There's a 2nd require you didn't check out. It's almost definety giving players that are friends with that account server side acces to run code in your game
yep, this comment needs more attention because it is true. i did some snooping myself and i found a gui. also just noticed something at 1:10 there is a second require he didn't explain!
@@GnomeCode what he means by serverside access is one of these: ua-cam.com/video/-viLsrdWiH4/v-deo.html. they can be really destructive and have their own executor to run serverside code.
It is actually a back door, the second require is giving his friends access to it, the web hook is sending so the creator knows which games has his back door so he can target you.
as a person who's made backdoors in the past (to test legally on my virtual machines) I can tell that really looks like one, ofc its not an actual backdoor that'd be kinda impossible for roblox but looks something alike
whoever made this backdoor is very novice though no checking for http which could cause errors, making a lot of the code exposed so people can easily find out its a backdoor, making it send a webhook each time someone joins the game rather then sending it once
it is, sends a webhook to a discord server saying the game is infected, players who are either in the group of friended with the user can then use scripts on the server
@@keenico7730 dumbest shit I’ve heard “nO chEckIng foR hTtPs” maybe because they want the code to be less ominous ever thought of that? Adding an https getservice is the most obvious thing that can tell someone “oh shit it’s a back door”
yeah, this is why it's really important to check free models, especially the description and name because lots of bad models come with repeated descriptions like "Tree Tree Tree Tree Tree" to bump them up to the top of search
Hey its a backdoor that is called exilium. It allows players that are in a duscord server see the game that got infected with the virus. Players can execute scripts for trolling players or killing players
Wait a minute... if it's sending a discord thing telling them a game is infected and they can exploit in it then what if I only remove the backdoor and not the notification? Is that a way to do a little trolling?
@@gabrielc7861 Better if I would allow them to troll people in my game then find them using OSINT including their real address, full name, parents and post it on v3rm and other forums.
I really like dangerous code breakdowns, if you can please do this again! Nice and easy to understand and also very interesting as you start to break it down limb by limb.
I used to backdoor roblox games and such in my free time (i dont anymore dw). The only reason this specific info needs to be posted to a discord server is if you were infecting the game with a backdoor, as to alert other users of the serverside to the fact that the game was infected. so yes, it is actually malicious.
If your wondering what this process is This code has been "Obfuscated" The term obfuscation is basically making your code unreadable and not understandable Obfuscation nowadays (Luraph, MoonSec v3, 77Fuscator, Ironbrew2, LuaSeel, clvbrew, Defaultio's Obfuscation (which this malicious code was obfuscated from), and etc) are very secure in they're own ways having anti tampering scripts and other professional stuff that make your code unreadable This obfuscated code right here is trying to hide constants inside a string by using a code mutator that changes these values into hexadecimal value. The process GnomeCode is doing here is called Deobfuscation Hope this helped :)
He made another one. I wanted to see this script for myself, only to discover that it contains another script entirely. Its only one script this time. I've been trying to make since of it, but it would be very helpful if you could make a video on it.
alright, i used to work on stuff like this, let me break it down so the code seems to insert an SS executor (watch youtubers like Dark Eccentric for 5 minutes and you'll see what im talking about) into the game via that little bit of code the user with the bunch of random characters is sort of a whitelist system for the SS, adding users who buy it via an automated bot system, the code checks if someone who joins the game is friends with that whitelist dummy account and injects the GUI into the person the GUI itself allows users to execute serversided code like grab knife that allow players to pretty much bypass FE, the inserted require is probably a system to check if a game is active and send logs of its servers to the SS's discord
Theory: The Free model uses that script to tell a discord server when a game is public so a group of people could go attack it e.g hack in it or spam to ruin your game... or it's just a bored developer wanting to play a new game. or someone doing a survey to see how many people fall for free model Viruses.
@@3hukwuma There is a second script that he didn't cover in the video that means everyone who is friends with that user gets commands to hack the game, meaning if you use that model, they will know the link of the game, join it, and ruin it
so the first function gives the discord server info on the game also letting members know that its now back doored. the second function detects if the player is friends with that alt account & if it is it gets backdoor access. -I think-
Ex-backdoor dude here. These scripts are extremely common in free models, when I was doing my own investigative work, I found one every 3 free models. Usually they allow a (whitelisted) list of players to execute lua code serverside (as opposed to clientside lua execution, like Synapse X). With my own system, it was anyone within a Roblox group got backdoor access (a menu where you could type or paste lua, including some pre-saved lua scripts and execute it). Then when a backdoored server goes online, it notifies us in a Discord server using webhooks of which server and a command you could input into the Chrome/Firefox javascript console to automatically start Roblox and join that server. Honestly it was quite fun doing it.
