There's a 2nd require you didn't check out. It's almost definety giving players that are friends with that account server side acces to run code in your game

@MrGenie151

2 жыл бұрын

yep, this comment needs more attention because it is true. i did some snooping myself and i found a gui. also just noticed something at 1:10 there is a second require he didn't explain!

@GnomeCode

2 жыл бұрын

You're right, major oversight on my part. Thinking about it, I suspect those on the friends list may be getting access to commands they can execute.

@MrGenie151

2 жыл бұрын

@@GnomeCode what he means by serverside access is one of these: kzread.info/dash/bejne/X6qdrtWrlLrPeJc.html. they can be really destructive and have their own executor to run serverside code.

@MrGenie151

2 жыл бұрын

@@hektor7966 i see what you mean. also you said a baseplate game did it? those are like serversides but give everyone the ability to run code.

@hemovibe

2 жыл бұрын

@@hektor7966 Do you not know how bad serverside is?

It is actually a back door, the second require is giving his friends access to it, the web hook is sending so the creator knows which games has his back door so he can target you.

@sadoats3356

2 жыл бұрын

which sections where the back door?

@Wertyhappy27

2 жыл бұрын

@@zxfeared where, there is only one

@macizzyy

2 жыл бұрын

@@Wertyhappy27 theres more

@hxuey

2 жыл бұрын

i knew it

@cristianjuarez1086

2 жыл бұрын

no response, no backdoor

GnomeCode: Yep, this script is harmless. Every Serverside in existence:

as a person who's made backdoors in the past (to test legally on my virtual machines) I can tell that really looks like one, ofc its not an actual backdoor that'd be kinda impossible for roblox but looks something alike

@zxfeared

2 жыл бұрын

Same, but it is a game backdoor, so exploiters can actually use require scripts and get serversided exploits on any game with that on.

@keenico7730

2 жыл бұрын

whoever made this backdoor is very novice though no checking for http which could cause errors, making a lot of the code exposed so people can easily find out its a backdoor, making it send a webhook each time someone joins the game rather then sending it once

@xE92vD

2 жыл бұрын

You mean using dark comet rat's backdoor builder? Lol

@exxe.n

2 жыл бұрын

it is, sends a webhook to a discord server saying the game is infected, players who are either in the group of friended with the user can then use scripts on the server

@kiankhiaw6620

2 жыл бұрын

@@keenico7730 dumbest shit I’ve heard “nO chEckIng foR hTtPs” maybe because they want the code to be less ominous ever thought of that? Adding an https getservice is the most obvious thing that can tell someone “oh shit it’s a back door”

I suspect that the reason they obfuscate the code is so that people who don't know much about scripting would think that the code is just there in order to make the model work, so they'll be tricked into leaving it in their game. Also, as to the reason why they would need info about the game, it's most likely so that they can gather a list of games that they could possibly send bots to crash the servers or mass dislike it. like GnomeCode said, "if you don't know what the script does, remove it" 💯

@Vurinati

2 жыл бұрын

It's an ss script so they can pretty much exploit with what they want i mean like they can do whatever especially if the dev is in a game with people the in the game the model is so they can execute whatever script they want even the most inappropriate stuff

@rocks5613

2 жыл бұрын

yh im a crappy coder so yhh i dont build experiences anymore 😂

@guypersson

2 жыл бұрын

*Removes the entire Roblox API*

@neogamecraft1686

2 жыл бұрын

IT could be that he just wants to know who used his skybox?

@allnatural1504

2 жыл бұрын

They can do whatever they want to the server

i never knew that free models have a much deeper and darker secrets

@ryandabestkillme3471

2 жыл бұрын

the fact the model is called Darker made this comment necessary

@aux2970

2 жыл бұрын

The ultimate troll gui one shots your account

@Holden_..

2 жыл бұрын

@@aux2970 it doesn’t hack you etc It bans you any script involved with ultimate troll GUI will give you a ban (Most likely termination

@aux2970

2 жыл бұрын

@@Holden_.. i never said that it hacks you

@Holden_..

