There's a 2nd require you didn't check out. It's almost definety giving players that are friends with that account server side acces to run code in your game
yep, this comment needs more attention because it is true. i did some snooping myself and i found a gui. also just noticed something at 1:10 there is a second require he didn't explain!
@@GnomeCode what he means by serverside access is one of these: ruclips.net/video/-viLsrdWiH4/видео.html. they can be really destructive and have their own executor to run serverside code.
It is actually a back door, the second require is giving his friends access to it, the web hook is sending so the creator knows which games has his back door so he can target you.
as a person who's made backdoors in the past (to test legally on my virtual machines) I can tell that really looks like one, ofc its not an actual backdoor that'd be kinda impossible for roblox but looks something alike
whoever made this backdoor is very novice though no checking for http which could cause errors, making a lot of the code exposed so people can easily find out its a backdoor, making it send a webhook each time someone joins the game rather then sending it once
it is, sends a webhook to a discord server saying the game is infected, players who are either in the group of friended with the user can then use scripts on the server
@@keenico7730 dumbest shit I’ve heard “nO chEckIng foR hTtPs” maybe because they want the code to be less ominous ever thought of that? Adding an https getservice is the most obvious thing that can tell someone “oh shit it’s a back door”
I suspect that the reason they obfuscate the code is so that people who don't know much about scripting would think that the code is just there in order to make the model work, so they'll be tricked into leaving it in their game. Also, as to the reason why they would need info about the game, it's most likely so that they can gather a list of games that they could possibly send bots to crash the servers or mass dislike it. like GnomeCode said, "if you don't know what the script does, remove it" 💯
It's an ss script so they can pretty much exploit with what they want i mean like they can do whatever especially if the dev is in a game with people the in the game the model is so they can execute whatever script they want even the most inappropriate stuff
yeah, this is why it's really important to check free models, especially the description and name because lots of bad models come with repeated descriptions like "Tree Tree Tree Tree Tree" to bump them up to the top of search
Hey its a backdoor that is called exilium. It allows players that are in a duscord server see the game that got infected with the virus. Players can execute scripts for trolling players or killing players
Wait a minute... if it's sending a discord thing telling them a game is infected and they can exploit in it then what if I only remove the backdoor and not the notification? Is that a way to do a little trolling?
@@gabrielc7861 Better if I would allow them to troll people in my game then find them using OSINT including their real address, full name, parents and post it on v3rm and other forums.
He made another one. I wanted to see this script for myself, only to discover that it contains another script entirely. Its only one script this time. I've been trying to make since of it, but it would be very helpful if you could make a video on it.
I really like dangerous code breakdowns, if you can please do this again! Nice and easy to understand and also very interesting as you start to break it down limb by limb.
I used to backdoor roblox games and such in my free time (i dont anymore dw). The only reason this specific info needs to be posted to a discord server is if you were infecting the game with a backdoor, as to alert other users of the serverside to the fact that the game was infected. so yes, it is actually malicious.
alright, i used to work on stuff like this, let me break it down so the code seems to insert an SS executor (watch youtubers like Dark Eccentric for 5 minutes and you'll see what im talking about) into the game via that little bit of code the user with the bunch of random characters is sort of a whitelist system for the SS, adding users who buy it via an automated bot system, the code checks if someone who joins the game is friends with that whitelist dummy account and injects the GUI into the person the GUI itself allows users to execute serversided code like grab knife that allow players to pretty much bypass FE, the inserted require is probably a system to check if a game is active and send logs of its servers to the SS's discord
If your wondering what this process is This code has been "Obfuscated" The term obfuscation is basically making your code unreadable and not understandable Obfuscation nowadays (Luraph, MoonSec v3, 77Fuscator, Ironbrew2, LuaSeel, clvbrew, Defaultio's Obfuscation (which this malicious code was obfuscated from), and etc) are very secure in they're own ways having anti tampering scripts and other professional stuff that make your code unreadable This obfuscated code right here is trying to hide constants inside a string by using a code mutator that changes these values into hexadecimal value. The process GnomeCode is doing here is called Deobfuscation Hope this helped :)
Theory: The Free model uses that script to tell a discord server when a game is public so a group of people could go attack it e.g hack in it or spam to ruin your game... or it's just a bored developer wanting to play a new game. or someone doing a survey to see how many people fall for free model Viruses.