@@rekaepSotatoP My group was not the only one, there are THOUSANDS of other little groups spreading these virus models around and using them. I wasn't the only one, and until Roblox moderators don't get behind all of this (which has been going on for a while) game creators that use free models will have to rely on checking if models they use have scripts in them or not.
Moral: Be careful with models in the toolbox, I recommend you to do the models yourself, My first time as a dev using anything I found in toolbox was a mistake. Now after 1 year, I learned from my mistakes. However I'm not forcing you to stop completely, I mean, just use the toolbox only a bit and if your gonna use one. Check EVERYTHING, the scripts, the instances, EVERYTHING So your game is 100% virus free. Hope it helps.
As of right now scripts inside of studio can’t do anything to your account, most of the time it is just a server side exploit or selling you expensive clothing. The most malicious thing they could do is put inappropriate images/models/audio in your game to get you banned.
8:57 The discord server the webhook is integrated contains all the other info of other roblox games and that script makes the webhook post info using internet magic.
Seems like it's just in the experimental stage for now. Likely testing to see if it works in smaller games that will use free skyboxes since they're time consuming to make, then eventually throwing a more advanced version in commissioned assets is my guess.
this is honestly really cleverly set up, require scripts to obscure the models, unreadable codes to hide from moderation and other coders looking into it, all the way to sending all the available games to a server so they can easily exploit it, shows that exploiters have become very advanced within the past few years
i am working on a piggy fan game and when i was wondering what to do i found you u are the first roblox channel i subbed to ur videos helped so much thank you :)
@@GnomeCode Cool l love your Teddy vids I have ben working on a game like Teddy But the AI crashed:( Can you help? There is no error in the output My bot moves in the middle of the waypoints
There is something that the creator tells the user who used the creator's model, it is like this: ----------------------------------------------------- THANKS FOR USING MY MODEL! ----------------------------------------------------- But, some models has a code in it, it is like: _________________________________________ Thank you so much for using this model! _________________________________________ (Insert virus string code, IP logger, etc.)
Roblox doesn't sensor scripts there is a plugin to deobfuscate and obfuscate code they were using minimal effort the script was made by them sure but the plugin did a lot of the work. Obv not sharing the plugin.
ive been in a discord server which was a serverside backdoor thingy, basically what that script does is when someone plays the game, it sends the game info in their discord server, and if theyre friends with that sus account, they get serverside access and can destroy your game (sorry for my bad grammar lol)
A fun series idea Search up a few names in the models section(names like tree,spawn,zombie,house and etc) and get a bunch of free models and check if they are a virus
the game id is printed into a discord channel which is then used to show that the game is backdoored (for ease of access to a backdoored game), they can run bypassed requires which basically are filtering disabled scripts (exploits) that show server side
moment i saw require i just knew it was a backdoor, also the fact that its checking a guy's friends list means a whitelist and if it wasnt obvious enough then the logo and the name was the giveaway
It most likely is a back door. The first script with the two PlayerAdded events required two different scripts. He only checked one of them, so we can assume the other module being required is the actual planted executor.
Lol I saw this video thumbnail and I thought the gnome was the model 😂 so when I saw your channel with the same model I left imidiatily. When I saw the video I was confused because you were talking about. But the think was damn sky box 😂😂
I used to exploit and basically, it sends it to a serverside like Sympex, Exoliner, etc. and it makes it so buyers of the script can see what game is infected so that they can run scripts inside. Remember those old roblox exploiting videos? Pretty much that but more complicated.
