My game is backdoored and I can't find the backdoor

Help and Feedback Scripting Support
#33

Isn’t there a getfenv that comes right before obfuscated text?
Either way, I’ve checked out the asset that the script requires. It doesn’t seem to be for sale, and if I remember correctly (may be wrong however) require only works when a module is set for sale.

I’m guessing the people who orchestrated this are planning to activate it if you don’t pay up.

Anyways, you should probably delete that script.

Another note:
I’ve heard that some people like to obfuscate their code to prevent theft, especially with long scripts like these, and based on its contents this may be the case.

2 Likes
#34

Are you supposed to start with 5 quadrillion?
image

2 Likes
#35

I’m guessing that since this is being posted on the devforum, they are taking it offsale so people smart enough wouldn’t try to “crack” the source to the backdoor.

#36

If you have a back up and or save, overwrite the save to the main game, or if you don’t, set the game to an older version or use an auto recovery save. It might not get rid of the back door fully, but it should remove all the damage until the person who back doored you strikes again. In that window of time delete all plugins, use ctrl + shift + f to find all require function or what ever they are called and delete/edit the scripts that have it.

#37

Add me on discord Frames#0130 Ill help you. Cheers.

#38

Use an antivirus plugin. Here is a good one:

#39

dont trust it. they’ll just take it and NOT tell how.

#40

Yep I am aware.

Just for everyone else who is still on this topic, myself and the head developer spent a few hours looking through the game. One of the owners friends eventually found it buried deep in one of the scripts.

Hopefully that solved the issue, the backdoor (seems) to be gone.

#41

can you share how and where you found it?

#42

If that wasn’t all or wasn’t it, just post it back on here.

#43

its a remote
that allows ss scripts
you can manipulate the args by hooking it
to execute whatever you want on the server

#44

I mean, if I had edit perms to look-over the whole game entirely, sure.

However, try too look for:

local a,b,c types
rosync
require
getfenv
loadstring
and a bunch of random generated stuff

#45

I don’t like to repeat just read what I said before “We already checked these words and we cannot find the module id of the backdoor which is really weird and they used a “private method” to hide the backdoor and that’s it is very well hidden.”

#46

Well, you can’t really do anything then. And there’s no way I’d be added onto the group to get edit perms too look over the whole entire game for a backdoor.

#47

did you add any free models? All it takes is some clever usage of require or getfenv or something like that

#48

Apologies for the late response,

It was buried very deep in one of the scripts, masked as a require (so you assumed it was needed for something regarding the script) considering there we’re hundreds requires in the game.

#49

Look up the plugin gameguard in the toolbox, it could help find it.
Gameguard checks all scripts, and plugins.
GameGuard Anti Virus V2 [ALPHA] - Community Resources - DevForum | Roblox

1 Like
#50

What’s a backdoor? Sorry if it’s a dumb question.

#51

Something that allows people to get into your game and potentially trigger exploits, or just destroy the game itself. It can also cause lag to the game, or the player.
Users can get onto the server with this, meaning the game server can be harmed.

This topic is solved, for those still replying.

1 Like
#52

It doesn’t show the module id only require( of the vehicles, gun system etc but no the backdoor (module)

We already checked these words and we cannot find the module id of the backdoor which is really weird and they used a “private method” to hide the backdoor and that’s it is very well hidden.

I know that their whitelist is probaly http based but a bunch of our core scripts rely on http service and the backdoor let them do what they want to the game