@@3hukwuma There is a second script that he didn't cover in the video that means everyone who is friends with that user gets commands to hack the game, meaning if you use that model, they will know the link of the game, join it, and ruin it
so the first function gives the discord server info on the game also letting members know that its now back doored. the second function detects if the player is friends with that alt account & if it is it gets backdoor access. -I think-
Ex-backdoor dude here. These scripts are extremely common in free models, when I was doing my own investigative work, I found one every 3 free models. Usually they allow a (whitelisted) list of players to execute lua code serverside (as opposed to clientside lua execution, like Synapse X). With my own system, it was anyone within a Roblox group got backdoor access (a menu where you could type or paste lua, including some pre-saved lua scripts and execute it). Then when a backdoored server goes online, it notifies us in a Discord server using webhooks of which server and a command you could input into the Chrome/Firefox javascript console to automatically start Roblox and join that server. Honestly it was quite fun doing it.
@@hydramadness My group was not the only one, there are THOUSANDS of other little groups spreading these virus models around and using them. I wasn't the only one, and until Roblox moderators don't get behind all of this (which has been going on for a while) game creators that use free models will have to rely on checking if models they use have scripts in them or not.
@@SVENY Yes, just simply do it for the one you were in and the discord, of course i knew there was more than one, u can provide the group link and discord link for your ones, go on. You won't.
As of right now scripts inside of studio can’t do anything to your account, most of the time it is just a server side exploit or selling you expensive clothing. The most malicious thing they could do is put inappropriate images/models/audio in your game to get you banned.
Moral: Be careful with models in the toolbox, I recommend you to do the models yourself, My first time as a dev using anything I found in toolbox was a mistake. Now after 1 year, I learned from my mistakes. However I'm not forcing you to stop completely, I mean, just use the toolbox only a bit and if your gonna use one. Check EVERYTHING, the scripts, the instances, EVERYTHING So your game is 100% virus free. Hope it helps.
this is honestly really cleverly set up, require scripts to obscure the models, unreadable codes to hide from moderation and other coders looking into it, all the way to sending all the available games to a server so they can easily exploit it, shows that exploiters have become very advanced within the past few years
There is something that the creator tells the user who used the creator's model, it is like this: ----------------------------------------------------- THANKS FOR USING MY MODEL! ----------------------------------------------------- But, some models has a code in it, it is like: _________________________________________ Thank you so much for using this model! _________________________________________ (Insert virus string code, IP logger, etc.)
Seems like it's just in the experimental stage for now. Likely testing to see if it works in smaller games that will use free skyboxes since they're time consuming to make, then eventually throwing a more advanced version in commissioned assets is my guess.
Lol I saw this video thumbnail and I thought the gnome was the model 😂 so when I saw your channel with the same model I left imidiatily. When I saw the video I was confused because you were talking about. But the think was damn sky box 😂😂
A fun series idea Search up a few names in the models section(names like tree,spawn,zombie,house and etc) and get a bunch of free models and check if they are a virus
ive been in a discord server which was a serverside backdoor thingy, basically what that script does is when someone plays the game, it sends the game info in their discord server, and if theyre friends with that sus account, they get serverside access and can destroy your game (sorry for my bad grammar lol)
i am working on a piggy fan game and when i was wondering what to do i found you u are the first roblox channel i subbed to ur videos helped so much thank you :)
@@GnomeCode Cool l love your Teddy vids I have ben working on a game like Teddy But the AI crashed:( Can you help? There is no error in the output My bot moves in the middle of the waypoints
It most likely is a back door. The first script with the two PlayerAdded events required two different scripts. He only checked one of them, so we can assume the other module being required is the actual planted executor.
8:57 The discord server the webhook is integrated contains all the other info of other roblox games and that script makes the webhook post info using internet magic.
moment i saw require i just knew it was a backdoor, also the fact that its checking a guy's friends list means a whitelist and if it wasnt obvious enough then the logo and the name was the giveaway
😳🥶 i knew it. my friend told me about one of these. he was in a discord server with one of those web hooks D:. if a player joins that game (in that server with an exploit) it allows them to run code (server code like requires to troll)
the game id is printed into a discord channel which is then used to show that the game is backdoored (for ease of access to a backdoored game), they can run bypassed requires which basically are filtering disabled scripts (exploits) that show server side
yeah I have made quite a few backdoors like this and gotten access to a lot of the top game like mad city, jailbreak, meep city using a cool blur effect that a lot of games like.
