There's a 2nd require you didn't check out. It's almost definety giving players that are friends with that account server side acces to run code in your game

It is actually a back door, the second require is giving his friends access to it, the web hook is sending so the creator knows which games has his back door so he can target you.

This was really fun to watch! You should do more of these.

as a person who's made backdoors in the past (to test legally on my virtual machines) I can tell that really looks like one, ofc its not an actual backdoor that'd be kinda impossible for roblox but looks something alike

GnomeCode: Yep, this script is harmless. Every Serverside in existence:

yeah, this is why it's really important to check free models, especially the description and name because lots of bad models come with repeated descriptions like "Tree Tree Tree Tree Tree" to bump them up to the top of search

i never knew that free models have a much deeper and darker secrets

The fact that you know all about this stuff shows that you are epic, if i were to look in the script i wouldn’t even know a thing

Hey its a backdoor that is called exilium. It allows players that are in a duscord server see the game that got infected with the virus. Players can execute scripts for trolling players or killing players

This is very entertaining. You should do more of these!

I really like dangerous code breakdowns, if you can please do this again! Nice and easy to understand and also very interesting as you start to break it down limb by limb.

I used to backdoor roblox games and such in my free time (i dont anymore dw). The only reason this specific info needs to be posted to a discord server is if you were infecting the game with a backdoor, as to alert other users of the serverside to the fact that the game was infected. so yes, it is actually malicious.

I never knew you could use hexadecimals for IDs

He made another one. I wanted to see this script for myself, only to discover that it contains another script entirely. Its only one script this time. I've been trying to make since of it, but it would be very helpful if you could make a video on it.

its been a childhood dream to code, and the way you decode it makes it sound so easy

This is really interesting, the way you explain it is really entertaining and useful too!

when i saw the title and thumbnail i got very shooketh, but when i reached the end i felt relief all over my body.

Fun fact:I learned so much from the script of the model

The amongus part almost freaked me out,like,those noises are pretty unsettling

the deeper we go into the folders the more we find about this thing and maybe the stranger it gets

If your wondering what this process is This code has been "Obfuscated" The term obfuscation is basically making your code unreadable and not understandable Obfuscation nowadays (Luraph, MoonSec v3, 77Fuscator, Ironbrew2, LuaSeel, clvbrew, Defaultio's Obfuscation (which this malicious code was obfuscated from), and etc) are very secure in they're own ways having anti tampering scripts and other professional stuff that make your code unreadable This obfuscated code right here is trying to hide constants inside a string by using a code mutator that changes these values into hexadecimal value. The process GnomeCode is doing here is called Deobfuscation Hope this helped :)

alright, i used to work on stuff like this, let me break it down so the code seems to insert an SS executor (watch youtubers like Dark Eccentric for 5 minutes and you'll see what im talking about) into the game via that little bit of code the user with the bunch of random characters is sort of a whitelist system for the SS, adding users who buy it via an automated bot system, the code checks if someone who joins the game is friends with that whitelist dummy account and injects the GUI into the person the GUI itself allows users to execute serversided code like grab knife that allow players to pretty much bypass FE, the inserted require is probably a system to check if a game is active and send logs of its servers to the SS's discord

Damn, he went from a single short script to a discord webhook that shows game information

so the first function gives the discord server info on the game also letting members know that its now back doored. the second function detects if the player is friends with that alt account & if it is it gets backdoor access. -I think-

this is honestly really cleverly set up, require scripts to obscure the models, unreadable codes to hide from moderation and other coders looking into it, all the way to sending all the available games to a server so they can easily exploit it, shows that exploiters have become very advanced within the past few years

Fun idea, make it so it still notifies the person that your game has it but make it so they don't have any of the other things that they put in.

A fun series idea Search up a few names in the models section(names like tree,spawn,zombie,house and etc) and get a bunch of free models and check if they are a virus

Seems like it's just in the experimental stage for now. Likely testing to see if it works in smaller games that will use free skyboxes since they're time consuming to make, then eventually throwing a more advanced version in commissioned assets is my guess.