This is just me speculating, but do you think that at 10:06 the footer was saying that Exilium's 'Domain #5608' made the game and the second require was to give the friends access to commands to "prove" they made the game? Or I've seen alot of comments saying that Exilium might be a backdoor and the discord is to say which games they have access to
Domain#5608 is a discord account, people have said there is a second include that lets people who friend that random string account use serverside code (which is very dangerous)
so what that is, that's a backdoor for a serverside i know because i make one, and so at 5:45 those bottom ones are sending the game to a discord webhook which tells people that "hey, new game" and they hack on it
This code is actually a virus for a serverside called exilium. Basically if you insert a free model into a game and if it has this kind of virus it can allow people who have bought the serverside to execute any require script or any other script but others can see it.
at 1:10, there’s a require you forgot to mention. When you go deeper, it’s by the same guy that made the ‘web’ model, except this one is titled ‘spy’. It’s definitely made so that when someone adds the skybox to their game and updates it, their discord gets a ping so their friends get serverside access to the game and it’s code
what it does is, send that message on discord, with all that information, so the owner of the script can know which place his scripts infected, they can use it as when they join they get trolling gui and all that stuff, my friend have one of those.
wallop560 mentioned about the 2nd require, and yes i was about to point that out, but he told it, so i'll just explain how this thing works FROM my thoughts: - The webhook sends data to a discord account - If that game GETS popular and its recently updated and stuff like that, they'll exploit in it - Then the 2nd require will help them have access to run server sided code in the game (as wallop560 said) This is how exploiters are trying gain access to one's game, so everyone out there, be careful alright, we dont want these problems to happen
😳🥶 i knew it. my friend told me about one of these. he was in a discord server with one of those web hooks D:. if a player joins that game (in that server with an exploit) it allows them to run code (server code like requires to troll)
10:31 Seems more of an analytics code used to see who is using the animation pack. And they obfuscated it probably to keep the URL of the webhook safe as its common for these to be exposed and abused.
Once, I used a model to handle DevProduct transactions. In it, I saw two things -A script for DevProducts that wasn't going to work -A script named "Give me admin" I find it funny how it was so blatant.
yeah I have made quite a few backdoors like this and gotten access to a lot of the top game like mad city, jailbreak, meep city using a cool blur effect that a lot of games like.
that is a requirement aka Server Side module or GUI. that script will take that requirement and take it with the specific id or username and give someone a full power of the script without using a backdoor with exploit and that was other player use for free or paid Server Side
I got a free model with something sus in it. I opened it, there was a script inside. If i understand it right, if you say something in chat while you have that model, bots gonna appear and spam near you.
There's a 2nd require you didn't check out. It's almost definety giving players that are friends with that account server side acces to run code in your game
yep, this comment needs more attention because it is true. i did some snooping myself and i found a gui. also just noticed something at 1:10 there is a second require he didn't explain!
You're right, major oversight on my part. Thinking about it, I suspect those on the friends list may be getting access to commands they can execute.
@@GnomeCode what he means by serverside access is one of these: ua-cam.com/video/-viLsrdWiH4/v-deo.html. they can be really destructive and have their own executor to run serverside code.
@@hektor7966 i see what you mean. also you said a baseplate game did it? those are like serversides but give everyone the ability to run code.
@@hektor7966 Do you not know how bad serverside is?
It is actually a back door, the second require is giving his friends access to it, the web hook is sending so the creator knows which games has his back door so he can target you.
which sections where the back door?
@@zxfeared where, there is only one
@@Wertyhappy27 theres more
i knew it
no response, no backdoor
This was really fun to watch!
You should do more of these.
Agreed.
Agree
^
v
Agre
as a person who's made backdoors in the past (to test legally on my virtual machines) I can tell that really looks like one, ofc its not an actual backdoor that'd be kinda impossible for roblox but looks something alike
Same, but it is a game backdoor, so exploiters can actually use require scripts and get serversided exploits on any game with that on.
whoever made this backdoor is very novice though
no checking for http which could cause errors, making a lot of the code exposed so people can easily find out its a backdoor, making it send a webhook each time someone joins the game rather then sending it once
You mean using dark comet rat's backdoor builder? Lol
it is, sends a webhook to a discord server saying the game is infected, players who are either in the group of friended with the user can then use scripts on the server
@@keenico7730 dumbest shit I’ve heard “nO chEckIng foR hTtPs” maybe because they want the code to be less ominous ever thought of that? Adding an https getservice is the most obvious thing that can tell someone “oh shit it’s a back door”
GnomeCode: Yep, this script is harmless.
