There's a 2nd require you didn't check out. It's almost definety giving players that are friends with that account server side acces to run code in your game

It is actually a back door, the second require is giving his friends access to it, the web hook is sending so the creator knows which games has his back door so he can target you.

This was really fun to watch! You should do more of these.

as a person who's made backdoors in the past (to test legally on my virtual machines) I can tell that really looks like one, ofc its not an actual backdoor that'd be kinda impossible for roblox but looks something alike

GnomeCode: Yep, this script is harmless. Every Serverside in existence:

yeah, this is why it's really important to check free models, especially the description and name because lots of bad models come with repeated descriptions like "Tree Tree Tree Tree Tree" to bump them up to the top of search

This is very entertaining. You should do more of these!

i never knew that free models have a much deeper and darker secrets

Hey its a backdoor that is called exilium. It allows players that are in a duscord server see the game that got infected with the virus. Players can execute scripts for trolling players or killing players

This is really interesting, the way you explain it is really entertaining and useful too!

The fact that you know all about this stuff shows that you are epic, if i were to look in the script i wouldn’t even know a thing

I really like dangerous code breakdowns, if you can please do this again! Nice and easy to understand and also very interesting as you start to break it down limb by limb.

I used to backdoor roblox games and such in my free time (i dont anymore dw). The only reason this specific info needs to be posted to a discord server is if you were infecting the game with a backdoor, as to alert other users of the serverside to the fact that the game was infected. so yes, it is actually malicious.

I never knew you could use hexadecimals for IDs

If your wondering what this process is This code has been "Obfuscated" The term obfuscation is basically making your code unreadable and not understandable Obfuscation nowadays (Luraph, MoonSec v3, 77Fuscator, Ironbrew2, LuaSeel, clvbrew, Defaultio's Obfuscation (which this malicious code was obfuscated from), and etc) are very secure in they're own ways having anti tampering scripts and other professional stuff that make your code unreadable This obfuscated code right here is trying to hide constants inside a string by using a code mutator that changes these values into hexadecimal value. The process GnomeCode is doing here is called Deobfuscation Hope this helped :)

He made another one. I wanted to see this script for myself, only to discover that it contains another script entirely. Its only one script this time. I've been trying to make since of it, but it would be very helpful if you could make a video on it.

alright, i used to work on stuff like this, let me break it down so the code seems to insert an SS executor (watch youtubers like Dark Eccentric for 5 minutes and you'll see what im talking about) into the game via that little bit of code the user with the bunch of random characters is sort of a whitelist system for the SS, adding users who buy it via an automated bot system, the code checks if someone who joins the game is friends with that whitelist dummy account and injects the GUI into the person the GUI itself allows users to execute serversided code like grab knife that allow players to pretty much bypass FE, the inserted require is probably a system to check if a game is active and send logs of its servers to the SS's discord

Fun fact:I learned so much from the script of the model

its been a childhood dream to code, and the way you decode it makes it sound so easy

when i saw the title and thumbnail i got very shooketh, but when i reached the end i felt relief all over my body.

The amongus part almost freaked me out,like,those noises are pretty unsettling

Theory: The Free model uses that script to tell a discord server when a game is public so a group of people could go attack it e.g hack in it or spam to ruin your game... or it's just a bored developer wanting to play a new game. or someone doing a survey to see how many people fall for free model Viruses.

the deeper we go into the folders the more we find about this thing and maybe the stranger it gets

so the first function gives the discord server info on the game also letting members know that its now back doored. the second function detects if the player is friends with that alt account & if it is it gets backdoor access. -I think-

Damn, he went from a single short script to a discord webhook that shows game information

Ex-backdoor dude here. These scripts are extremely common in free models, when I was doing my own investigative work, I found one every 3 free models. Usually they allow a (whitelisted) list of players to execute lua code serverside (as opposed to clientside lua execution, like Synapse X). With my own system, it was anyone within a Roblox group got backdoor access (a menu where you could type or paste lua, including some pre-saved lua scripts and execute it). Then when a backdoored server goes online, it notifies us in a Discord server using webhooks of which server and a command you could input into the Chrome/Firefox javascript console to automatically start Roblox and join that server. Honestly it was quite fun doing it.

Glad you found my script. it's been long enough.

