Yes, this is obviously a virus, you dont even need to ask
the fact that if you copy this code into notepad in the bottom right you can see a getfenv() which is what people use for viruses
2 Likes
You should probably read my comments above ;p
Server scripts can’t be stolen via exploits. That’s pointless. They would also most likely just obfuscate the whole thing, not part of t.
3 Likes
Have you ever heard of Rogue Devs
How do you think games like Stateview, Bondi Recue, etc have been fully leaked
That has nothing to do with obfuscating your free model script… If your developers are willing to leak your game, you should learn how to find trusted devs.
2 Likes
It was never stated to be a free model script. As I said before Developers obfuscate their scripts for some more obscurity for their scripts IN THE EVENT OF A LEAK.
It is literally impossible to get the code inside of a script from the client. The bytecode is never sent over to the client. They can see the contents of local scripts though.
Never said It was possible, I said in the event the game got leaked from either a rogue dev, compromised dev, etc then the source code is at least safe and cannot be released.
Leaked… by whom?
If you’re hiring developers to work with you, wouldn’t you want the scripts to be unobfuscated so that they can work on them? If all the scripts are obfuscated, then neither you nor the developer can change the script.
In addition to that, the obfuscated script will work as-is, it will just be incomprehensible. A leaked place with obfuscated scripts will work just the way it did before (unless there are some checks for the place ID hidden in there).
Obfuscation will also slow down the code, making it nonviable for anything but one-and-done operations such as requiring a malicious module and pinging a webhook to say this place is compromised.
It’d make sense to obfuscate everything before you give your place to a builder, who has no business viewing your scripts, but most of the time you can just delete the scripts instead.
Yeah that’s a virus. The scroll bar at the bottom extends too far and + the fact you guys don’t need it in the game. Wonder how it got there though, you should search for similar stuff incase it got around to any more areas.
1 Like
Backdoors, they exist.
@posatta if I remember correctly, synapse x used to be able to fully decompile games, I dont think it can anymore, this included server scripts too, they cant be edited but viewed if decompiled or leaked
Server scripts can’t be stolen via exploits. That’s pointless. They would also most likely just obfuscate the whole thing, not part of t.
Also, sorry for continuing this thread that has already been solved, but I cant find a group your a developer for with over 10k members, and two, assuming its a cafe or some sort of group that you mentioned, what would you need to obfuscate? its not like your hiding something important like a gameanalytics key, or some sort of key for something important for a cafe game.
Hmmm, I think it is, bc of the “lol” variable of the start and the weird comment (if u didnt write this). Otherwise there is no reason to obfuscate a script for a simple door or whatever. Be warned!
Its obfuscated with wallysecure, obviously you won’t see anything such as discord.webhook. (actually, you wont see ANYTHING that is related to a backdoor in that script until you constant dump it) And discord.webhook isn’t even a thing, to use webhooks you send an HTTP POST request to the webhook link, nothing related to discord.webhook.
As I said above devs have been comped before or just go rogue and leak it.
And some people add place id checks to their obfuscated scripts to ensure it doesn’t work on another place.
The Variable at the beginning is linked to nothing ;p
Hey, discord.webhook is not a thing, but if he finds anything related with webhooks or discord, I suggest removing the script immediatly.
Not really.
Obfuscations prevent you from seeing the script. Thus, it’s impossible to see if it uses webhooks to communicate and log games.
Since this is just a serverside loader, it won’t have anything related to webhooks. Only require.
Also, some backdoors instead of using webhooks they use TeleportData. So basing backdoors off of webhooks is a really bad practice.
(to @travelboy0815)
This is quite obviously a backdoor. Every script that is obfuscated is a backdoor or is trying to hide something suspicious. I suggest you remove this script immediately.
Get rid of that. It is probably a virus. Most backdoors are like that