Roblox doesn't sensor scripts there is a plugin to deobfuscate and obfuscate code they were using minimal effort the script was made by them sure but the plugin did a lot of the work. Obv not sharing the plugin.
I’m I create server sides and backdoors you’d be surprised to how many there are I created Stamp SS and I’m partnered with other ServerSides such as floppaware, strategy SS, teefus, pact SS, Topk3k and cephalon
I figured it out abit early why they had this, it's mostly definitely a discord server with a tracker of games with available backdoors exclusive to the friends of the selected user. Abit strange not to point this out in the video.
dude imagine making a backdoor with lots of users and someones exposes it on a tutorial on how to find backdoors! they must be so angry lol one of my favorite things is to just mess around with recently updated models and destroy the webhooks with spam
I used to exploit and basically, it sends it to a serverside like Sympex, Exoliner, etc. and it makes it so buyers of the script can see what game is infected so that they can run scripts inside. Remember those old roblox exploiting videos? Pretty much that but more complicated.
wallop560 mentioned about the 2nd require, and yes i was about to point that out, but he told it, so i'll just explain how this thing works FROM my thoughts: - The webhook sends data to a discord account - If that game GETS popular and its recently updated and stuff like that, they'll exploit in it - Then the 2nd require will help them have access to run server sided code in the game (as wallop560 said) This is how exploiters are trying gain access to one's game, so everyone out there, be careful alright, we dont want these problems to happen
It's just a backdoor to give Access whoever the person is and their friend a server side to run codes in your game which could potentially ruin your game
Strings that have discord in them r connected to automatic bot on server and if you add current model, he send notify to channel like "our serverside is now useable in (game name)" so yeah it mostly to use serverside scripts
I know it's a bit too late but you could've sent e post request with a delete method to obviously delete the discord webhook, and so the script would globally be broken for everyone who tried to use the "virused" skybox asset
Once, I used a model to handle DevProduct transactions. In it, I saw two things -A script for DevProducts that wasn't going to work -A script named "Give me admin" I find it funny how it was so blatant.
This code is actually a virus for a serverside called exilium. Basically if you insert a free model into a game and if it has this kind of virus it can allow people who have bought the serverside to execute any require script or any other script but others can see it.
I find it funny that they took the time to obfuscate the strings, but didn't obfuscate the function calls and indexing they could have done: game[" [ HEX string here ] "] to index the items or HttpService[" [HEX string of function name here] "](HttpService, ...) because some functions are methods they want a "self". You can either call a method with a colon to give the self automatically or pass in the self youself
well, the second require is actually a backdoor, BUT sense we have their discord webhook, webhooks contain a bunch of information about their owners. including their TOKENS meaning, if theyre gonna backdoor us. why dont we just. token log them?
This is why Roblox added the Script Alert, it pops up on Roblox Studio if the model has a script (Not LocalScript, or ModuleScript.) Roblox added the alert to know pepole that the model maybe has a virus. (Examples with VirusScripts: Skybox, the new Script Alert pops up. A map, the new Script Alert pops up. GnomeCode can pin this if he wants to, this is only for pepole to be aware of models with viruses.
Mixing code and data is always extremely risky and should not be done. If a user downloads an image, the user expects it to contain image data and not that using this image anywhere will run some code. Same goes for any data, whether it's video, audio, 3D models, or entire scenes. This kind of mix up should simply never be allowed in the first place. The moment where code is required, the entire thing should be distributed explicitly as being code. Even if it is 99% data and just one line of code is required to make the data work, this should be clearly marked as code, so users know: As long as they only download stuff tagged as data, they are on the save side.
so i understand what it does it basically goes and sends your game to a serverside's discord and puts it in an infected games channel so people can use the serverside in your game i saw these stuff when just viewing some random serverside videos, theres a infected games channel
what it does is, send that message on discord, with all that information, so the owner of the script can know which place his scripts infected, they can use it as when they join they get trolling gui and all that stuff, my friend have one of those.
so what that is, that's a backdoor for a serverside i know because i make one, and so at 5:45 those bottom ones are sending the game to a discord webhook which tells people that "hey, new game" and they hack on it
that is a requirement aka Server Side module or GUI. that script will take that requirement and take it with the specific id or username and give someone a full power of the script without using a backdoor with exploit and that was other player use for free or paid Server Side
![ARGENTINA vs. CHILE [3-0] | RESUMEN | ELIMINATORIAS SUDAMERICANAS | FECHA 7](http://i.ytimg.com/vi/De3AWmXzhuA/mqdefault.jpg)
There's a 2nd require you didn't check out. It's almost definety giving players that are friends with that account server side acces to run code in your game
yep, this comment needs more attention because it is true. i did some snooping myself and i found a gui. also just noticed something at 1:10 there is a second require he didn't explain!
