Kronos would run string char and basically have it like
local r = getfenv()['require']
and then would check if that requires any module. If it does, it will check the module code (if it can’t access it, it’s clearly a backdoor) and their descendants.
I’ve already thought of that trick and I made ways to detect it.
Kronos will also be able to detect Synapse Xen, Luraph and Ironbrew by checking for the opcodes and maybe later I will add a feature to split the obfuscated scripts (could be useful)
Yeah but how will you prevent hard cases of the variable’s reference being extremely abstracted. This seems extremely difficult to do without compiling and then running the code in a sandbox. I don’t even see popular IDE’s these days being able to do this.
Example of some tricky variable reference:
local a = "hello world"
local function b()
local function a()
return "require"
end
return a()
end
a = b()
getfenv()[a](...)
Better yet, what If I define my own string.char that I pass my own encrypted data to and my custom implementation decrypts my data. So when you call char on my inputs, it doesn’t return require, it just returns some random string when in reality in my malicious plugin it will move on and be decrypted and call the require function and my other ill intent code.
And if you decide to use a sandbox and run my malicious code instead of using a gigantic gmatch, what stops me from just crashing your sandbox. And how will you implement the entirety of the ROBLOX environment into your sandbox so normal code runs
It will quickly become unfeasible to detect malicious code because malicious code can be written in an infinite amount of ways. Whilst I do think a plugin detecting malicious code is great, it will soon be outdated by newer methods and then popularizing and selling those methods. (This situation reminds me a great deal of ROBLOX chat bypasses and how they spread and something called the Halting Problem)
Literally no one would bother to do stuff like that . What’s the point? I don’t see the point in doing such “encrypted” stuff. It would get a warning for using getfenv / require though, if it can’t be “decrypted”.
Most of them are stuff like require(x) which can easily get detected
So why would anyone pay for your service if it is this easily flawed:
Legit code can easily be flagged because I chose to use require or getfenv
You do not want to put in work to prevent people interested in easily breaking you security
I honestly don’t know why you think no one would bother with something like that. It could easily be done in a reasonable amount of code in a few minutes depending on the skill of the person writing.
Since people know their require(x) is being detected, they will easily just move onto the method I just talked about (and especially will probably since you don’t want to bother attempting to find a solution about it.)
Looking thru a huge game for getfenv and require would take lot of time (which devs need), also builders can’t do that due to lack of scripting knowledge.
I do want to put in work to prevent people interesed in breaking my security but that’s not what I am focusing on right now, I’m mainly focusing on basic backdoors, and not only backdoors but viruses too, which are everywhere.
I do understand many people can script and make the same thing however they might not have time to do so and it’s easier to buy a plugin which constantly updates and protects / scans your game for backdoors.
Kronos won’t be just a security plugin, it will be a hub (different tools included into it), with a reasonable price of maybe 50 robux.
I’ll think of lua sandbox implementation, however, that would take longer and will probably be released later after feedback, if needed.
A Lua sandbox implementation is a horrible idea, people will just crash your plugin, or worse escape the sandbox and run malicious code from your plugin.
I mentioned it as an alternative that you may come onto by yourself and then I posted a reason to refute the hypothetical idea you (in my train of thought) generated (Lua sandbox) (confusing sentence; what I’m saying here is I thought of what you could’ve thought of doing next and then a method on how to bypass what you thought of doing next)
I understand where you’re coming from when wanting to focus on basic back-doors however, when the basic back-doors are patched they are just going to simply fix the problem by using a more advanced method, and they will continue to do that. It will get to a point where your plugin is unable to contain the extreme amount of logic to intelligently analyze the malware. And if this is going to be for “basic” back-doors then why make it cost money. If the back-doors are so basic then tons of other programmers could probably reverse engineer the backdoor and easily create their own plugin to do exactly what yours does (for free!)
I agree with you, however I do want to get this better everyday by launching updates.
One Kronos’ feature is getting user installed plugins and scanning them for backdoors. This one can be easily made buut, it will also scan for the required ids.
If someone does stuff like
require(x) --// and x is a backdoor (required id will be scanned, inserted using GetObjects)
Kronos will move that script into quarantine for being a backdoor loader.
I do hope to see good feedback on the plugin, I’m positive about Kronos being 1st Plugin when it comes to malicious stuff detecting.
I do agree with this. Exploiters have gone through absurd amount of work and reverse engineering just to exploit my game. No one should ever under-estimate how much time they have on their hands :c
I’ve made a few backdoors in my time. Obviously not for actual malicious use, but for a learning experience - I wanted to see what I could do.
I can say that it is a fun experience. Just like you might be hooked or motivated to make your game, an exploiter is hooked and motivated to make an exploit for something (unless they’re the average script kiddie- but they don’ tend tot make backdoors). Just like that feeling you get when you’ve spent hours fixing a bug and it finally works - an exploiter feels rewarded when they finally get their exploit done.
Never say that “Literally no one would bother to do stuff like that” - they will. It’s just another challenge for them to have a crack at (or potential business opportunity, exploits have made some serious money).
TD;LR: Always develop knowing that someone, anyone, will take a serious shot at cracking it - someone eventually will.
Each time I use Kronos, this prints out in the output:
If I click on the warning, nothing happens. This is confusing, since I don’t know what’s loading this.
When looking at the source, I seem to understand that Kronos is somehow detecting that nil contains a backdoor???
Also, I think the plugin could be 100x better if there was a UI, since it would be more intuitive to the average user.
I tested this plugin on all the top free models **created by Roblox**, and it managed to detect one of the scripts to be a Fire/Instance virus:
You might want to mention that they sometimes might happen, to not spread misinformation.