V2.1 - Plugin: Hidden Backdoor/Infection Script Detector (Detects/Removes infections from malicious plugins)

You’re not alone. The same error shows up on my end. So I assume everyone is experiencing this.

2 Likes

@Christbru01 Any plans on updating your plugin?

I haven’t messed with it in a while. The reason this error is occurring is because ROBLOX recently changed how tostring works and it no longer is immune to class security checks (meaning you can’t use it to obtain the name of RobloxLocked assets that are higher than your script’s security context.) I personally am against this change because it limits what we as developers have access to when attempting to build in advanced exploit detections and such but I guess I can see why they would like to do it if they intend to name any asset something sensitive… not that they should but eh, just my opinion. Either way this broke a lot of my work including this plugin so I’ll have to go in an repair it by replacing tostring with something error tolerant or just remove the use of tostring altogether. I’m just not certain if I should or shouldn’t repair this plugin as the main exploit this was created to combat has been patched… though the exploiter or anyone like him can still do script hijack exploits like he was doing when he was trying to code around my plugin which I assume is what he will be falling back to now that the hidden location script execution has been patched out (assumedly.) It is basically a conundrum of if this plugin is even really needed anymore or if the issue it was there to correct is relevant to the needs of today’s developers. If there is enough request for this plugin’s repair then I guess I could… it honestly wouldn’t be too difficult to repair back to it’s previous functionability. Just leave a heart on this comment or DM me or reply if you feel this plugin still has value and should be repaired. (Preferably one of the first two as I would rather not bump the thread constantly with people asking for repairs or supporting the repair of it.)

15 Likes

How exacly does it detect a malicious asset?

I think it uses a blacklist which developers can contribute to which flags known malicious assets.

Also, although this feature isn’t needed anymore, it looks for scripts (or something which is placing scripts) in hidden areas, like tween-service. However, this exploit was patched and that particular feature isn’t as important as it was.

1 Like

Have you tried something like this? It’ll catch an error if it can’t get the name, and if it did, it’ll return the name.

local function GetNameFromObj(Obj)
     return Obj.Name -- Returns the object's name.
end

local GotName, NameReturned = pcall(GetNameFromObj, Object)
-- `GotName` will return true if it got the name, or false if an error occurred when attempting to return it.

It’s probably not the best way, but it’s the best solution I’ve found to prevent errors when getting an object’s name.

1 Like

Here you go, the tostring fix I made.

local to2str = tostring
tostring = function(o)
    local a 
    local hi, err = pcall(function()
        a = to2str(o)
    end)
    if not a then
        local m = getmetatable(o)
        if m and not m.__tostring then
            m = {
                __tostring = function(self)
                    local _M, _N = pcall(function()
                        return self[1]
                    end)
                    return _N:gsub('%d+ is not a valid member of ','')
                end;
            }
            a = m.__tostring(o)
        end
    end
    return a
end
print(tostring(game:GetService('CoreGui')))
1 Like

Solid work though you should also mention that it doesn’t get the name of RLed objects but the class. Still, nice code.

I’ve gone ahead and repaired this plugin. Simply update it and it will work the same as before.

I’d been stalking this thread waiting for the update and I decided to do a malicious plugin check by running it on an empty baseplate…which it called a large game in the console.

The settings say 2000+ instances make a large game. Is it also counting instances in my plugins (which I can’t fathom having that many), or is this a bug?

I am pretty sure it goes through all instances in the game (2k+).

print(#game:GetDescendants())

It includes roblox’s too.

1 Like

Just pushed a bug-fix to the plugin. If you’re using it make sure you’re on V2.1.3 or else the new addition to the known infections list will cause a lot of false positives! (My smart search function wasn’t working as intended and it was flagging anything found in the table instead of acting as a wildcard system like I had intended. Forgot 3 lines and it caused 150+ false positives when I added another infection with a lot of wildcards to it.)

2 Likes

For some reason I have two of the same plugin on my plugin bar.
2ofthesameplugin
Was this for the purpose if it failed to load one, it created a backup?

Hey there, dunno if this is still a relevant issue (since I think I’ve seen it earlier in the post)
But anyway, the ‘Scan for Infection’ button keeps spinning indefinitely. No errors pop up.

Plus, another anomaly I noted was that the plugin stated the following:
“Large game detected. Slowing scan to prevent CPU overload and/or Studio freeze-up.”
In a game that had about 5 parts (not including the character)

Thanks ahead of time :heart:

P.S. I just installed it too, so it probably shouldn’t have any ‘old version’ issues, right? :man_shrugging:

8 Likes

Please try to figure out what causes the “Scan For Infection” line to spaz out. Spazzing out plugin icon is offsetting no matter how often you use it.
Also, Consider changing the text to “Scanning for Infections” or “Cancel Scan”.

Additionaly, it would be nice to have some form of progress indicator.
Like, “Scanned 100 items” “Scanned 1K” … Or, if we count items first, “Scanned 1.2K of 3K” “Scanned N%”
For larger games, it often feels like its not doing anything but spinning. So it would be nice if it told us that we are, without a doubt, actually moving forwards. Update status every N seconds (lets say N=10 as default)

8 Likes

Agreed, it’s very difficult to tell whether or not it was actually scanning. I left it scanning for an hour, and it has not shown any progress whatsoever. Hopefully this gets fixed soon! :grinning:

38 Likes

The plugin detects other clean plugins and my own plugin scripts as viruses. It seems to be assuming every script in coregui is bad. Here is one of my scripts that it calls a backdoor:

script.Parent.MouseButton1Click:Connect(function()
if script.Parent.Value.Value == true then
	script.Parent.Value.Value = false
	script.Parent.Text = "Disabled"
else
	script.Parent.Value.Value = true
	script.Parent.Text = "Enabled"
end

end)

1 Like

This is because by default CoreGui is a hidden location. The plugin will flag any script found in hidden locations regardless of their source. You can alter this by changing the settings in the plugin to make it not view CoreGui as a hidden location if you want.

1 Like

Ok, but you should add a system where it checks if it’s a script from a well-known plugin at least.

1 Like

Roblox can’t support locating the plugin a script originated from at this time. The only similar option I would have is to add a source-whitelist where I’d have to update it every time the plugin maker alters their injected script.

1 Like