You're right, major oversight on my part. Thinking about it, I suspect those on the friends list may be getting access to commands they can execute.
@@GnomeCode what he means by serverside access is one of these: ruclips.net/video/-viLsrdWiH4/видео.html. they can be really destructive and have their own executor to run serverside code.
@@hektor7966 i see what you mean. also you said a baseplate game did it? those are like serversides but give everyone the ability to run code.
@@hektor7966 Do you not know how bad serverside is?
It is actually a back door, the second require is giving his friends access to it, the web hook is sending so the creator knows which games has his back door so he can target you.
which sections where the back door?
@@zxfeared where, there is only one
@@Wertyhappy27 theres more
i knew it
no response, no backdoor
as a person who's made backdoors in the past (to test legally on my virtual machines) I can tell that really looks like one, ofc its not an actual backdoor that'd be kinda impossible for roblox but looks something alike
Same, but it is a game backdoor, so exploiters can actually use require scripts and get serversided exploits on any game with that on.
whoever made this backdoor is very novice though
no checking for http which could cause errors, making a lot of the code exposed so people can easily find out its a backdoor, making it send a webhook each time someone joins the game rather then sending it once
You mean using dark comet rat's backdoor builder? Lol
it is, sends a webhook to a discord server saying the game is infected, players who are either in the group of friended with the user can then use scripts on the server
@@keenico7730 dumbest shit I’ve heard “nO chEckIng foR hTtPs” maybe because they want the code to be less ominous ever thought of that? Adding an https getservice is the most obvious thing that can tell someone “oh shit it’s a back door”
This was really fun to watch!
You should do more of these.
Agreed.
Agree
^
v
Agre
I suspect that the reason they obfuscate the code is so that people who don't know much about scripting would think that the code is just there in order to make the model work, so they'll be tricked into leaving it in their game.
Also, as to the reason why they would need info about the game, it's most likely so that they can gather a list of games that they could possibly send bots to crash the servers or mass dislike it.
like GnomeCode said, "if you don't know what the script does, remove it" 💯
It's an ss script so they can pretty much exploit with what they want i mean like they can do whatever especially if the dev is in a game with people the in the game the model is so they can execute whatever script they want even the most inappropriate stuff
yh im a crappy coder so yhh i dont build experiences anymore 😂
*Removes the entire Roblox API*
IT could be that he just wants to know who used his skybox?
They can do whatever they want to the server
yeah, this is why it's really important to check free models, especially the description and name because lots of bad models come with repeated descriptions like "Tree Tree Tree Tree Tree" to bump them up to the top of search
i check every free model's script and so far i have not seen anything amogus imposter sus about them
Usualy old virus models also have "infected" as codes and etc, you should also look for "dont delete"
Or "dont rea/look"
They usaly contain virus
Some also come as ". "
There is popular Noob model (no, not my pfp) that has a script called "Vaccine". You know what it does?
@@fan0 I think it's a backdoor, idk tho
GnomeCode: Yep, this script is harmless.
Every Serverside in existence:
i never knew that free models have a much deeper and darker secrets
the fact the model is called Darker made this comment necessary
The ultimate troll gui one shots your account
@@aux2970 it doesn’t hack you etc
It bans you any script involved with ultimate troll GUI will give you a ban
(Most likely termination
@@Holden_.. i never said that it hacks you
@@aux2970 sorry didn’t know what you meant
Hey its a backdoor that is called exilium. It allows players that are in a duscord server see the game that got infected with the virus. Players can execute scripts for trolling players or killing players
thats the same thing as every other serverside
nahh no way bro??
Wait a minute... if it's sending a discord thing telling them a game is infected and they can exploit in it then what if I only remove the backdoor and not the notification? Is that a way to do a little trolling?