2 жыл бұрын

@@aux2970 sorry didn’t know what you meant

yeah, this is why it's really important to check free models, especially the description and name because lots of bad models come with repeated descriptions like "Tree Tree Tree Tree Tree" to bump them up to the top of search

@XGplays

2 жыл бұрын

i check every free model's script and so far i have not seen anything amogus imposter sus about them

@poisonedidiot

2 жыл бұрын

Usualy old virus models also have "infected" as codes and etc, you should also look for "dont delete" Or "dont rea/look" They usaly contain virus

@poisonedidiot

2 жыл бұрын

Some also come as ". "

@fan0

2 жыл бұрын

There is popular Noob model (no, not my pfp) that has a script called "Vaccine". You know what it does?

@Scrufflord

2 жыл бұрын

@@fan0 I think it's a backdoor, idk tho

This was really fun to watch! You should do more of these.

@mariuslade

2 жыл бұрын

Agreed.

@NotGoodAPerson

2 жыл бұрын

Agree

@TheBxzr

2 жыл бұрын

^

@DalmatianGeo

2 жыл бұрын

v

@MattlikestrainsOfficial

Жыл бұрын

Agre

Hey its a backdoor that is called exilium. It allows players that are in a duscord server see the game that got infected with the virus. Players can execute scripts for trolling players or killing players

@Deezboyofficial

2 жыл бұрын

thats the same thing as every other serverside

@ven._._.

2 жыл бұрын

nahh no way bro??

@gabrielc7861

2 жыл бұрын

Wait a minute... if it's sending a discord thing telling them a game is infected and they can exploit in it then what if I only remove the backdoor and not the notification? Is that a way to do a little trolling?

@ErtywekPL

2 жыл бұрын

@@gabrielc7861 Better if I would allow them to troll people in my game then find them using OSINT including their real address, full name, parents and post it on v3rm and other forums.

@gabrielc7861

2 жыл бұрын

@@ErtywekPL I mean just making them join a game and try to exploit only for it not to work

I never knew you could use hexadecimals for IDs

@kxtbit

2 жыл бұрын

in Lua, hexadecimals are just a different way of writing numbers, so a hex number and a decimal number in Lua work exactly the same.

@Chanakan-df6hn

2 жыл бұрын

Hex is base 16 Usual number (decimal) is base 10 So no matter the language, it should be able to convert between these 2 as it's a very basic thing

@bry0402

2 жыл бұрын

neither did i this makes coding a lot cooler and scarier at the same time

@IkeVoodoo

2 жыл бұрын

@@kxtbit thats in most languages actually

@kxtbit

2 жыл бұрын

@@IkeVoodoo yea ik

This is very entertaining. You should do more of these!

@mythicstudios5234

2 жыл бұрын

True

@mythicstudios5234

2 жыл бұрын

Feels like he’s a detectiv

@RoStopMotion

2 жыл бұрын

@@mythicstudios5234 yeah XD

@chanchowaton

2 жыл бұрын

yeah

I really like dangerous code breakdowns, if you can please do this again! Nice and easy to understand and also very interesting as you start to break it down limb by limb.

@builderdude9488

Жыл бұрын

I replaced the require script with a troll script so when he tries to hack my game he's gonna get fucking trolled

@OnlyKemal

Жыл бұрын

@@builderdude9488 I think discord blocked the requests from roblox

@MistRQuestion

Жыл бұрын

@@builderdude9488 lmao

@realnotscripter

10 ай бұрын

@@OnlyKemal nope

The fact that you know all about this stuff shows that you are epic, if i were to look in the script i wouldn’t even know a thing

@davidgigglebottom5634

2 жыл бұрын

@@HarryDKH yessir

@axiom3570

2 жыл бұрын

No you just need to learn

He made another one. I wanted to see this script for myself, only to discover that it contains another script entirely. Its only one script this time. I've been trying to make since of it, but it would be very helpful if you could make a video on it.

@dextynlabelle9326

2 жыл бұрын

get this man a theory i wanna hear it

@blocksource4192

2 жыл бұрын

how did you fail to decompile fucking LUA

I used to backdoor roblox games and such in my free time (i dont anymore dw). The only reason this specific info needs to be posted to a discord server is if you were infecting the game with a backdoor, as to alert other users of the serverside to the fact that the game was infected. so yes, it is actually malicious.