Every Serverside in existence:
yeah, this is why it's really important to check free models, especially the description and name because lots of bad models come with repeated descriptions like "Tree Tree Tree Tree Tree" to bump them up to the top of search
i check every free model's script and so far i have not seen anything amogus imposter sus about them
Usualy old virus models also have "infected" as codes and etc, you should also look for "dont delete"
Or "dont rea/look"
They usaly contain virus
Some also come as ". "
There is popular Noob model (no, not my pfp) that has a script called "Vaccine". You know what it does?
@@fan0 I think it's a backdoor, idk tho
This is very entertaining. You should do more of these!
True
Feels like he’s a detectiv
@@mythicstudios5234 yeah XD
yeah
i never knew that free models have a much deeper and darker secrets
the fact the model is called Darker made this comment necessary
The ultimate troll gui one shots your account
@@aux2970 it doesn’t hack you etc
It bans you any script involved with ultimate troll GUI will give you a ban
(Most likely termination
@@Holden_.. i never said that it hacks you
@@aux2970 sorry didn’t know what you meant
Hey its a backdoor that is called exilium. It allows players that are in a duscord server see the game that got infected with the virus. Players can execute scripts for trolling players or killing players
thats the same thing as every other serverside
nahh no way bro??
Wait a minute... if it's sending a discord thing telling them a game is infected and they can exploit in it then what if I only remove the backdoor and not the notification? Is that a way to do a little trolling?
@@gabrielc7861 Better if I would allow them to troll people in my game then find them using OSINT including their real address, full name, parents and post it on v3rm and other forums.
@@Ertywek I mean just making them join a game and try to exploit only for it not to work
This is really interesting, the way you explain it is really entertaining and useful too!
The fact that you know all about this stuff shows that you are epic, if i were to look in the script i wouldn’t even know a thing
@@HarryDKH yessir
No you just need to learn
I really like dangerous code breakdowns, if you can please do this again! Nice and easy to understand and also very interesting as you start to break it down limb by limb.
I replaced the require script with a troll script so when he tries to hack my game he's gonna get fucking trolled
@@builderdude9488 I think discord blocked the requests from roblox
@@builderdude9488 lmao
@@OnlyKemal nope
I used to backdoor roblox games and such in my free time (i dont anymore dw). The only reason this specific info needs to be posted to a discord server is if you were infecting the game with a backdoor, as to alert other users of the serverside to the fact that the game was infected. so yes, it is actually malicious.
I never knew you could use hexadecimals for IDs
in Lua, hexadecimals are just a different way of writing numbers, so a hex number and a decimal number in Lua work exactly the same.
Hex is base 16
Usual number (decimal) is base 10
So no matter the language, it should be able to convert between these 2 as it's a very basic thing
neither did i this makes coding a lot cooler and scarier at the same time
@@kxtbit thats in most languages actually
@@IkeVoodoo yea ik
If your wondering what this process is
This code has been "Obfuscated"
The term obfuscation is basically making your code unreadable and not understandable
Obfuscation nowadays (Luraph, MoonSec v3, 77Fuscator, Ironbrew2, LuaSeel, clvbrew, Defaultio's Obfuscation (which this malicious code was obfuscated from), and etc) are very secure in they're own ways having anti tampering scripts and other professional stuff that make your code unreadable
This obfuscated code right here is trying to hide constants inside a string by using a code mutator that changes these values into hexadecimal value.
The process GnomeCode is doing here is called Deobfuscation
Hope this helped :)
He made another one. I wanted to see this script for myself, only to discover that it contains another script entirely. Its only one script this time. I've been trying to make since of it, but it would be very helpful if you could make a video on it.
get this man a theory i wanna hear it
how did you fail to decompile fucking LUA
alright, i used to work on stuff like this, let me break it down
so the code seems to insert an SS executor (watch youtubers like Dark Eccentric for 5 minutes and you'll see what im talking about) into the game via that little bit of code
the user with the bunch of random characters is sort of a whitelist system for the SS, adding users who buy it via an automated bot system, the code checks if someone who joins the game is friends with that whitelist dummy account and injects the GUI into the person
the GUI itself allows users to execute serversided code like grab knife that allow players to pretty much bypass FE, the inserted require is probably a system to check if a game is active and send logs of its servers to the SS's discord
its literally serverscripts of course it bypasses FE lol
Fun fact:I learned so much from the script of the model
its been a childhood dream to code, and the way you decode it makes it sound so easy
It’s pretty easy if you have like 3 months of experience in lua. Most don’t obfuscate their stuff this hard
when i saw the title and thumbnail i got very shooketh, but when i reached the end i felt relief all over my body.
