Due to a recent event where a game I am a part of the development team on started seeing a lot of severe server-sided exploit issues (Which we found really odd as the game was FilteringEnabled and had been coded with security in mind by experienced scripters) I have created a plugin which detects and removes hidden infections in the game. The short of the problem was that a malicious plugin injected a serverside backdoor into the game that was unable to be viewed or in any way detected by the user except in rare cases. After extensive searching in the game’s data that ultimately lead me to open the game’s place save file in xml into a text editor and reading line for line what was being stored I found the infection hiding in the “CSGDictionaryService” instance which is RobloxLocked security context level 6 (meaning neither plugins nor command bar has authority to index or otherwise touch that service.) They did this by abusing a glitch in the roblox engine which allows you to parent objects to robloxlocked instances but never be able to retrieve them again. I made a post about this in the exploit reports section of the forums and after consulting with other developers I wound up finding a method I could use to remove the infection from within plugin authority (script context level 5) and after tinkering on it a bit I have gone ahead and released this to the public. The plugin can remove any hidden backdoor/infection scripts that are outside of the proper areas as well as scan any existing script in the game for known infection code. Once found you can choose to either “Store” the infections found into a new folder in ServerStorage named “Infections” so that you can view their sources or “Delete” the infections found entirely from the game.
tl;dr: This plugin can remove infections injected by malicious (usually copied) plugins that would otherwise be difficult to remove.
How to use:
- Open your game
- Go to the plugins tab at the top
- Click the “Scan for infection” button in the toolbar
- (If the scan finds an infection) Click either “Store” or “Delete” in the GUI that opens.
- Check the output window for information. (Go to View -> Output if you don’t see the Output window in Studio)
As of V2.1.0 this plugin now also checks for known malicious plugins. If you find a plugin with a malicious script that injects an infection into the user’s game please post it into the megathread so that I may add it to this plugin’s detection list and we can make it easier/faster for other users to be made aware of the malicious nature of the plugin as well as the original non-malicious plugin if known.