[PSA] A popular give system is backdoored

Hello everyone, I’m Sudden_Demise your average scripter.

I have something VERY important to warn you all about, a popular hand-to gui/system has been found to have a serious and hard to find backdoor. This backdoor is UNIVERSAL meaning all games with this give/hand-to system are vulnerable. You may be wondering how this backdoor can be abused? I’ll answer that right now.

One of my groups (that I develop for) had been using this give system and had ran 50K in ads. Obviously exploiters jumped on the game and started looking for backdoors, vulnerabilities, etc. A very popular exploiting website (which I will not disclose), had a user who released an “FE Btools Script” (fe = filtering enabled.) This script was server-sided meaning ALL of our players could see parts being deleted, thus resulting in the game being destroyed. It took me and my team a while to figure it out, but in the end we did.

This give system is very popular throughout many cafe games, so let me show you how to identify it.

Please keep your games safe and have a nice day! - Sam

8 Likes

Kind of why you shouldn’t use freemodels at all in the final product and should instead create your own scripts/builds. And if you can’t script/build, work with a team who can.

3 Likes

Maybe, just maybe if you’d have given us the name of that system we would just avoid it rather than scanning the model and it’s descendants ,

plus I don’t see how this relates to scripting and/or scripting help.

1 Like

The model goes under “GiveSystem”, I don’t know the origin or original name of it but I’m pretty sure the creator is Wizzy011. (not 100% sure.)

Nice job noticing this! This seems like a very important thing. But just wanted to point out that this doesn’t belong in this category. Perhaps it’s more suitable somewhere else.

1 Like

Sorry if it doesn’t belong here, but I just wanted to make the PSA to be known to scripters and other users who read this category a lot.

3 Likes

Free models are intended to be placeholders only, soon as possible substitute each FM for work that is in your ownership before problems occur. Open sourced scripts put yourself at risk by being exposed to vulnerabilities and open sourced models/meshes put yourself at risk to IP infringement. While it’s a low risk, it’s still a risk meaning it’s foolish to remain oblivious to either possibility occurring.

1 Like

I’d dispute this - as a professional scripter with over a decade of experience on the Roblox platform, it’s more accurate to say you should use free models carefully. Don’t take random models, make sure they’re authored by people you trust, and make sure to keep your stuff updated. Free models are especially useful for sharing code modules, for example.

Free models can be a huge help when used correctly.

7 Likes

Reinforcing this, I learnt a lot of free models so they should definitely be a viable resource if you are just starting out with developing, they are typically looked down apon, however there is nothing wrong with using them sparingly as long as you are aware it may have potentially negative impacts if you use them in a game and typically they are not of the best quality.

1 Like

I fully agree, free models can be used in many ways and are supposed to be used for reference, placeholders, etc. You shouldn’t take random models at all however this model in specific has been used in thousands of games thus making it “trusted” by many ROBLOX users on the platform.

However if you do , in fact use free models
I’d suggest doing so only as a means of ‘research’ into others’ code to improve your own (and for asset-sharing like modules ). To be ‘safe’ while using free models* , I recommend using Server Defender ,only if you do that is, it automatically scans code (a toggle-able option) for malicious-ness and models for viruses or known threats.
*With a reduced risk of Backdoors

I do not comprehend why you would not take precautions when using a freemodeled asset. Free assets do not guarantee safety and has to be checked thoroughly, as well as the real world equivalents of products(as a contrast).


You are also using the category incorrectly, this belongs closer to a #discussion rather than scripting support.

1 Like

I shouldn’t really phrase that you shouldn’t use them at all, but rather utilize them as a learning resource, or what other people have said, as a placeholder. Though when it comes down to it, you shouldn’t necessarily use models from the Library unless it’s as a last resort. But you do make good points, as if you’re going to be using free models at all, you should always take precautions no matter what (unless it’s a ROBLOX approved model, of course).

How are you certain this script is the backdoor?

This is scripting support, you really shouldn’t be posting PSAs here. This is obtaining support with scripting related problems.

Read the Rules here:

This would be more fitting to be posted in #bulletin-board.

1 Like

A user who I am familiar with owns an “exploit” (has been proven to use only for research) and I asked him to test this on one of my games with multiple variations of this. Each time he tested it, the same thing happened giving him server-sided access.