This is really interesting, the way you explain it is really entertaining and useful too!

Theory: The Free model uses that script to tell a discord server when a game is public so a group of people could go attack it e.g hack in it or spam to ruin your game... or it's just a bored developer wanting to play a new game. or someone doing a survey to see how many people fall for free model Viruses.

@3hukwuma

2 жыл бұрын

I think the devs just want to know who uses their model

@trinity6880

2 жыл бұрын

@@3hukwuma no, they insert a module which loads a backdoor (mostly a ss executor gui) when they join, or they can access the game and "exploit"

@bubbletea695

2 жыл бұрын

@@3hukwuma There is a second script that he didn't cover in the video that means everyone who is friends with that user gets commands to hack the game, meaning if you use that model, they will know the link of the game, join it, and ruin it

@baconfartyguy

2 жыл бұрын

It's a SS.

@hivonemy8786

2 жыл бұрын

@@3hukwuma no this is the work of a SS

Fun fact:I learned so much from the script of the model

Imagine just spamming his webhook with "Hail GnomeCode"

@Parku8It

2 жыл бұрын

Lol he will be soo mad that he might even get crazy

@whereIsKlumz

2 жыл бұрын

now that we've seen the decrpyted version of the script, we can just go ahead and change up some of the information being sent lol

@xo-co6gf

2 жыл бұрын

@@whereIsKlumz Might as well find the webhook and spam it with something like python

@polarcat0156

2 жыл бұрын

@DJRox gaming Not possible, but spamming is which will make discord terminate the webhook and ban the account hosting it

@itzopsniper1293

6 ай бұрын

Won't work. The person who made this may be dumb but they aren't stupid. The animHandler script runs for every time a player joins, and I suppose the guy wouldn't want to be notified about the same game everytime someone joins, so most likely he has code to handle the webhook and check if the game has already been hacked, and if not and only if not, it will notify the guy

The amongus part almost freaked me out,like,those noises are pretty unsettling

when i saw the title and thumbnail i got very shooketh, but when i reached the end i felt relief all over my body.

@GnomeCode

2 жыл бұрын

*phew* quite the journey my fren

@mrdashell6517

2 жыл бұрын

@@GnomeCode didn't expect to see gnomecode reply to one of mah friends

@vimic3

2 жыл бұрын

it can hack ur game, the second require script

Super entertaining video, you should do more of these! Maybe turn it into a series?

its been a childhood dream to code, and the way you decode it makes it sound so easy

@polarcat0156

2 жыл бұрын

It’s pretty easy if you have like 3 months of experience in lua. Most don’t obfuscate their stuff this hard

i've been waiting for a new video, love watching these!

@GnomeCode

2 жыл бұрын

Awesome, thanks for watching!

@NoRizz-ph6qt

2 жыл бұрын

@@GnomeCode Can you help me in morph scripts? i am having trouble

If your wondering what this process is This code has been "Obfuscated" The term obfuscation is basically making your code unreadable and not understandable Obfuscation nowadays (Luraph, MoonSec v3, 77Fuscator, Ironbrew2, LuaSeel, clvbrew, Defaultio's Obfuscation (which this malicious code was obfuscated from), and etc) are very secure in they're own ways having anti tampering scripts and other professional stuff that make your code unreadable This obfuscated code right here is trying to hide constants inside a string by using a code mutator that changes these values into hexadecimal value. The process GnomeCode is doing here is called Deobfuscation Hope this helped :)

alright, i used to work on stuff like this, let me break it down so the code seems to insert an SS executor (watch youtubers like Dark Eccentric for 5 minutes and you'll see what im talking about) into the game via that little bit of code the user with the bunch of random characters is sort of a whitelist system for the SS, adding users who buy it via an automated bot system, the code checks if someone who joins the game is friends with that whitelist dummy account and injects the GUI into the person the GUI itself allows users to execute serversided code like grab knife that allow players to pretty much bypass FE, the inserted require is probably a system to check if a game is active and send logs of its servers to the SS's discord

@pacifist1354

2 жыл бұрын

its literally serverscripts of course it bypasses FE lol

the deeper we go into the folders the more we find about this thing and maybe the stranger it gets

Glad you found my script. it's been long enough.

