Howdy Buster. Recently Roblox has been getting botted free models or plugins that contain Malware or Backdoors. As such, exploiters/cheaters are able to easily cheat in games. Worst of all, they could get you Banned off Roblox!
This is Where LaKoAV comes in to Play. LaKoAV has smart Malware detecting software to easily destroy those pesky Viruses and keep those Exploiters away!
Features
1.Smart script Reading [Preparing/Testing for Release]
2.Script Sandbox (Runs Viruses in a Virtual Environment to see what they do.) [WIP]
3.Deobfuscator (deobfuscate scripts to make sure they aren’t hiding anything!) [WIP]
4.Real Time Protection (Protect your game in Real Time! Delete viruses automatically [Preparing/Testing for Release]
Download hereCurrently InDev. you will be able to download it after basic functionality.
I made this like 2 years ago and figured out a positive AV is impossible until model hashing is created.
Planning to deobfuscate newer ones mostly. But also, some old ones.
(This plugin is also taking a bit longer than i thought EEEEE)
Synapse Xen
MoonSec (Very hard, and newer, and powerful obfuscator. I’ll figure it out. AND FREE. So, this would help with most backdoors.)
Ironbrew
Luraph
Verdict
Loadstring, and getfenvs.
Synapse Xen, Luraph, IronBrew? I have never seen those deobfuscated, only dumped IronBrew. How do you plan deobfuscating those? Also will this plugin be obfuscated? Also you didn’t answer my other question.
Also there are a lot of other anti-backdoors out there, what kind of difference does this plugin have to those out there?
Synapse XEN is no longer used in new backdoors as it has been discountinued.
MoonSec is not worth trying to automatically deobfuscate especially considering Roblox’s string char limitations. There is a public method to constant dump it but as I said there is a 64000 character limit for script string input on Roblox.
IronBrew is rarely used in good/secure backdoors and there are many deobfuscation methods and tools that have been made public for this but yet again, the 64000 char string limit.
Luraph is currently non-constant dumpable and non-deobfuscateable. If you were to find a way to deobfuscate Luraph and it was publicly released, memcorrupt and the other Luraph devs would immediately fix the method in a matter of hours/days. Luraph gets constantly updated to use more secure methods every week so that it stays secure.
Verdict, never heard of this.
Loadstring and getfenvs just need to be found, simple as that. Also loadstring is actually useless unless the user enables “LoadstringEnabled”. Plugins, command bar scripts, etc do not have access to the property whatsoever so yeah loadstring is useless.
I have seen deobfuscated Synapse Xen, IronBrew (and it’s modifications except clvbrew props to @clv2 ). Luraph has only been successfully deobfuscated automatically once and that was over a year ago, and constant dumping is useless (and near impossible due to the char limit on Roblox.).
Your “deobfuscator goals” are near impossible as well as your “Script Sandbox” idea because Roblox doesn’t have support for those features. Script Sandbox is only possible by running the script as a test and viewing the source using GetObjects or something of the sort but that would be even more useless than this plugin.
I am sorry to say but your “LaKoAV” plugin is currently under the already high standard of antivirus/antibackdoor plugins. You should focus on something else because as cool as your ideas are, they are near impossible to execute properly.
Almost all obfuscators will Hex to try to hide these fuctions.
\114\101\113\117\105\114\101 (Require)
There is no way to basically recode Roblox. All obfuscators are basically just code that are in 1 line, and code that is engineered to be impossible to read.
(Also, MoonSec hides there name in there code. So, It’s pretty easy to detect.)
You can obviously detect scripts such as MoonSec but you are relying on the power of the users PC and if Roblox’s Script Source access limit actually allows you too.
" \114\101\113\117\105\114\101" one of the most uncommon and hard to find being used anymore methods for backdoors. This is rarely ever used due to it being so widely known and unsecure.
It really doesn’t matter and it’s something to not argue about.
It’s like a virus. Its fully gone for a long while, but then It’ll come back and be stronger out of nowhere. If we try to ignore the simple backdoors they’ll be used more because there not being detected.