@@gabrielc7861 Better if I would allow them to troll people in my game then find them using OSINT including their real address, full name, parents and post it on v3rm and other forums.
@@ErtywekPL I mean just making them join a game and try to exploit only for it not to work
The fact that you know all about this stuff shows that you are epic, if i were to look in the script i wouldn’t even know a thing
@@HarryDKH yessir
No you just need to learn
This is very entertaining. You should do more of these!
True
Feels like he’s a detectiv
@@mythicstudios5234 yeah XD
yeah
He made another one. I wanted to see this script for myself, only to discover that it contains another script entirely. Its only one script this time. I've been trying to make since of it, but it would be very helpful if you could make a video on it.
get this man a theory i wanna hear it
how did you fail to decompile fucking LUA
I really like dangerous code breakdowns, if you can please do this again! Nice and easy to understand and also very interesting as you start to break it down limb by limb.
I replaced the require script with a troll script so when he tries to hack my game he's gonna get fucking trolled
@@builderdude9488 I think discord blocked the requests from roblox
@@builderdude9488 lmao
@@OnlyKemal nope
when i saw the title and thumbnail i got very shooketh, but when i reached the end i felt relief all over my body.
*phew* quite the journey my fren
@@GnomeCode didn't expect to see gnomecode reply to one of mah friends
it can hack ur game, the second require script
I used to backdoor roblox games and such in my free time (i dont anymore dw). The only reason this specific info needs to be posted to a discord server is if you were infecting the game with a backdoor, as to alert other users of the serverside to the fact that the game was infected. so yes, it is actually malicious.
I never knew you could use hexadecimals for IDs
in Lua, hexadecimals are just a different way of writing numbers, so a hex number and a decimal number in Lua work exactly the same.
Hex is base 16
Usual number (decimal) is base 10
So no matter the language, it should be able to convert between these 2 as it's a very basic thing
neither did i this makes coding a lot cooler and scarier at the same time
@@kxtbit thats in most languages actually
@@IkeVoodoo yea ik
This is really interesting, the way you explain it is really entertaining and useful too!
alright, i used to work on stuff like this, let me break it down
so the code seems to insert an SS executor (watch youtubers like Dark Eccentric for 5 minutes and you'll see what im talking about) into the game via that little bit of code
the user with the bunch of random characters is sort of a whitelist system for the SS, adding users who buy it via an automated bot system, the code checks if someone who joins the game is friends with that whitelist dummy account and injects the GUI into the person
the GUI itself allows users to execute serversided code like grab knife that allow players to pretty much bypass FE, the inserted require is probably a system to check if a game is active and send logs of its servers to the SS's discord
its literally serverscripts of course it bypasses FE lol
If your wondering what this process is
This code has been "Obfuscated"
The term obfuscation is basically making your code unreadable and not understandable
Obfuscation nowadays (Luraph, MoonSec v3, 77Fuscator, Ironbrew2, LuaSeel, clvbrew, Defaultio's Obfuscation (which this malicious code was obfuscated from), and etc) are very secure in they're own ways having anti tampering scripts and other professional stuff that make your code unreadable
This obfuscated code right here is trying to hide constants inside a string by using a code mutator that changes these values into hexadecimal value.
The process GnomeCode is doing here is called Deobfuscation
Hope this helped :)
its been a childhood dream to code, and the way you decode it makes it sound so easy
It’s pretty easy if you have like 3 months of experience in lua. Most don’t obfuscate their stuff this hard
The amongus part almost freaked me out,like,those noises are pretty unsettling
i've been waiting for a new video, love watching these!
Awesome, thanks for watching!
@@GnomeCode Can you help me in morph scripts? i am having trouble
Theory: The Free model uses that script to tell a discord server when a game is public so a group of people could go attack it e.g hack in it or spam to ruin your game...
or it's just a bored developer wanting to play a new game.
or someone doing a survey to see how many people fall for free model Viruses.
I think the devs just want to know who uses their model
@@3hukwuma no, they insert a module which loads a backdoor (mostly a ss executor gui) when they join, or they can access the game and "exploit"
@@3hukwuma There is a second script that he didn't cover in the video that means everyone who is friends with that user gets commands to hack the game, meaning if you use that model, they will know the link of the game, join it, and ruin it
It's a SS.