I have always looked for these kind of videos! Can you make more of these please? I would love it!

@polarcat0156

2 жыл бұрын

On what exactly? He covered pretty much everything there is to back doors here

Damn, he went from a single short script to a discord webhook that shows game information

Ex-backdoor dude here. These scripts are extremely common in free models, when I was doing my own investigative work, I found one every 3 free models. Usually they allow a (whitelisted) list of players to execute lua code serverside (as opposed to clientside lua execution, like Synapse X). With my own system, it was anyone within a Roblox group got backdoor access (a menu where you could type or paste lua, including some pre-saved lua scripts and execute it). Then when a backdoored server goes online, it notifies us in a Discord server using webhooks of which server and a command you could input into the Chrome/Firefox javascript console to automatically start Roblox and join that server. Honestly it was quite fun doing it.

@SVENY

2 жыл бұрын

@@hydramadness My group was not the only one, there are THOUSANDS of other little groups spreading these virus models around and using them. I wasn't the only one, and until Roblox moderators don't get behind all of this (which has been going on for a while) game creators that use free models will have to rely on checking if models they use have scripts in them or not.

@hydramadness

2 жыл бұрын

@@SVENY Yes, just simply do it for the one you were in and the discord, of course i knew there was more than one, u can provide the group link and discord link for your ones, go on. You won't.

@SVENY

2 жыл бұрын

@@hydramadness why would I want to provide a link to a group that's nonexistent.

@littlehorn0063

2 жыл бұрын

@hydra, why are you trying to recieve access to this group anyway?

@SVENY

2 жыл бұрын

@@hydramadness i thought jokes were supposed to be funny

please do more of these, they are so interesting

this was a really good video u should do more of these

so the first function gives the discord server info on the game also letting members know that its now back doored. the second function detects if the player is friends with that alt account & if it is it gets backdoor access. -I think-

Fun idea, make it so it still notifies the person that your game has it but make it so they don't have any of the other things that they put in.

@Sethilliano

2 жыл бұрын

Ye, Idk if they actually detect the joint virus one

Dam, u explane stuff so good! Deserves a sub

Lol I saw this video thumbnail and I thought the gnome was the model 😂 so when I saw your channel with the same model I left imidiatily. When I saw the video I was confused because you were talking about. But the think was damn sky box 😂😂

Seems like it's just in the experimental stage for now. Likely testing to see if it works in smaller games that will use free skyboxes since they're time consuming to make, then eventually throwing a more advanced version in commissioned assets is my guess.

This is a server side. I've made these before in the past. THIS IS A BACKDOOR.

@keshsans536

2 жыл бұрын

Why did you make them??!!?

@charlescalvin271

2 жыл бұрын

@@keshsans536 People can be stupid at younger ages or he just wanted cash for them.

@baconfartyguy

2 жыл бұрын

I think it's called like exilium ss or something.

@spongebot6955

2 жыл бұрын

Sad to see many new devs dont realise 90% models are backdoors..

@Alex-vx5lk

2 жыл бұрын

@@spongebot6955 did u know that R O B L O X deleted all the models that have back doors

😳🥶 i knew it. my friend told me about one of these. he was in a discord server with one of those web hooks D:. if a player joins that game (in that server with an exploit) it allows them to run code (server code like requires to troll)

A fun series idea Search up a few names in the models section(names like tree,spawn,zombie,house and etc) and get a bunch of free models and check if they are a virus

Damn didn't know free models had straight-up ARGS in them

@cookiehawk

2 жыл бұрын

lmao

@kowhaifan1249

2 жыл бұрын

lmao

Moral: Be careful with models in the toolbox, I recommend you to do the models yourself, My first time as a dev using anything I found in toolbox was a mistake. Now after 1 year, I learned from my mistakes. However I'm not forcing you to stop completely, I mean, just use the toolbox only a bit and if your gonna use one. Check EVERYTHING, the scripts, the instances, EVERYTHING So your game is 100% virus free. Hope it helps.

@AcornGroove8274

2 жыл бұрын

Good thing Roblox notifies you if there is a script in the model, anything could be dangerous on the internet.

