[PLUGIN] Assets Watcher | Say goodbye to the hidden backdoor / virus

Hello to all DevForm members.Today I will introduce you to my new plugin (my first too) Assets Watcher.
As you probably know, backdoor and hidden viruses can be found everywhere on roblox toolbox and plugin (which has been significantly increased in recent times). It becomes problematic in the fact that most of model that you can find in the toolbox or in the plugin list contains malicious scripts.

This is where Assets Watcher comes into play. Assets watcher is a tool allowing to analyze any Assets from its ID or directly in game by selecting it. It will give you a list of suspicious scripts and give you multiples choices. It can also be used to verify that your plugin does not contain a backdoor simply with there ID. The idea is quite simple, but the plugin becomes really efficient when you check large assets.

In addition to the default detection, you can also add your own detection via Settings > Detections

You also have parameters. To access it click on the adjustable wrench.

Get the plugin here → https://www.roblox.com/library/6131699641/Assets-Watcher

If you ever have any ideas or bugs let me know!

Is there a feature in this plugin that no other backdoor scanning plugins have? Other plugins will scan the whole entire game automatically but your plugin only works if you insert a asset id.

Like most other no they don’t have specific feature, I will surely add later

The plugin was created to analyze specific assets like i said in the post

Does this plugin automatically flag any require() as malicious, or does it actually analyze the context of the script to determine if the call is malicious?

I can imagine scanning assets individually would be a lot more effective but I’m kind of skeptical about how this plugin works in general.

Does this scan for http requests?

No, I ain’t thinking about it, I’ll see later thx

Currently it actually detects all require, but in a future update I would only detect require containing numbers. Also it does not detect just require but several other like “getfenv” or “loadstring”

Except that if you have a lot of script in the asset, that doesn’t mean it all contains malicious code. The plugin will detects suspicious scripts in the asset and allows you to check them with the “Open Script” button. Currently it does not open at the detection line but I will try to add it after fixing the “script.Source” problem.

Otherwise the general goal of the plugin is to make a list of suspicious elements in the asset to avoid wasting time checking everything, a small amount of scripts isn’t a problem but when you have large assets with a ton of script it becomes long to do manually. The plugin can also continue its analysis when the GUI is closed and while a local run is performed on the studio which allows you to continue game development while waiting for the list

This detects require(, no patterns. This can be easily bypassed just by doing:

local foo = require

foo(1234)

I hadn’t thought about it thanks! I will update all the detection that uses this method

This also doesn’t pick up obfuscations due to them using variables and getfenv. You shouldn’t search for getfenv( you should search for getfenv as it is always used maliciously (in my lifetime).

I feel as if it is inconvenient to have to scan each asset 1 by one. Can you add a feature to scan a bulk list of assets, or maybe just scan your whole game.

Yes, I could add an option but remember that the basic purpose of this plugin is to check the models before you add them to your games. However, I believe that adding this option could indeed serve so yes i think i do add an option only i can’t really currently

I’d rather use something like what you mentioned. Scanning an asset ID isn’t that useful to me.

Would also like to add that this plugin will probably flag harmless plugins such as HD Admin.

Update 1.2
Modification of the detection strings following a remark on the form (@deluc_t)
Patch of a small bug with the detection in the scripts and improvement of the chances of detection

If it’s not useful for you, just don’t use it.

The goal of the plugin is to facilitate the detection of strange / malicious script .Not to remove them. With the information that the plugin provides, it is faster to check which scripts you need to check.

Update 1.3.2
A friend made me realize that the plugin does not analyse the parent of the asset. So if the parent in question was a script, it wasn’t analysed. The problem is now fixed. Also there is no longer any detection problem with plugins

Update 1.4.0

• Patch of some error
• The plugin icon finally got published (Thx to rblx admins)
• Adding the option “Watch Selected” to directly analyze the models in your games
  

Does this script reverse engineer any scripts?

For example:

game[‘47\65\74\53\65\72\76\69\63\65’](game, ‘48\54\54\50\53\65\72\76\69\63\65’) —> game:GetService(‘HTTPService’)

No I didn’t have to think about it. It’s a bit problematic.
I will do some research to see if I can find a solution, if you have any ideas do not hesitate to contact me

Update 1.4.2

• Adding possibility to undo
• New Detections (Thx to @7z99 for the remark)

After several tests I also noticed that it was not currently possible to debug the plugin when it does not have the necessary permission, so you will for the moment be required to restart your studio the first time

Update 1.4.3 (small)

• Adding undo cache setting (enable / disable possibility to undo)

• Modification of a small oversight on the undo option

• Modification of the end parent, the selected objects will no longer be moved in the workspace no matter what happens (unless the object was inside at the start of the analysis)

• Removed Builderman