V2.1 - Plugin: Hidden Backdoor/Infection Script Detector (Detects/Removes infections from malicious plugins)

studio

#62

I’ve always used this single line for backdoor detection. :stuck_out_tongue:
for _, x in pairs(game:GetDescendants()) do pcall(function() if x:IsA("Script") then if string.match(x.Source, "require") then print(x:GetFullName()) end end end) end
Won’t work too good if you have a lot of modules…


#63

I ran it and it found a script as a virus (it wasn’t so I just ignored it), but then if I scan again the scan icon keeps loading and never finds anything so it just runs for eternity. Is that suppose to happen if it finds nothing? Why not make a prompt saying that it found nothing instead of running for eternity?

edit: it appears a few times it will say Infecton not found, but other times it will run for eternity (its been 30 minutes theres no way its still scanning)


#64

Unfortunately that doesn’t work for descendants of RobloxScript locked instances because they inherit the permission of its parent.


#65

Plugins can access RobloxLocked instances? Didn’t know that… :frowning:


#66

The way RobloxLocked instances work is kind of funny, actually. You can get a reference to an object through whatever means (usually GetService or FindFirstChild) and do whatever you want with it, including setting the parent of something to it, but if it’s RobloxLocked you can’t index it directly.

Plugins can access normal RobloxLocked Instances like the CoreGui just fine, but stuff like the CSGDictionaryService requires elevated permissions so you can’t directly index them. That’s why this plugin is a thing to begin with. I mentioned RobloxScript locked specifically because of this weirdness.

I have a bit of a more in-depth explanation for permissions here if you’re interested. It’s mostly unrelated but it defines script permissions and what RobloxScript means.


#67

They can’t access them or their children through normal means (i.e. game:GetService(“CSGDictionaryService”):GetChildren() will error) but you can set something’s parent to them (i.e. local Test=Instance.new("Script") Test.Source="--No print plz" print("Changed source") Text.Parent = game:GetService("CSGDictionaryService") print("Parented to RL object") wait() Test.Source="--Whoops, this won't work since it is now a descendanct of a RL script context level 6 parent" will change the source (to stop an unremovable Hello world console print) then parent the new script to the RL service but by doing so it will lose access to indexing or otherwise altering the script.) This is an engine permissions glitch that roblox intends to correct but for now a lot of malicious plugins are abusing this to inject backdoors into protected services in order to hide them from the developer and gain server-side execution access for them to execute whatever they’d like into the developer’s game.


#68

I’m having a concerning problem, and without this plugin I don’t think I would’ve found it. Every time I start a new game in Studio and run a virus scan it always detects 2 infections. This can even be a baseplate and it still detects it. So what happens now? Is my Roblox infected or something? How can I get rid of those two viruses?


#69

Check your plugins, try removing them one by one and seeing which you have to disable to stop this plugin from detecting them.


#70

Ah that fixed it, thanks. I found a phony Plugin and got rid of it and the viruses don’t pop up anymore. I still have a problem of being unable to show a DestroyedMenu though. I don’t know whether if it was because of a bad plugin or if Roblox Studio was missing some files. Here’s my output when I right click on assets from the ToolBox.

16:25:45.061 - Unable to show a destroyed menu
16:25:45.062 - Stack Begin
16:25:45.062 - Script ‘Plugin_-1.Plugin.Core.Components.Asset.Asset’, Line 152 - field method
16:25:45.062 - Script ‘Plugin_-1.Plugin.Libs.Roact.SingleEventManager’, Line 41
16:25:45.064 - Stack End


#71

That’s a bug with the ToolBox plugin. Nothing to be done about it for the moment. :slightly_smiling_face:


#72

So it’s a Roblox update issue? Wow here I was trying to backtrack my 100 plugins.


#73

Yup. Just a bug with Roblox for the moment.


#74

I’ve already posted a bug report here, if you like the post it will show support and it is more likely to be noticed by staff if not already.

Also yeah, I was confused at the error at first as well.


#75

I did this on Boho Salon too and I decided to store it on the old version, then I updated and it’s just been running on and on and I know it’s still there as I checked for myself in the XML file.