@Sethilliano

2 жыл бұрын

@@AcornGroove8274 yeah but they can disguise it as a joint

@AcornGroove8274

2 жыл бұрын

@@Sethilliano So Roblox doesn’t know if there is a script inside of a joint?

this is honestly really cleverly set up, require scripts to obscure the models, unreadable codes to hide from moderation and other coders looking into it, all the way to sending all the available games to a server so they can easily exploit it, shows that exploiters have become very advanced within the past few years

I would like to see more of these videos maybe make this a series since it's really interesting

Hey that's me!

@FSHY.

2 жыл бұрын

Indeed

@FF08_

2 жыл бұрын

Yep, that's you!

@dumbassfish184

2 жыл бұрын

Hey, that’s you!

@Marioman73

2 жыл бұрын

@@dumbassfish184 Oh dear god, its a gun with a gun!

i am working on a piggy fan game and when i was wondering what to do i found you u are the first roblox channel i subbed to ur videos helped so much thank you :)

@GnomeCode

2 жыл бұрын

Welcome aboard!

@RoStopMotion

2 жыл бұрын

Same, his tutorials are really helpful

Great video! Series Suggestion: How to make a fnaf game Which includes a ending

i saw the video title and subscribed immediately. sad how youtube had to show me your channel a year later.

Damn,this is deep

wheres teddy tho :( i want more teddy :)

@GnomeCode

2 жыл бұрын

I've been working on it all week, can't wait to show you guys soon ;)

@inkdabest100percent

2 жыл бұрын

@@GnomeCode Thank you!!!

@mythicstudios5234

2 жыл бұрын

@@GnomeCode Cool l love your Teddy vids I have ben working on a game like Teddy But the AI crashed:( Can you help? There is no error in the output My bot moves in the middle of the waypoints

This Was Really Fun To Watch! When Is Teddy Chapter 4 Coming Out Is It In Build Yet?...

As of right now scripts inside of studio can’t do anything to your account, most of the time it is just a server side exploit or selling you expensive clothing. The most malicious thing they could do is put inappropriate images/models/audio in your game to get you banned.

I Actually Put This Sky In My Game Dont Worry, The Secnd I Saw A Script Was Even In There, I Deleted It

@antonifawalte

2 жыл бұрын

you're smart

Lesson of the day: don't obfuscate your crappy ss with hex, that aint gon work chief

@stalecheez-it1034

2 жыл бұрын

prombogen!!!!!!

@leaderr_

2 жыл бұрын

toaster

@specowos

2 жыл бұрын

@@leaderr_ toaster

@stalecheez-it1034

2 жыл бұрын

@@specowos toaster

@specowos

2 жыл бұрын

@@stalecheez-it1034 toaster

I didnt understand mostly any of this, but it was still fun to watch!

8:57 The discord server the webhook is integrated contains all the other info of other roblox games and that script makes the webhook post info using internet magic.

Is it just me or do I think I always use free model viruses

@agamingchannel2

2 жыл бұрын

you edited your comment from "first" to this

@Lenvii_

2 жыл бұрын

It's not only you lol

@yusufart4676

2 жыл бұрын

@@agamingchannel2 I commented as fast as I can so I just put “first” then edited it to my real comment

@agamingchannel2

2 жыл бұрын

@@yusufart4676 "real" yea so the first one wasnt the actual real, totally

@agamingchannel2

2 жыл бұрын

@@theabyss2b2t87 maybe

It's just an obfuscated script that infects your game with an ss lol.

Everyone talking about video, but i want to say its super cool video. Thank you for such a good content

amazing video, you are the best developer i saw ever

the game id is printed into a discord channel which is then used to show that the game is backdoored (for ease of access to a backdoored game), they can run bypassed requires which basically are filtering disabled scripts (exploits) that show server side

ive been in a discord server which was a serverside backdoor thingy, basically what that script does is when someone plays the game, it sends the game info in their discord server, and if theyre friends with that sus account, they get serverside access and can destroy your game (sorry for my bad grammar lol)

moment i saw require i just knew it was a backdoor, also the fact that its checking a guy's friends list means a whitelist and if it wasnt obvious enough then the logo and the name was the giveaway

yeah I have made quite a few backdoors like this and gotten access to a lot of the top game like mad city, jailbreak, meep city using a cool blur effect that a lot of games like.