*phew* quite the journey my fren
@@GnomeCode didn't expect to see gnomecode reply to one of mah friends
it can hack ur game, the second require script
The amongus part almost freaked me out,like,those noises are pretty unsettling
Theory: The Free model uses that script to tell a discord server when a game is public so a group of people could go attack it e.g hack in it or spam to ruin your game...
or it's just a bored developer wanting to play a new game.
or someone doing a survey to see how many people fall for free model Viruses.
I think the devs just want to know who uses their model
@@3hukwuma no, they insert a module which loads a backdoor (mostly a ss executor gui) when they join, or they can access the game and "exploit"
@@3hukwuma There is a second script that he didn't cover in the video that means everyone who is friends with that user gets commands to hack the game, meaning if you use that model, they will know the link of the game, join it, and ruin it
It's a SS.
@@3hukwuma no this is the work of a SS
the deeper we go into the folders the more we find about this thing and maybe the stranger it gets
Damn, he went from a single short script to a discord webhook that shows game information
so the first function gives the discord server info on the game also letting members know that its now back doored. the second function detects if the player is friends with that alt account & if it is it gets backdoor access. -I think-
Ex-backdoor dude here.
These scripts are extremely common in free models, when I was doing my own investigative work, I found one every 3 free models. Usually they allow a (whitelisted) list of players to execute lua code serverside (as opposed to clientside lua execution, like Synapse X). With my own system, it was anyone within a Roblox group got backdoor access (a menu where you could type or paste lua, including some pre-saved lua scripts and execute it). Then when a backdoored server goes online, it notifies us in a Discord server using webhooks of which server and a command you could input into the Chrome/Firefox javascript console to automatically start Roblox and join that server.
Honestly it was quite fun doing it.
@@rekaepSotatoP My group was not the only one, there are THOUSANDS of other little groups spreading these virus models around and using them. I wasn't the only one, and until Roblox moderators don't get behind all of this (which has been going on for a while) game creators that use free models will have to rely on checking if models they use have scripts in them or not.
@@rekaepSotatoP why would I want to provide a link to a group that's nonexistent.
@hydra, why are you trying to recieve access to this group anyway?
@@rekaepSotatoP i thought jokes were supposed to be funny
i still do make and use backdoors, can confirm this is true
Glad you found my script. it's been long enough.
This is a server side. I've made these before in the past. THIS IS A BACKDOOR.
Why did you make them??!!?
@@keshsans536 People can be stupid at younger ages or he just wanted cash for them.
I think it's called like exilium ss or something.
Sad to see many new devs dont realise 90% models are backdoors..
@@spongebot6955 did u know that R O B L O X deleted all the models that have back doors
Moral: Be careful with models in the toolbox, I recommend you to do the models yourself, My first time as a dev using anything I found in toolbox was a mistake. Now after 1 year, I learned from my mistakes.
However I'm not forcing you to stop completely, I mean, just use the toolbox only a bit and if your gonna use one. Check EVERYTHING, the scripts, the instances, EVERYTHING So your game is 100% virus free.
Hope it helps.
Good thing Roblox notifies you if there is a script in the model, anything could be dangerous on the internet.
@@AcornGroove8274 yeah but they can disguise it as a joint
@@Sethilliano So Roblox doesn’t know if there is a script inside of a joint?
Fun idea, make it so it still notifies the person that your game has it but make it so they don't have any of the other things that they put in.
Ye, Idk if they actually detect the joint virus one
As of right now scripts inside of studio can’t do anything to your account, most of the time it is just a server side exploit or selling you expensive clothing. The most malicious thing they could do is put inappropriate images/models/audio in your game to get you banned.
Super entertaining video, you should do more of these! Maybe turn it into a series?
8:57 The discord server the webhook is integrated contains all the other info of other roblox games and that script makes the webhook post info using internet magic.
