[PLUGIN] Assets Watcher | Say goodbye to the hidden backdoor / virus

Hello to all DevForm members.Today I will introduce you to my new plugin (my first too) Assets Watcher.
As you probably know, backdoor and hidden viruses can be found everywhere on roblox toolbox and plugin (which has been significantly increased in recent times). It becomes problematic in the fact that most of model that you can find in the toolbox or in the plugin list contains malicious scripts.

This is where Assets Watcher comes into play. Assets watcher is a tool allowing to analyze any Assets from its ID or directly in game by selecting it. It will give you a list of suspicious scripts and give you multiples choices. It can also be used to verify that your plugin does not contain a backdoor simply with there ID. The idea is quite simple, but the plugin becomes really efficient when you check large assets.

In addition to the default detection, you can also add your own detection via Settings > Detections

Exemple

V2
Roblox Assets Watcher Plugin V2.0.0 - YouTube
v1.4.4


As you can see it detected one obstructed script. Probably a backdoor

You also have parameters. To access it click on the adjustable wrench.

Get the plugin herehttps://www.roblox.com/library/6131699641/Assets-Watcher

If you ever have any ideas or bugs let me know!

21 Likes

Is there a feature in this plugin that no other backdoor scanning plugins have? Other plugins will scan the whole entire game automatically but your plugin only works if you insert a asset id.

1 Like

Like most other no they don’t have specific feature, I will surely add later

The plugin was created to analyze specific assets like i said in the post

Does this plugin automatically flag any require() as malicious, or does it actually analyze the context of the script to determine if the call is malicious?

I can imagine scanning assets individually would be a lot more effective but I’m kind of skeptical about how this plugin works in general.

Does this scan for http requests?

No, I ain’t thinking about it, I’ll see later thx

Currently it actually detects all require, but in a future update I would only detect require containing numbers. Also it does not detect just the require but several other like “getfenv” or “loadstring”

Except that if you have a lot of script in the asset, that doesn’t mean it all contains malicious code. The it detects suspicious scripts in the asset and allows you to check it with the “Open Script” button. Currently it does not open at the detection line but I will try to add it after fixing the “script.Source” problem if I find how

Otherwise the general operation is to make a list of suspicious elements in the asset to avoid wasting time checking everything, small amount of scripts these quickly manually but when you have large assets with a ton of script it becomes long. The plugin can also continue its analysis when the GUI is closed and while a local run is performed on the studio which allows to continue to do something else while waiting that the list get created

This detects require(, no patterns. This can be easily bypassed just by doing:

local foo = require

foo(1234)
1 Like

I didn’t have to think about it thanks! I will update all the detection that uses this method

This also doesn’t pick up obfuscations due to them using variables and getfenv. You shouldn’t search for getfenv( you should search for getfenv as it is always used maliciously (in my lifetime).

Well thank you even though i just said it

I feel as if it is inconvenient to have to scan each asset 1 by one. Can you add a feature to scan a bulk list of assets, or maybe just scan your whole game.

2 Likes

Yes, I could add an option but remember that the basic purpose of this plugin is to check the models before you add them to your games. However, I believe that adding this option could indeed serve so yes i think i do add an option only i can’t really currently

1 Like

I’d rather use something like what you mentioned. Scanning an asset ID isn’t that useful to me.

Would also like to add that this plugin will probably flag harmless plugins such as HD Admin.

Update 1.2
Modification of the detection strings following a remark on the form (@Dan_PanMan)
Patch of a small bug with the detection in the scripts and improvement of the chances of detection

If it’s not useful for you, just don’t use it.

The goal of the plugin is to facilitate the detection of strange / malicious script .Not to remove them. With the information that the plugin provides, it is faster to check which scripts you need to check.

Update 1.3.2
A friend made me realize that the plugin does not analyse the parent of the asset. So if the parent in question was a script, it wasn’t analysed. The problem is now fixed. Also there is no longer any detection problem with plugins

Update 1.4.0

  • Patch of some error
  • The plugin icon finally got published (Thx to rblx admins)
  • Adding the option “Watch Selected” to directly analyze the models in your games
    image
Note

For those who install the plugin for the first time, it is necessary to restart the studio once permission has been granted to the plugin, I would try to fix this problem in the next update

2 Likes

Does this script reverse engineer any scripts?

For example:

game[‘47\65\74\53\65\72\76\69\63\65’](game, ‘48\54\54\50\53\65\72\76\69\63\65’) —> game:GetService(‘HTTPService’)

2 Likes

No I didn’t have to think about it. It’s a bit problematic.
I will do some research to see if I can find a solution, if you have any ideas do not hesitate to contact me

1 Like