Theory: The Free model uses that script to tell a discord server when a game is public so a group of people could go attack it e.g hack in it or spam to ruin your game... or it's just a bored developer wanting to play a new game. or someone doing a survey to see how many people fall for free model Viruses.

Super entertaining video, you should do more of these! Maybe turn it into a series?

As of right now scripts inside of studio can’t do anything to your account, most of the time it is just a server side exploit or selling you expensive clothing. The most malicious thing they could do is put inappropriate images/models/audio in your game to get you banned.

Damn didn't know free models had straight-up ARGS in them

Moral: Be careful with models in the toolbox, I recommend you to do the models yourself, My first time as a dev using anything I found in toolbox was a mistake. Now after 1 year, I learned from my mistakes. However I'm not forcing you to stop completely, I mean, just use the toolbox only a bit and if your gonna use one. Check EVERYTHING, the scripts, the instances, EVERYTHING So your game is 100% virus free. Hope it helps.

Ex-backdoor dude here. These scripts are extremely common in free models, when I was doing my own investigative work, I found one every 3 free models. Usually they allow a (whitelisted) list of players to execute lua code serverside (as opposed to clientside lua execution, like Synapse X). With my own system, it was anyone within a Roblox group got backdoor access (a menu where you could type or paste lua, including some pre-saved lua scripts and execute it). Then when a backdoored server goes online, it notifies us in a Discord server using webhooks of which server and a command you could input into the Chrome/Firefox javascript console to automatically start Roblox and join that server. Honestly it was quite fun doing it.

This is a server side. I've made these before in the past. THIS IS A BACKDOOR.

this was a really good video u should do more of these

There is something that the creator tells the user who used the creator's model, it is like this: ----------------------------------------------------- THANKS FOR USING MY MODEL! ----------------------------------------------------- But, some models has a code in it, it is like: _________________________________________ Thank you so much for using this model! _________________________________________ (Insert virus string code, IP logger, etc.)

i am working on a piggy fan game and when i was wondering what to do i found you u are the first roblox channel i subbed to ur videos helped so much thank you :)

moment i saw require i just knew it was a backdoor, also the fact that its checking a guy's friends list means a whitelist and if it wasnt obvious enough then the logo and the name was the giveaway

Damn,this is deep

This is why it's important to thoroughly check free models you use.

Hey that's me!

Glad you found my script. it's been long enough.

wheres teddy tho :( i want more teddy :)

😳🥶 i knew it. my friend told me about one of these. he was in a discord server with one of those web hooks D:. if a player joins that game (in that server with an exploit) it allows them to run code (server code like requires to troll)

I Actually Put This Sky In My Game Dont Worry, The Secnd I Saw A Script Was Even In There, I Deleted It

8:57 The discord server the webhook is integrated contains all the other info of other roblox games and that script makes the webhook post info using internet magic.

Lesson of the day: don't obfuscate your crappy ss with hex, that aint gon work chief

I thought this was a Computerphile video judging by that thumbnail lol.

It's just an obfuscated script that infects your game with an ss lol.

I have always looked for these kind of videos! Can you make more of these please? I would love it!

Is it just me or do I think I always use free model viruses

It most likely is a back door. The first script with the two PlayerAdded events required two different scripts. He only checked one of them, so we can assume the other module being required is the actual planted executor.

ironically, as this backdoor is super easy to decode, you can backdoor the backdoor with the webhook link

No way someone tried their sole best to hide the fact that it is just a harmless code that notifies if someone is using his skybox💀

i saw the video title and subscribed immediately. sad how youtube had to show me your channel a year later.

please do more of these, they are so interesting

im going to decode this further and attempt to make my own so that I can understand it better

Judging from the thumbnail, I thought the virus model was gonna be the gnome avatar.

ive been in a discord server which was a serverside backdoor thingy, basically what that script does is when someone plays the game, it sends the game info in their discord server, and if theyre friends with that sus account, they get serverside access and can destroy your game (sorry for my bad grammar lol)

the game id is printed into a discord channel which is then used to show that the game is backdoored (for ease of access to a backdoored game), they can run bypassed requires which basically are filtering disabled scripts (exploits) that show server side

yeah I have made quite a few backdoors like this and gotten access to a lot of the top game like mad city, jailbreak, meep city using a cool blur effect that a lot of games like.