This is a server side. I've made these before in the past. THIS IS A BACKDOOR.

As of right now scripts inside of studio can’t do anything to your account, most of the time it is just a server side exploit or selling you expensive clothing. The most malicious thing they could do is put inappropriate images/models/audio in your game to get you banned.

Moral: Be careful with models in the toolbox, I recommend you to do the models yourself, My first time as a dev using anything I found in toolbox was a mistake. Now after 1 year, I learned from my mistakes. However I'm not forcing you to stop completely, I mean, just use the toolbox only a bit and if your gonna use one. Check EVERYTHING, the scripts, the instances, EVERYTHING So your game is 100% virus free. Hope it helps.

Fun idea, make it so it still notifies the person that your game has it but make it so they don't have any of the other things that they put in.

Super entertaining video, you should do more of these! Maybe turn it into a series?

8:57 The discord server the webhook is integrated contains all the other info of other roblox games and that script makes the webhook post info using internet magic.

this was a really good video u should do more of these

I thought this was a Computerphile video judging by that thumbnail lol.

Damn didn't know free models had straight-up ARGS in them

this is honestly really cleverly set up, require scripts to obscure the models, unreadable codes to hide from moderation and other coders looking into it, all the way to sending all the available games to a server so they can easily exploit it, shows that exploiters have become very advanced within the past few years

Seems like it's just in the experimental stage for now. Likely testing to see if it works in smaller games that will use free skyboxes since they're time consuming to make, then eventually throwing a more advanced version in commissioned assets is my guess.

No way someone tried their sole best to hide the fact that it is just a harmless code that notifies if someone is using his skybox💀

i am working on a piggy fan game and when i was wondering what to do i found you u are the first roblox channel i subbed to ur videos helped so much thank you :)

This is why it's important to thoroughly check free models you use.

I Actually Put This Sky In My Game Dont Worry, The Secnd I Saw A Script Was Even In There, I Deleted It

"If you dont know what the script means, remove it" ~Gnome Code 2021

wheres teddy tho :( i want more teddy :)

There is something that the creator tells the user who used the creator's model, it is like this: ----------------------------------------------------- THANKS FOR USING MY MODEL! ----------------------------------------------------- But, some models has a code in it, it is like: _________________________________________ Thank you so much for using this model! _________________________________________ (Insert virus string code, IP logger, etc.)

Lesson of the day: don't obfuscate your crappy ss with hex, that aint gon work chief

Roblox doesn't sensor scripts there is a plugin to deobfuscate and obfuscate code they were using minimal effort the script was made by them sure but the plugin did a lot of the work. Obv not sharing the plugin.

Damn,this is deep

ive been in a discord server which was a serverside backdoor thingy, basically what that script does is when someone plays the game, it sends the game info in their discord server, and if theyre friends with that sus account, they get serverside access and can destroy your game (sorry for my bad grammar lol)

Hey that's me!

A fun series idea Search up a few names in the models section(names like tree,spawn,zombie,house and etc) and get a bunch of free models and check if they are a virus

Is it just me or do I think I always use free model viruses

Dam, u explane stuff so good! Deserves a sub

It's just an obfuscated script that infects your game with an ss lol.

everyone gangsta until a skybox gets too complicated and that also sends information to a discord

ironically, as this backdoor is super easy to decode, you can backdoor the backdoor with the webhook link

I have always looked for these kind of videos! Can you make more of these please? I would love it!

the game id is printed into a discord channel which is then used to show that the game is backdoored (for ease of access to a backdoored game), they can run bypassed requires which basically are filtering disabled scripts (exploits) that show server side

moment i saw require i just knew it was a backdoor, also the fact that its checking a guy's friends list means a whitelist and if it wasnt obvious enough then the logo and the name was the giveaway

It most likely is a back door. The first script with the two PlayerAdded events required two different scripts. He only checked one of them, so we can assume the other module being required is the actual planted executor.

Lol I saw this video thumbnail and I thought the gnome was the model 😂 so when I saw your channel with the same model I left imidiatily. When I saw the video I was confused because you were talking about. But the think was damn sky box 😂😂

Judging from the thumbnail, I thought the virus model was gonna be the gnome avatar.