Damn didn't know free models had straight-up ARGS in them
lmao
lmao
I thought this was a Computerphile video judging by that thumbnail lol.
this was a really good video u should do more of these
No way someone tried their sole best to hide the fact that it is just a harmless code that notifies if someone is using his skybox💀
It can acctually steal your data
Seems like it's just in the experimental stage for now. Likely testing to see if it works in smaller games that will use free skyboxes since they're time consuming to make, then eventually throwing a more advanced version in commissioned assets is my guess.
this is honestly really cleverly set up, require scripts to obscure the models, unreadable codes to hide from moderation and other coders looking into it, all the way to sending all the available games to a server so they can easily exploit it, shows that exploiters have become very advanced within the past few years
i am working on a piggy fan game and when i was wondering what to do i found you u are the first roblox channel i subbed to ur videos helped so much thank you :)
Welcome aboard!
Same, his tutorials are really helpful
This is why it's important to thoroughly check free models you use.
I Actually Put This Sky In My Game
Dont Worry, The Secnd I Saw A Script Was Even In There, I Deleted It
you're smart
"If you dont know what the script means, remove it"
~Gnome Code 2021
wheres teddy tho :( i want more teddy :)
I've been working on it all week, can't wait to show you guys soon ;)
@@GnomeCode Thank you!!!
@@GnomeCode Cool l love your Teddy vids
I have ben working on a game like Teddy
But the AI crashed:(
Can you help?
There is no error in the output
My bot moves in the middle of the waypoints
There is something that the creator tells the user who used the creator's model, it is like this:
-----------------------------------------------------
THANKS FOR USING MY MODEL!
-----------------------------------------------------
But, some models has a code in it, it is like:
_________________________________________
Thank you so much for using this model!
_________________________________________ (Insert virus string code, IP logger, etc.)
Lesson of the day: don't obfuscate your crappy ss with hex, that aint gon work chief
prombogen!!!!!!
toaster
@@leaderr_ toaster
@@specowos toaster
@@stalecheez-it1034 toaster
Roblox doesn't sensor scripts there is a plugin to deobfuscate and obfuscate code they were using minimal effort the script was made by them sure but the plugin did a lot of the work. Obv not sharing the plugin.
Damn,this is deep
ive been in a discord server which was a serverside backdoor thingy, basically what that script does is when someone plays the game, it sends the game info in their discord server, and if theyre friends with that sus account, they get serverside access and can destroy your game (sorry for my bad grammar lol)
Hey that's me!
Indeed
Yep, that's you!
Hey, that’s you!
@@ScreamingCell Oh dear god, its a gun with a gun!
A fun series idea
Search up a few names in the models section(names like tree,spawn,zombie,house and etc) and get a bunch of free models and check if they are a virus
Is it just me or do I think I always use free model viruses
you edited your comment from "first" to this
It's not only you lol
@@achannel77373 I commented as fast as I can so I just put “first” then edited it to my real comment
@@yusufart4676 "real" yea so the first one wasnt the actual real, totally
@@theabyss2b2t87 maybe
Dam, u explane stuff so good! Deserves a sub
It's just an obfuscated script that infects your game with an ss lol.
everyone gangsta until a skybox gets too complicated and that also sends information to a discord
ironically, as this backdoor is super easy to decode, you can backdoor the backdoor with the webhook link
What happens when you change it to a yt link?
the game id is printed into a discord channel which is then used to show that the game is backdoored (for ease of access to a backdoored game), they can run bypassed requires which basically are filtering disabled scripts (exploits) that show server side
moment i saw require i just knew it was a backdoor, also the fact that its checking a guy's friends list means a whitelist and if it wasnt obvious enough then the logo and the name was the giveaway
I have always looked for these kind of videos! Can you make more of these please? I would love it!
On what exactly? He covered pretty much everything there is to back doors here
It most likely is a back door. The first script with the two PlayerAdded events required two different scripts. He only checked one of them, so we can assume the other module being required is the actual planted executor.
Lol I saw this video thumbnail and I thought the gnome was the model 😂 so when I saw your channel with the same model I left imidiatily. When I saw the video I was confused because you were talking about. But the think was damn sky box 😂😂
Judging from the thumbnail, I thought the virus model was gonna be the gnome avatar.
9:05 this is actcually a discord embed script and it is posting all the game details to the webhook. this is how they get the info, i Believe
I used to exploit and basically, it sends it to a serverside like Sympex, Exoliner, etc. and it makes it so buyers of the script can see what game is infected so that they can run scripts inside. Remember those old roblox exploiting videos? Pretty much that but more complicated.