@@3hukwuma no this is the work of a SS
so the first function gives the discord server info on the game also letting members know that its now back doored. the second function detects if the player is friends with that alt account & if it is it gets backdoor access. -I think-
the deeper we go into the folders the more we find about this thing and maybe the stranger it gets
Ex-backdoor dude here.
These scripts are extremely common in free models, when I was doing my own investigative work, I found one every 3 free models. Usually they allow a (whitelisted) list of players to execute lua code serverside (as opposed to clientside lua execution, like Synapse X). With my own system, it was anyone within a Roblox group got backdoor access (a menu where you could type or paste lua, including some pre-saved lua scripts and execute it). Then when a backdoored server goes online, it notifies us in a Discord server using webhooks of which server and a command you could input into the Chrome/Firefox javascript console to automatically start Roblox and join that server.
Honestly it was quite fun doing it.
@@hydramadness My group was not the only one, there are THOUSANDS of other little groups spreading these virus models around and using them. I wasn't the only one, and until Roblox moderators don't get behind all of this (which has been going on for a while) game creators that use free models will have to rely on checking if models they use have scripts in them or not.
@@SVENY Yes, just simply do it for the one you were in and the discord, of course i knew there was more than one, u can provide the group link and discord link for your ones, go on. You won't.
@@hydramadness why would I want to provide a link to a group that's nonexistent.
@hydra, why are you trying to recieve access to this group anyway?
@@hydramadness i thought jokes were supposed to be funny
Fun fact:I learned so much from the script of the model
Fun idea, make it so it still notifies the person that your game has it but make it so they don't have any of the other things that they put in.
Ye, Idk if they actually detect the joint virus one
As of right now scripts inside of studio can’t do anything to your account, most of the time it is just a server side exploit or selling you expensive clothing. The most malicious thing they could do is put inappropriate images/models/audio in your game to get you banned.
Damn, he went from a single short script to a discord webhook that shows game information
Moral: Be careful with models in the toolbox, I recommend you to do the models yourself, My first time as a dev using anything I found in toolbox was a mistake. Now after 1 year, I learned from my mistakes.
However I'm not forcing you to stop completely, I mean, just use the toolbox only a bit and if your gonna use one. Check EVERYTHING, the scripts, the instances, EVERYTHING So your game is 100% virus free.
Hope it helps.
Good thing Roblox notifies you if there is a script in the model, anything could be dangerous on the internet.
@@AcornGroove8274 yeah but they can disguise it as a joint
@@Sethilliano So Roblox doesn’t know if there is a script inside of a joint?
Damn didn't know free models had straight-up ARGS in them
lmao
lmao
this is honestly really cleverly set up, require scripts to obscure the models, unreadable codes to hide from moderation and other coders looking into it, all the way to sending all the available games to a server so they can easily exploit it, shows that exploiters have become very advanced within the past few years
This is a server side. I've made these before in the past. THIS IS A BACKDOOR.
Why did you make them??!!?
@@keshsans536 People can be stupid at younger ages or he just wanted cash for them.
I think it's called like exilium ss or something.
Sad to see many new devs dont realise 90% models are backdoors..
@@spongebot6955 did u know that R O B L O X deleted all the models that have back doors
There is something that the creator tells the user who used the creator's model, it is like this:
-----------------------------------------------------
THANKS FOR USING MY MODEL!
-----------------------------------------------------
But, some models has a code in it, it is like:
_________________________________________
Thank you so much for using this model!
_________________________________________ (Insert virus string code, IP logger, etc.)
Seems like it's just in the experimental stage for now. Likely testing to see if it works in smaller games that will use free skyboxes since they're time consuming to make, then eventually throwing a more advanced version in commissioned assets is my guess.
Lol I saw this video thumbnail and I thought the gnome was the model 😂 so when I saw your channel with the same model I left imidiatily. When I saw the video I was confused because you were talking about. But the think was damn sky box 😂😂
Super entertaining video, you should do more of these! Maybe turn it into a series?