9:05 this is actcually a discord embed script and it is posting all the game details to the webhook. this is how they get the info, i Believe

I used to exploit and basically, it sends it to a serverside like Sympex, Exoliner, etc. and it makes it so buyers of the script can see what game is infected so that they can run scripts inside. Remember those old roblox exploiting videos? Pretty much that but more complicated.

This is just me speculating, but do you think that at 10:06 the footer was saying that Exilium's 'Domain #5608' made the game and the second require was to give the friends access to commands to "prove" they made the game? Or I've seen alot of comments saying that Exilium might be a backdoor and the discord is to say which games they have access to

Everyone talking about video, but i want to say its super cool video. Thank you for such a good content

so what that is, that's a backdoor for a serverside i know because i make one, and so at 5:45 those bottom ones are sending the game to a discord webhook which tells people that "hey, new game" and they hack on it

missed a chance to send comedy gold embeds to that webhook

please do more of these, they are so interesting

everybody gansta until a skybox has lore

This code is actually a virus for a serverside called exilium. Basically if you insert a free model into a game and if it has this kind of virus it can allow people who have bought the serverside to execute any require script or any other script but others can see it.

i think you have uncovered an SS here

My man made an entire arg to solve his hacked model's mystery.

i think this code commands an army of bots to invade the server

subscribed within 5 seconds, looks like quality content to me.

at 1:10, there’s a require you forgot to mention. When you go deeper, it’s by the same guy that made the ‘web’ model, except this one is titled ‘spy’. It’s definitely made so that when someone adds the skybox to their game and updates it, their discord gets a ping so their friends get serverside access to the game and it’s code

this man is going throught all of the stages of investigation

what it does is, send that message on discord, with all that information, so the owner of the script can know which place his scripts infected, they can use it as when they join they get trolling gui and all that stuff, my friend have one of those.

amazing video, you are the best developer i saw ever

wallop560 mentioned about the 2nd require, and yes i was about to point that out, but he told it, so i'll just explain how this thing works FROM my thoughts: - The webhook sends data to a discord account - If that game GETS popular and its recently updated and stuff like that, they'll exploit in it - Then the 2nd require will help them have access to run server sided code in the game (as wallop560 said) This is how exploiters are trying gain access to one's game, so everyone out there, be careful alright, we dont want these problems to happen

Great video! Series Suggestion: How to make a fnaf game Which includes a ending

This is why I check every script in my game that I have not created myself

4:53 Though he was singing life goes on and on and on and on

😳🥶 i knew it. my friend told me about one of these. he was in a discord server with one of those web hooks D:. if a player joins that game (in that server with an exploit) it allows them to run code (server code like requires to troll)

10:31 Seems more of an analytics code used to see who is using the animation pack. And they obfuscated it probably to keep the URL of the webhook safe as its common for these to be exposed and abused.

Most people : "Writing 50 paragraphs" Me : w h a t w h y

im going to decode this further and attempt to make my own so that I can understand it better

Once, I used a model to handle DevProduct transactions. In it, I saw two things -A script for DevProducts that wasn't going to work -A script named "Give me admin" I find it funny how it was so blatant.

yeah I have made quite a few backdoors like this and gotten access to a lot of the top game like mad city, jailbreak, meep city using a cool blur effect that a lot of games like.

i saw the video title and subscribed immediately. sad how youtube had to show me your channel a year later.

me while watching the vid normally : sounds interesting my brain after 2 seconds later : **Plays horror music**

the among us jumpsccare is gonna make me be scared to sleep alone

This person is so good at catching virus codes. 👌👌👌

it gives the person SS access to your game ( basically do whatever they want / admin perms )

It's a backdoor that gives the owner,his friends and alts admin in games that have the model

When do you plan on posting A new Chapter of Teddy and posting a Video on it?

that is a requirement aka Server Side module or GUI. that script will take that requirement and take it with the specific id or username and give someone a full power of the script without using a backdoor with exploit and that was other player use for free or paid Server Side

11:33 the reason they obfuscate their webhooks because theres some kind of people that goes through free models and spam random webhooks

I didnt understand mostly any of this, but it was still fun to watch!

I got a free model with something sus in it. I opened it, there was a script inside. If i understand it right, if you say something in chat while you have that model, bots gonna appear and spam near you.