with, I tried everything and had to just re-make my game. Though, those tools do catch and find most things…and I encourage that you try those methods before reverting the version because not all backdoor plugins are impossible to fix without reverting your game back to a safe version.
Please keep in mind that the backdoor plugins are made before the backdoor finders are updated to catch them.