Tools to crack down on backdoors - View required asset IDs

As a developer, the issue of backdoors in games are a major problem to this community.
Yes we have the plugins/tools to automatically remove them, yes I know that you shouldn’t heavily rely on free models, yes I know that you shouldn’t be randomly downloading plugins that match what you’re looking for. What I’m suggesting is not only for experienced developers but also ones that have little experience.

What I’m asking is a way to view any and all IDs that are being used for require, how you would access this information would most likely be somewhere in F9 console where it would show a range of IDs and what script they originated from. Being able to streamline the process of tracking a backdoor to their source would greatly improve the efficiency of reporting malicious assets.

Why do I want this feature? Well, having the tools to clean the backdoors from your game isn’t going to stop the backdoor from thriving and planting itself into other games. What would make this tool extremely useful is that when used correctly and is used regulary for people that track backdoors to the source for fun would no longer have to go through the process of implementing environment manipulation at the top of the code. One of the main issues of doing this is the amount of lag a obfuscated script can do to your studio while viewing the script.

One of the positive side effects of this feature if implemented is that would essentially turn the front page of free models which the majority is botted models with malicious backdoors into a benign/safe model because of the fact that the malicious code that is being ran has been traced to the source module and no longer would function due to the report abuse button being used frequently enough.

If this feature were to be considered to be apart of this I would also recommend that this works in-game as well since some backdoors actually check if it’s being ran in Studio.

Possibly the most reasonable place to display this data would probably be under the Network tab due to the fact that requiring by Id would communicate with roblox to get the asset/module.

10 Likes

I just wanted to thank you for your feedback and for reporting exploited assets. We are working on many aspects of this overall problem of bad actors using Studio for malicious purposes, and we feel your frustration.

5 Likes

I’m hoping a implementation similar to my suggestion will come to reality. Being able to provide a single tool like this to the community would do a huge blow to malicious assets.