Glad you found my script. it's been long enough.
this was a really good video u should do more of these
A fun series idea
Search up a few names in the models section(names like tree,spawn,zombie,house and etc) and get a bunch of free models and check if they are a virus
I Actually Put This Sky In My Game
Dont Worry, The Secnd I Saw A Script Was Even In There, I Deleted It
you're smart
ive been in a discord server which was a serverside backdoor thingy, basically what that script does is when someone plays the game, it sends the game info in their discord server, and if theyre friends with that sus account, they get serverside access and can destroy your game (sorry for my bad grammar lol)
i am working on a piggy fan game and when i was wondering what to do i found you u are the first roblox channel i subbed to ur videos helped so much thank you :)
Welcome aboard!
Same, his tutorials are really helpful
No way someone tried their sole best to hide the fact that it is just a harmless code that notifies if someone is using his skybox💀
It can acctually steal your data
wheres teddy tho :( i want more teddy :)
I've been working on it all week, can't wait to show you guys soon ;)
@@GnomeCode Thank you!!!
@@GnomeCode Cool l love your Teddy vids
I have ben working on a game like Teddy
But the AI crashed:(
Can you help?
There is no error in the output
My bot moves in the middle of the waypoints
ironically, as this backdoor is super easy to decode, you can backdoor the backdoor with the webhook link
What happens when you change it to a yt link?
Damn,this is deep
It most likely is a back door. The first script with the two PlayerAdded events required two different scripts. He only checked one of them, so we can assume the other module being required is the actual planted executor.
Hey that's me!
Indeed
Yep, that's you!
Hey, that’s you!
@@ScreamingCell Oh dear god, its a gun with a gun!
8:57 The discord server the webhook is integrated contains all the other info of other roblox games and that script makes the webhook post info using internet magic.
Lesson of the day: don't obfuscate your crappy ss with hex, that aint gon work chief
prombogen!!!!!!
toaster
@@leaderr_ toaster
@@specowos toaster
@@stalecheez-it1034 toaster
moment i saw require i just knew it was a backdoor, also the fact that its checking a guy's friends list means a whitelist and if it wasnt obvious enough then the logo and the name was the giveaway
Is it just me or do I think I always use free model viruses
you edited your comment from "first" to this
It's not only you lol
@@achannel77373 I commented as fast as I can so I just put “first” then edited it to my real comment
@@yusufart4676 "real" yea so the first one wasnt the actual real, totally
@@theabyss2b2t87 maybe
i saw the video title and subscribed immediately. sad how youtube had to show me your channel a year later.
It's just an obfuscated script that infects your game with an ss lol.
This is why it's important to thoroughly check free models you use.
I have always looked for these kind of videos! Can you make more of these please? I would love it!
On what exactly? He covered pretty much everything there is to back doors here
😳🥶 i knew it. my friend told me about one of these. he was in a discord server with one of those web hooks D:. if a player joins that game (in that server with an exploit) it allows them to run code (server code like requires to troll)
the game id is printed into a discord channel which is then used to show that the game is backdoored (for ease of access to a backdoored game), they can run bypassed requires which basically are filtering disabled scripts (exploits) that show server side
missed a chance to send comedy gold embeds to that webhook
"If you dont know what the script means, remove it"
~Gnome Code 2021
yeah I have made quite a few backdoors like this and gotten access to a lot of the top game like mad city, jailbreak, meep city using a cool blur effect that a lot of games like.
I thought this was a Computerphile video judging by that thumbnail lol.
Roblox doesn't sensor scripts there is a plugin to deobfuscate and obfuscate code they were using minimal effort the script was made by them sure but the plugin did a lot of the work. Obv not sharing the plugin.
4:53 Though he was singing life goes on and on and on and on
I’m I create server sides and backdoors you’d be surprised to how many there are I created Stamp SS and I’m partnered with other ServerSides such as floppaware, strategy SS, teefus, pact SS, Topk3k and cephalon
Judging from the thumbnail, I thought the virus model was gonna be the gnome avatar.
im going to decode this further and attempt to make my own so that I can understand it better
I figured it out abit early why they had this, it's mostly definitely a discord server with a tracker of games with available backdoors exclusive to the friends of the selected user. Abit strange not to point this out in the video.
dude imagine making a backdoor with lots of users and someones exposes it on a tutorial on how to find backdoors!
they must be so angry lol
one of my favorite things is to just mess around with recently updated models and destroy the webhooks with spam
YESS. When I’m bored I like to go fry wee hooks lol
I used to exploit and basically, it sends it to a serverside like Sympex, Exoliner, etc. and it makes it so buyers of the script can see what game is infected so that they can run scripts inside. Remember those old roblox exploiting videos? Pretty much that but more complicated.
