The Locksmith - Plugin for searching backdoors [3.0]

Introduction

Hello everyone. I’m tired of seeing backdoors on the front page, so I decided to create a plugin to counter this issue.

How do I use it?

image

Click on this button to toggle the UI. Now you should see this:
image

Now you just need to click on Scan Game, then click on the Scan button, and it’ll look for backdoors inside of your game. It’ll display a list of all backdoors, like this:
image

It’ll display the paths to the detected scripts along with the probability of them being a backdoor.
If it’s above 50%, it’s probably a backdoor, if it’s 100% or above, then it’s definitely a backdoor.

I created this plugin in a certain way so that it won’t delete the detected scripts, since there’s a chance that they might not be backdoors(Admin scripts sometimes look like backdoors)! You can click on the gray buttons, and it’ll select the desired Script. If you’re sure that all of the scripts are backdoors, you can now press Select All, and press the Delete button on your keyboard.

You can contribute!

You can make backdoor detection better by contributing here.

Fin

If there are any issues in this tutorial or the plugin, please tell me! Feedback is appreciated(you can also contribute!).

Note that this plugin isn’t perfect, it won’t find 100% of all backdoors as @Legoracer said.

Edit: 2.0 is out, changed the plugin link to go there

Edit 2: Updated tutorial to be up to date with new UI overhaul

Edit 3: Whoops, we made a mistake. Very strict keywords were in our scan list, we will remove them.

Edit 4: Very stable version is out, Locksmith is back up.

Edit 5: Changed some topic images to match the UI of Locksmith 3.0.

32 Likes

You should probably mention that it isn’t 100% find-rate, since it wouldn’t find a lot of things I can think of.

4 Likes

Looks great. I do like the name of it, very clever to link it in with backdoor detection!

2 Likes

Very nice plugin. Thank you for making this. I will use it whenever there is a backdoor in my game.

Also @TheBestKieranat10, I would suggest not using unions in your builds unless you really need them since they are really bad for performance and often get corrupted. Also don’t go straight into blaming the plugin, it was probably a coincidence.

2 Likes

Hello everyone 2.0 Is now out! https://www.roblox.com/library/5051433756/Locksmith

Im a Programmer here at Locksmith. Some updates will be coming soon for more better dection, It detects by reading scripts. More phrases used in the scripts soon. We will also include a list of words detected in the documentation

Sorry its off sale i forgot, Made it onsale.

3 Likes

A nice and useful plugin. UI could have some improvements, but overall it looks fantastic. Good job!

2 Likes

It was not the plugins fault, Simply ROBLOX Bug he caused , was not our fault or the plugins.

UPDATE
Made the scan and update list auto update so I dont gotta create it myself, Was only detecting 4 backdoor phrases, Now detects over 118 Backdoor/Virus phrases

1 Like

Yes, I did not understand that before.

1 Like

Well, you need to updaye the plugin unless this is a malicous script…

while true do
script.Parent.Text = “Welcome to John’s Cobras Fort Fang”
wait(10)
script.Parent.Text = “If you want to join John’s Cobras go to people and search for us on groups”
wait(10)
script.Parent.Text = “To switch teams please use the GUI at the left of your screen”
wait(10)
script.Parent.Text = “Raiders must join the raiders team for raids to count”
wait(10)
script.Parent.Text = “Raiders, to win stand on the flag and wait for the timer to reach 0.”
wait(10)
script.Parent.Text = “Rules: No flaming, no autowins (ever) - failure to abide by these rules will result in ban”
wait(10)
script.Parent.Text = “Raids ONLY COUNT if there are 3 or more JC/JCEmpire in the server. Good luck!”
wait(10)
end

But other than that I love this plugin :smiley:

Thank you for your feedback, however I don’t think there’s any way the plugin would detect this sort of script, and if it could it would lead to a lot of false positives(there are non malicious scripts that change text in a while loop).

edit: I could make it so that it searched for keywords like “John’s Cobras” but there are probably many scripts like this that don’t have that in them.

2 Likes

Alright, I decided that the old version of Locksmith was a bit bloated and there were just way too many options, so I made this new better version. Introducing Locksmith 3.0:

Much better backdoor detection than before, goes to the end of module chains, displays a probability of something being a backdoor instead of a plain yes/no, automated testing, etc.

You know what’s even better? You can contribute!

You can also report any bugs you find in the Issues page of the repository.

If you’re also curious whether the source of this plugin is malicious or not, run the following in your command bar and the plugin source will be inserted into the workspace. You can also take a look at how it works(i made sure that the code was clean):
game:GetObjects("rbxassetid://5476045255")[1].Parent = workspace


Have a good day!

(I’ll probably force Locksmith 2.0 users to use 3.0 sometime this week, when it’s stable).

2 Likes

I suggest instead of using white text on green background (its impossible to read and hurts people’s eyes); to a black/really dark grey background with white text (and with syntax highlighting) as that is wayy more appealing.
Overall, great job! :+1:

1 Like

By the way, this is a really bad way to check for possible “viruses” in a game.

function isVirus(scrpt)
	local src = scrpt.Source
	local lines = string.split(src, "\n")
	for _,v in ipairs(lines) do
		if string.len(v) > maxLineLength then
			print("Maximum line length exceeded of 410 lines, the Locksmith has detected a 'possible' backdoor")
			return true
		end
	end
	if stringContainsOf( src, nonos) or stringContainsOf( scrpt.Name, nonos) then
		print("The Locksmith has found a virus.")
		return true
	
	end
	
	return false
end

Pretty much what this function does is check if the lines of code in a script are > 410. I don’t think I have to explain why this is a bad idea. I will credit you guys on the “possible” backdoor as long as it displays that it’s a possible backdoor; which means not just printing it. Also, your “nonos” module contains things like getfenv game:GetService("TeleportService"). While getfenv is not so common, TeleportService is, therefore, a bad idea to include it here.

A very basic plugin that could use a lot of improving. And don’t take this feedback as critical; you can’t detect a “virus” in Roblox so I understand you guys worked with what you had. Just consider the points I made. I think another way of detecting “viruses” is to check if the script is constantly creating messages/hints in loops.

2 Likes

Thanks for the feedback! By the way this was version 2.0 of Locksmith, which had many issues in the UI, the code, etc. Version 3.0 has had many improvements, I’d definitely appreciate it if you take a look at it and give us some more feedback! :slightly_smiling_face:

2 Likes

I would love to! Just shoot me a DM when it’s complete and I’ll take a look.

1 Like

This is neat! This is definitely a process that can be streamlined through a plugin. I’ll send pull requests to the project page if I notice any good additions I can make.

1 Like