This is why it's important to thoroughly check free models you use.

No way someone tried their sole best to hide the fact that it is just a harmless code that notifies if someone is using his skybox💀

@der_schnolli

10 ай бұрын

It can acctually steal your data

you can also use a 'ss executor' to run requires like the one at the start of the video usually in the form of `require(ID)("username")

subscribed within 5 seconds, looks like quality content to me.

may know what font u use for the thumbnail? can u pls answer my questions?

I found some of those virus assets and this is so fun to see how are they trying to hide require.

This was really fun and deep at the same time! it was fun to watch!

What's the game in the background in the intro? Looks dope.

this man is going throught all of the stages of investigation

When do you plan on posting A new Chapter of Teddy and posting a Video on it?

4:53 Though he was singing life goes on and on and on and on

It most likely is a back door. The first script with the two PlayerAdded events required two different scripts. He only checked one of them, so we can assume the other module being required is the actual planted executor.

Hey are their more videos to come for the teddy/piggy series cuz I would love to see more updates and options. Thanks.

It so interesting... Gonna do it every day

Hey GnomeCode! Can you please make a video about creating avatar customizer? Like, your profile avatar on roblox Like in event games

This is very interesting to watch

There is something that the creator tells the user who used the creator's model, it is like this: ----------------------------------------------------- THANKS FOR USING MY MODEL! ----------------------------------------------------- But, some models has a code in it, it is like: _________________________________________ Thank you so much for using this model! _________________________________________ (Insert virus string code, IP logger, etc.)

Judging from the thumbnail, I thought the virus model was gonna be the gnome avatar.

I used to exploit and basically, it sends it to a serverside like Sympex, Exoliner, etc. and it makes it so buyers of the script can see what game is infected so that they can run scripts inside. Remember those old roblox exploiting videos? Pretty much that but more complicated.

Hello im new, i have a question. If you put it in your game then deleted it, does the script remain or its deleted aswell?

This person is so good at catching virus codes. 👌👌👌

GnomeCode i thought you were gonna make that tower defense series

"If you dont know what the script means, remove it" ~Gnome Code 2021

im going to decode this further and attempt to make my own so that I can understand it better

you figured this out so quickly lol

missed a chance to send comedy gold embeds to that webhook

Can you tell us how you formatted the script? I wanna try this myself with other kinds of viruses that use similar obfuscation By the way, for the original requires, they can be deobfuscated by just printing the require id

@polarcat0156

2 жыл бұрын

You just manually go through it and new lines. Don’t think a program can do it

@somethingapproaches64

2 жыл бұрын

1. programs can do it (ive found one myself that can) 2. when did i mention anything about a program

@pacifist1354

2 жыл бұрын

@@somethingapproaches64 to make something in one line to multiple lines, use a lua beautifier online to decode it, well, when you require it, it's still requiring a number. so no matter what's in the require thing, it's still technically a number, so just print it

Strings that have discord in them r connected to automatic bot on server and if you add current model, he send notify to channel like "our serverside is now useable in (game name)" so yeah it mostly to use serverside scripts

ironically, as this backdoor is super easy to decode, you can backdoor the backdoor with the webhook link

@Sethilliano

2 жыл бұрын

What happens when you change it to a yt link?

wait. for discord webhooks, didnt you need third party on roblox settings for it to work?

Your videos are amazing

@GnomeCode

2 жыл бұрын

Thanks for the good vibes!

my friend sicknoobie is featured in this video cool! Also i might have found a virus that stays forever until you delete the model i deleted the virus script and its still there deleted the model and the virus is gone. whats with that?

The script is for when the user is friends with the script of the owner and giving them a backdoor access. They use the webhook for logging the game.

everyone gangsta until a skybox gets too complicated and that also sends information to a discord

I figured it out abit early why they had this, it's mostly definitely a discord server with a tracker of games with available backdoors exclusive to the friends of the selected user. Abit strange not to point this out in the video.