This is just me speculating, but do you think that at 10:06 the footer was saying that Exilium's 'Domain #5608' made the game and the second require was to give the friends access to commands to "prove" they made the game?
Or I've seen alot of comments saying that Exilium might be a backdoor and the discord is to say which games they have access to
Domain#5608 is a discord account, people have said there is a second include that lets people who friend that random string account use serverside code (which is very dangerous)
Everyone talking about video, but i want to say its super cool video. Thank you for such a good content
so what that is, that's a backdoor for a serverside i know because i make one, and so at 5:45 those bottom ones are sending the game to a discord webhook which tells people that "hey, new game" and they hack on it
missed a chance to send comedy gold embeds to that webhook
everybody gansta until a skybox has lore
please do more of these, they are so interesting
This code is actually a virus for a serverside called exilium. Basically if you insert a free model into a game and if it has this kind of virus it can allow people who have bought the serverside to execute any require script or any other script but others can see it.
i think this code commands an army of bots to invade the server
i think you have uncovered an SS here
My man made an entire arg to solve his hacked model's mystery.
subscribed within 5 seconds, looks like quality content to me.
at 1:10, there’s a require you forgot to mention. When you go deeper, it’s by the same guy that made the ‘web’ model, except this one is titled ‘spy’.
It’s definitely made so that when someone adds the skybox to their game and updates it, their discord gets a ping so their friends get serverside access to the game and it’s code
this man is going throught all of the stages of investigation
what it does is, send that message on discord, with all that information, so the owner of the script can know which place his scripts infected, they can use it as when they join they get trolling gui and all that stuff, my friend have one of those.
wallop560 mentioned about the 2nd require, and yes i was about to point that out, but he told it, so i'll just explain how this thing works FROM my thoughts:
- The webhook sends data to a discord account
- If that game GETS popular and its recently updated and stuff like that, they'll exploit in it
- Then the 2nd require will help them have access to run server sided code in the game (as wallop560 said)
This is how exploiters are trying gain access to one's game, so everyone out there, be careful alright, we dont want these problems to happen
This is why I check every script in my game that I have not created myself
4:53 Though he was singing life goes on and on and on and on
amazing video, you are the best developer i saw ever
😳🥶 i knew it. my friend told me about one of these. he was in a discord server with one of those web hooks D:. if a player joins that game (in that server with an exploit) it allows them to run code (server code like requires to troll)
Great video!
Series Suggestion:
How to make a fnaf game
Which includes a ending
10:31 Seems more of an analytics code used to see who is using the animation pack.
And they obfuscated it probably to keep the URL of the webhook safe as its common for these to be exposed and abused.
its a serverside mate
Most people : "Writing 50 paragraphs"
Me : w h a t w h y
im going to decode this further and attempt to make my own so that I can understand it better
Once, I used a model to handle DevProduct transactions. In it, I saw two things
-A script for DevProducts that wasn't going to work
-A script named "Give me admin"
I find it funny how it was so blatant.
yeah I have made quite a few backdoors like this and gotten access to a lot of the top game like mad city, jailbreak, meep city using a cool blur effect that a lot of games like.
the among us jumpsccare is gonna make me be scared to sleep alone
me while watching the vid normally : sounds interesting
my brain after 2 seconds later : **Plays horror music**
i saw the video title and subscribed immediately. sad how youtube had to show me your channel a year later.
This person is so good at catching virus codes. 👌👌👌
It's a backdoor that gives the owner,his friends and alts admin in games that have the model
it gives the person SS access to your game ( basically do whatever they want / admin perms )
When do you plan on posting A new Chapter of Teddy and posting a Video on it?
that is a requirement aka Server Side module or GUI. that script will take that requirement and take it with the specific id or username and give someone a full power of the script without using a backdoor with exploit and that was other player use for free or paid Server Side
I didnt understand mostly any of this, but it was still fun to watch!
11:33 the reason they obfuscate their webhooks because theres some kind of people that goes through free models and spam random webhooks
I got a free model with something sus in it. I opened it, there was a script inside. If i understand it right, if you say something in chat while you have that model, bots gonna appear and spam near you.