Backdoors, they exist.
@rogchamp if I remember correctly, synapse x used to be able to fully decompile games, I dont think it can anymore, this included server scripts too, they cant be edited but viewed if decompiled or leaked
Server scripts can’t be stolen via exploits. That’s pointless. They would also most likely just obfuscate the whole thing, not part of t.
Also, sorry for continuing this thread that has already been solved, but I cant find a group your a developer for with over 10k members, and two, assuming its a cafe or some sort of group that you mentioned, what would you need to obfuscate? its not like your hiding something important like a gameanalytics key, or some sort of key for something important for a cafe game.
Hmmm, I think it is, bc of the “lol” variable of the start and the weird comment (if u didnt write this). Otherwise there is no reason to obfuscate a script for a simple door or whatever. Be warned!
Its obfuscated with wallysecure, obviously you won’t see anything such as discord.webhook. (actually, you wont see ANYTHING that is related to a backdoor in that script until you constant dump it) And discord.webhook isn’t even a thing, to use webhooks you send an HTTP POST request to the webhook link, nothing related to discord.webhook.
As I said above devs have been comped before or just go rogue and leak it.
And some people add place id checks to their obfuscated scripts to ensure it doesn’t work on another place.
The Variable at the beginning is linked to nothing ;p
Hey, discord.webhook is not a thing, but if he finds anything related with webhooks or discord, I suggest removing the script immediatly.
Not really.
Obfuscations prevent you from seeing the script. Thus, it’s impossible to see if it uses webhooks to communicate and log games.
Since this is just a serverside loader, it won’t have anything related to webhooks. Only require.
Also, some backdoors instead of using webhooks they use TeleportData. So basing backdoors off of webhooks is a really bad practice.
(to @travelboy0815)
This is quite obviously a backdoor. Every script that is obfuscated is a backdoor or is trying to hide something suspicious. I suggest you remove this script immediately.
Get rid of that. It is probably a virus. Most backdoors are like that
No it cannot anymore, and I don’t think it ever could unless it was during non-FE days where there was basically no security between the client and the server.
It’s really not that hard to reverse obfuscator VM’s if you know what you’re doing. Saying it’s “impossible” to see if they interact with webhooks is quite the opposite of the truth. Opcode hooking & spoofing Roblox API methods are the least you can do to see what these scripts actually do beneath that layer of obfuscation.
It could very well of been a rogue Developer situation where they instert that and sell access to the backdoor so they make a profit.
Point is, you shouldn’t try to determine if something is a backdoor just by seeing if it has webhooks.
Don’t worry, I didn’t forget about constant dumping. With constant dumping you can get a general idea of what the obfuscation does.
People have managed to backdoor games with the use of free models, even frappe v5 got a backdoor from one.
Full on reversal or reconstruction of an obfuscated script is in the same field of difficulty if you claim you can constant dump the code he posted.