V2.1 - Plugin: Hidden Backdoor/Infection Script Detector (Detects/Removes infections from malicious plugins)

Maybe the script already does this, but why not include a whitelist of instances that belong under services? This way, the blacklist can inform you of a virus while a whitelist can inform the user that something isn’t as expected under a service, whether it’s an instance with a name that doesn’t belong, or more than once instance of the same name when there shouldn’t be more than one.

Mainly because due to the open source nature of plugins and the exploit creator’s continued monitoring of the plugin it would open a security concern where the exploit creator could simply inject the infection script’s name into the whitelist (since the only way to save data in plugins is with the plugin:SetSetting() function) so for security purposes I have it scan the source code of the scripts in the game instead of the names or locations. I also have a setting (default to on) that if there is a script in any container that isn’t directly explorable in studio (meaning the service doesn’t show up in the Explorer window in studio) then it will treat the script as an infection and contain/delete it. For his recent attempt to circumvent my plugin where he injected code directly into the source of pre-existing scripts (which he ultimately reversed because he feels this makes it too easy to have his backdoor found and due to the low popularity of my plugin he is more concerned about having the games he already has infected find out about the infection and take steps to remove it) I built a secondary scanner which doesn’t quarantine the entire script but instead replaces his infection code with a harmless comment to prevent it from damaging the game. These two systems together make it extremely difficult to put infection code into a game and even more so to do so without being caught… and even if they do make a new infection script all it takes is one update to the modules/plugin and the system will be able to find and remove it the next time the developer opens studio with my plugin installed.

9 Likes

Didn’t realize we were playing Spy vs Spy here lol

By the way! As far as I know the settings for a plugin is basically impossible to access from outside that plugin. There’s one for local plugins and one per each installed setting and they’re self-contained, so you should be fine with settings.

5 Likes

Great to see this. Thank you for creating something that Roblox should probably be doing automatically anyway.
Found a few things in team create places I’m involved in but nothing in my own places. Makes sense given all I generally use is Stravant plugins

Good idea but keeps marking all my scripts as viruses so had to uninstall the plugin.
The settings GUI could use work too, way too messy.

2 Likes

Yeah, the GUIs are terrible. They are meant to be temporary as I just kinda threw this plugin together rather quickly and such.

As far as the system marking your scripts as viruses I apologize for that. If you could send me one of the scripts that it’s incorrectly marking then I’ll look and find why it is marking the script as a virus. If it is a false negative I’ll remove the corresponding string that’s flagging it since it is too general.

1 Like

When I activated my plugins, the scripts were detected as a virus

I understand. Would you please send me one of these scripts? I’ll make it not detect as a virus anymore.

The plugin is detecting RigEdit as an infection, but I believe this is a false positive.

Code: https://pastebin.com/BP3Jepdd

2 Likes

I looked into it and saw that this plugin is parenting itself into “CoreGui” which is by default an unviewable location in ROBLOX Studio. I’ll work on making a whitelist system where if the plugin flags a script as infectious when it isn’t you can whitelist it (and send me the script so I can globally whitelist it if you want) to prevent the plugin from flagging it.

Until I push this update out you can stop this from removing it by disabling the setting for treat all nonviewable locations as infectious.

Version 2.0.0 is now out. Featuring a full GUI overhaul, full control over what services you allow “Scripts” to be inside of, script whitelisting (Note that if the script’s source is changed then it will have to be readded to the whitelist and enabling the script whitelisting setting will slow down the scan speed quite a bit… though I did make it not lag studio so you can continue working while it scans), a few more settings, and audio cue/response when you click buttons or events happen (can be turned off in the settings.)

Soon to come in V2.1.0: Automated infected plugin detection and alert system to alert the user if they have a plugin in their inventory that is known to be infected/malicious.

7 Likes

Awesome! Thank you for your efforts. :smiley:
I’m sure it will help a lot of developers.

edit: It’s looking really nice now :+1:

I’m getting this error whenever I click Scan for Infection:

image

1 Like

Patched. Please update the plugin (Now version V2.0.1) and it won’t do this anymore. Made a small mistake when I was building the service whitelist system and if the game wasn’t able to resolve the whitelist name to a service with game:GetService it would cause that error. I’ve fixed it so it knows if it needs to use GetService or not.

Edit: Also added a “Reset to default” button for the Service whitelist. Soft update push. Still V2.0.1 but you can update it for this button if you want to.

3 Likes

I’m on the latest version and still getting these errors.

image

Regardless, brilliant plugin, thank you so much!

1 Like

Hmm, I can only suspect that some service that is in the default list isn’t in the game by default or something. Either way I’ve just pushed another patch. Shouldn’t have that issue anymore as of V2.0.2

1 Like

On some larger games, the plugin uses lots of CPU and studio stops responding.

1 Like

Pushed a hotfix to correct this issue. V2.0.3 will slow the scan speed if the plugin sees a lot of instances. (What is happening is the plugin is looping through all instances in the game really quickly without yielding the thread so if the game has a large quantity of instances then it can slow down Studio rather heavily.

I’ll likely tweak this and make it not slow down as much if possible. (Introduce a random chance to the yield so that it will scan in short bursts instead of individually for this hotfix, increase/decreasable in settings) Expect this for V2.0.4

3 Likes

Alright, Thanks!

V2.0.4: New options are now available in Settings. You can now choose how many instances before the plugin starts delaying the scan to ease up on the CPU and the percentage chance that the delay will occur. (So if you have the game instance count set to 500 then the plugin will only start chancing the delay if the total number of instances in the game is above 500)

3 Likes