Require rewriter v1.4 - Protect your game from backdoors

Resources Community Resources
, ,
#1

This script allows you to stop backdoors by ‘rewriting’ the require with a whitelist soo it doesn’t execute some rando module script and get your game infected

This script is basically a Third-party asset blocker but with a whitelist

Debug allows you to see the debug message the script gives you about an id or module script

image
image1391×28 14.5 KB
This is when you require a module in your game to make sure you trust this module

image
This is when a whitelisted require executed it will print out if debug is enabled and the lol is the main module I used

1320×100 37.2 KB

This is when the id isn’t whitelisted soo it errors (it will say the error even debug false)

How does it work?
Basically, when you execute the script in the command bar in studio it will get every script in the path you gave it and it will inject a script that will overwrite the require when the game is launched and the whitelist, etc

How do add an id to the whitelist?

903×454 76.2 KB

to add multiple ids separate each id with a “,” example:{7020086929,7019417578}

How to remove the injected scripts from all of your scripts?
You put Mode into true and it will clean your scripts from the injected script from this script
(make sure you didn’t make a change to the script (like adding ids) because the script will not clean it

Does this work with obfuscated scripts that require?
Yes, surprisingly yes it does work

If you have any questions?
tell me in the comments of this thread ^^

Is this open source?
Yes, as long you give me credits I’m ok with that

Where to execute the script?
you execute the script in the command bar

What’s the seed?
put something random like example: “lolokokok”
soo it’s basically unique soo hackers can’t figure out how to replicate it and stop it from protecting

If you found a way to bypass it, please post it in the comments so I can see it

The script:

--[[Require Rewriter v1.4 allows you to stop or alert that there could be a backdoor executing
and allow to see what is requiring in the background
Made by Mimi
]]--



local Mode = false --True = remove the injected scripts from all your scripts false = add the inject the scripts on all your scripts
local Debug = true --Allows you to see the debug message whenever there is something
local path = game.Workspace --The path the script will look for scripts to inject
local Seed = "PUT RANDOM THINGS HERE" --Put some random things it's to stop hackers trying to stop it (basicly it will make it unique)

--PLEASE ONLY EDIT THE CONTENTS OF WHITELIST (the table) OR SEED IT COULD MESS UP THE SCRIPT ONLY EDIT THE REST OF THE SCRIPT IF YOU KNOW WHAT YOUR DOING!!
local lol = [[--Require rewriter made by Mimi 😎
local whitelist = {ID HERE}
local seed = "]]..tostring(Seed)..[["

local oldre = getfenv().require
local debug = ]]..tostring(Debug)..[[

getfenv().require = function(v)
if tostring(type(v)) == 'number' then
if table.find(whitelist,v) ~= nil then
if debug == true then
print("Security Debug :: Id:"..v)
end
return oldre(v)
else
error('Security :: This assetid hasnt been whitelisted id:'..v..' and will not be executed!')
end
elseif tostring(type(v)) == 'userdata' then
if debug == true then
warn('Security Debug :: Make sure you trust this instance because it will be executed Instance:'..v:GetFullName())
end
return oldre(v)
end
end
local debug = ""
local whitelist = ""
local seed = {}
local oldre = {}
local getfenv = function()
end
local cor = coroutine.wrap(function()	
local cor = "same"
local compare = require	
spawn(function()		
while true do			
game:GetService("RunService").Stepped:Wait()			
if require ~= compare then				
error("Security :: !!ALERT!! REQUIRE HAS BEEN OVERWRITTEN A BACKDOOR COULD HAVE BEEN EXECUTED SCRIPT:"..script:GetFullName())
end		
end	
end)
]]

local lol2 = [[

end)
cor()
]]

if Mode == false then
	print("Require rewriter is currently adding a script to all your script.")
	for i,v in pairs(path:GetDescendants()) do 
		local sus = string.lower(v.ClassName) 
		if sus:find("script") then 
			local funny = v.Source
			if not funny:find(lol, 1, true) then
				v.Source = lol..funny..lol2
				v.LinkedSource = ""
			else
				print("Found already existing script in game."..v:GetFullName())
			end
		end
	end
else
	print("Require rewriter is currently removing the require rewriter script to all your script.")
	for i,v in pairs(path:GetDescendants()) do 
		local sus = string.lower(v.ClassName) 
		if sus:find("script") then 
			local funny = v.Source
			if funny:find(lol, 1, true) then
				v.Source = string.split(funny,lol)[2]
				local funny = v.Source
				if funny:find(lol2, 1, true) then
					v.Source = string.split(funny,lol2)[1]
				end
			end
		end
	end
end

print("Done! Thank you for using Require rewriter by Mimi!")

if you find any bugs please send a comment on the thread

Enjoy ^^

20 Likes
#2

Require rewriter v1.1 released

  • Removed attributes for checking if already is injected now using better way
  • Added better way for checking if the script was injected in it
  • Added Seed to stop hackers from guessing the script (to break the checks)

Enjoy ^^

2 Likes
#3

Require rewriter v1.2 released

  • Fixed an attack that used LinkedSource that bypassed Require rewrite now will remove the LinkedSource (Please stop using LinkedSource use something else it’s Deprecated)

Enjoy ^^

1 Like
#4

This resource works wonderfully, and I can’t think of a way to bypass it, though I’m not an exploit creator obviously. The only thing is that the code is really long and bulky, and difficult to paste into the Command Bar each time. Is it possible to port this to a plugin? I’d even be willing to help out if you’d like.

1 Like
#5

Yes, I thought of making a plugin for it but I’m bad at GUIS soo it will look more confusing then helping

1 Like
#6

This is pretty nice, I might make a plugin of this so it can be more easier to do this if I can.

1 Like
#7

Cool make sure you credit me for the script ^^

1 Like
#8

image
image957×186 32.4 KB
:man_shrugging:

#9

What are you trying to say?
yes doing getfenv().require is easy
but I’m just adding a whitelist trying to help people that don’t want to do that or want to learn

1 Like
#10

getfenv().require = nil will remove your overwrite.

2 Likes
#11

Imma release the patch soon (I found how to fix) let me edit the script

1 Like
#12

Require rewriter v1.3 released

  • Made Getfenv() completely useless on a injected script (a bad patch but I decided to first try out this patch and see if it’s bypassable)

Enjoy ^^

#13

Does this stop users from flying in the same time can my admins use normal admin to fly?

2 Likes
#14

All this does is rewrite the function of require, so it doesn’t stop exploiters from flying. It just stops backdoors from affecting your game.

2 Likes
#15

Require rewriter v1.4 released

  • The script will detect require overwrites and alert telling the user that this script is currently overwriting require and could be a backdoor

Enjoy ^^

1 Like
#16

Yo can I get credit for finding the Linkedsource method tho?

I was the one who pretty much invented it and used it for my backdoor called “Lox” and “Project Obama” before I quit

1 Like
#17

you’ve not invented using a decade old roblox feature sorry to disappoint

2 Likes
#18

True but still I found a way to use it after it was depricated before everyone else. Other people claim their methods as theirs why can’t I lol?

#19

deprecation does not mean change in behavior; i can assure you that you were not the first one to discover it (i first saw it in use after private modules being patched) and that the other people who claim they did are as wrong as you

#20

Ok you won the argument and I agree with your statement, have a nice day!