Lua Script Checking?

Hello! I was wondering if there was any way to check an integrity of a script by reading its source.

I am attempting to make a script checker that reads a scripts source to check the integrity if its code. I have tried Script.Source but its for Plugins only. (Plugin Security)

Is there anyway I can achieve this or is there an alternative of checking integrity of scripts?

Any help is appreciated, thanks!

2 Likes

There are a few solutions. I’ll explain what I do when I’m going through a rather “suspicious” model cough[spoiler] https://www.roblox.com/library/4764560333/Red-Roleplay-Name[/spoiler] cough

You could do something similar to how I reverse engineer those free model backdoors. Though you will have to do some manual labor.

The concept behind the hood is to wrap the entire environment that the “insecure” script uses. What I will do is have the script require my module, and upon the module’s returned function being called I get the environment calling the script and I start wrapping functions such as require and variables such as game.

You can get the environment calling a given function by using getfenv(2). Setting variables is trivial

local callingEnvironment = getfenv(2)
local newGame = wrap(game) --// assumed predefined `wrap` function that logs all __index's 

callingEnvironment.game = newGame

I suggest you look into this for a tutorial on how to wrap userdatas in a recursive way.

Unfortunately, I have not played with metatables and looked at this for 20 minutes now? Could you simplify what you mean because im having trouble.

A very botched definition of a metatable is “events for tables”. I am not good at teaching and so I will just link some resources.

Try reading this:
http://lua-users.org/wiki/MetatableEvents

I really suggest reading the article I posted above (if you have not yet)