wallop560 mentioned about the 2nd require, and yes i was about to point that out, but he told it, so i'll just explain how this thing works FROM my thoughts:
- The webhook sends data to a discord account
- If that game GETS popular and its recently updated and stuff like that, they'll exploit in it
- Then the 2nd require will help them have access to run server sided code in the game (as wallop560 said)
This is how exploiters are trying gain access to one's game, so everyone out there, be careful alright, we dont want these problems to happen
please do more of these, they are so interesting
It's a backdoor that gives the owner,his friends and alts admin in games that have the model
it gives the person SS access to your game ( basically do whatever they want / admin perms )
It's just a backdoor to give Access whoever the person is and their friend a server side to run codes in your game which could potentially ruin your game
Strings that have discord in them r connected to automatic bot on server and if you add current model, he send notify to channel like "our serverside is now useable in (game name)" so yeah it mostly to use serverside scripts
I know it's a bit too late but you could've sent e post request with a delete method to obviously delete the discord webhook, and so the script would globally be broken for everyone who tried to use the "virused" skybox asset
Once, I used a model to handle DevProduct transactions. In it, I saw two things
-A script for DevProducts that wasn't going to work
-A script named "Give me admin"
I find it funny how it was so blatant.
This code is actually a virus for a serverside called exilium. Basically if you insert a free model into a game and if it has this kind of virus it can allow people who have bought the serverside to execute any require script or any other script but others can see it.
Biggest step of code, be abstract! this isn't a terrible coder.
i think this code commands an army of bots to invade the server
I find it funny that they took the time to obfuscate the strings, but didn't obfuscate the function calls and indexing
they could have done:
game[" [ HEX string here ] "]
to index the items
or
HttpService[" [HEX string of function name here] "](HttpService, ...)
because some functions are methods they want a "self". You can either call a method with a colon to give the self automatically or pass in the self youself
well, the second require is actually a backdoor, BUT sense we have their discord webhook, webhooks contain a bunch of information about their owners. including their TOKENS meaning, if theyre gonna backdoor us. why dont we just. token log them?
This is why Roblox added the Script Alert, it pops up on Roblox Studio if the model has a script (Not LocalScript, or ModuleScript.) Roblox added the alert to know pepole that the model maybe has a virus. (Examples with VirusScripts: Skybox, the new Script Alert pops up. A map, the new Script Alert pops up. GnomeCode can pin this if he wants to, this is only for pepole to be aware of models with viruses.
Everyone talking about video, but i want to say its super cool video. Thank you for such a good content
detective GnomeCode is on the case
Mixing code and data is always extremely risky and should not be done. If a user downloads an image, the user expects it to contain image data and not that using this image anywhere will run some code. Same goes for any data, whether it's video, audio, 3D models, or entire scenes. This kind of mix up should simply never be allowed in the first place. The moment where code is required, the entire thing should be distributed explicitly as being code. Even if it is 99% data and just one line of code is required to make the data work, this should be clearly marked as code, so users know: As long as they only download stuff tagged as data, they are on the save side.
it would be nice if roblox would mention that viruses possibly exist in the model section on the developer page
My man made an entire arg to solve his hacked model's mystery.
Despite me sucking at scripting, when i saw that first script i knew what it was doing.
so i understand what it does
it basically goes and sends your game to a serverside's discord and puts it in an infected games channel so people can use the serverside in your game
i saw these stuff when just viewing some random serverside videos, theres a infected games channel
what it does is, send that message on discord, with all that information, so the owner of the script can know which place his scripts infected, they can use it as when they join they get trolling gui and all that stuff, my friend have one of those.
so what that is, that's a backdoor for a serverside i know because i make one, and so at 5:45 those bottom ones are sending the game to a discord webhook which tells people that "hey, new game" and they hack on it
that is a requirement aka Server Side module or GUI. that script will take that requirement and take it with the specific id or username and give someone a full power of the script without using a backdoor with exploit and that was other player use for free or paid Server Side
the embed code in the script is actually a javascript code which is ised to make a discord bot, and the code is actually an embed code
When do you plan on posting A new Chapter of Teddy and posting a Video on it?
everyone gangsta until a skybox gets too complicated and that also sends information to a discord
the among us jumpsccare is gonna make me be scared to sleep alone