"If you dont know what the script means, remove it" ~Gnome Code 2021

Lol I saw this video thumbnail and I thought the gnome was the model 😂 so when I saw your channel with the same model I left imidiatily. When I saw the video I was confused because you were talking about. But the think was damn sky box 😂😂

wallop560 mentioned about the 2nd require, and yes i was about to point that out, but he told it, so i'll just explain how this thing works FROM my thoughts: - The webhook sends data to a discord account - If that game GETS popular and its recently updated and stuff like that, they'll exploit in it - Then the 2nd require will help them have access to run server sided code in the game (as wallop560 said) This is how exploiters are trying gain access to one's game, so everyone out there, be careful alright, we dont want these problems to happen

4:53 Though he was singing life goes on and on and on and on

I find it funny that they took the time to obfuscate the strings, but didn't obfuscate the function calls and indexing they could have done: game[" [ HEX string here ] "] to index the items or HttpService[" [HEX string of function name here] "](HttpService, ...) because some functions are methods they want a "self". You can either call a method with a colon to give the self automatically or pass in the self youself

I used to exploit and basically, it sends it to a serverside like Sympex, Exoliner, etc. and it makes it so buyers of the script can see what game is infected so that they can run scripts inside. Remember those old roblox exploiting videos? Pretty much that but more complicated.

GnomeCode i thought you were gonna make that tower defense series

Dam, u explane stuff so good! Deserves a sub

Great video! Series Suggestion: How to make a fnaf game Which includes a ending

Biggest step of code, be abstract! this isn't a terrible coder.

This is why I check every script in my game that I have not created myself

this man is going throught all of the stages of investigation

I found some of those virus assets and this is so fun to see how are they trying to hide require.

When do you plan on posting A new Chapter of Teddy and posting a Video on it?

I figured it out abit early why they had this, it's mostly definitely a discord server with a tracker of games with available backdoors exclusive to the friends of the selected user. Abit strange not to point this out in the video.

Everyone talking about video, but i want to say its super cool video. Thank you for such a good content

Once, I used a model to handle DevProduct transactions. In it, I saw two things -A script for DevProducts that wasn't going to work -A script named "Give me admin" I find it funny how it was so blatant.

I didnt understand mostly any of this, but it was still fun to watch!

This person is so good at catching virus codes. 👌👌👌

Roblox doesn't sensor scripts there is a plugin to deobfuscate and obfuscate code they were using minimal effort the script was made by them sure but the plugin did a lot of the work. Obv not sharing the plugin.

It's a backdoor that gives the owner,his friends and alts admin in games that have the model

what it does is, send that message on discord, with all that information, so the owner of the script can know which place his scripts infected, they can use it as when they join they get trolling gui and all that stuff, my friend have one of those.

Yeah, i learned to always delete weird scripts in models the hard way. FSR whenever i had one of those scripts in a free model in my game, it said that i was trying to hack players in my game, (it was on private and i only had 1 friend join it) and disabled my account and i tried consulting with roblox and they couldn't do anything so about 40 dollars on robux wasted.

it gives the person SS access to your game ( basically do whatever they want / admin perms )

I would like to see more of these videos maybe make this a series since it's really interesting

This Was Really Fun To Watch! When Is Teddy Chapter 4 Coming Out Is It In Build Yet?...

9:05 this is actcually a discord embed script and it is posting all the game details to the webhook. this is how they get the info, i Believe

This code is actually a virus for a serverside called exilium. Basically if you insert a free model into a game and if it has this kind of virus it can allow people who have bought the serverside to execute any require script or any other script but others can see it.

What's the game in the background in the intro? Looks dope.

You should create a webhook to replace that with to test what happens

subscribed within 5 seconds, looks like quality content to me.

i think you have uncovered an SS here

it would be nice if roblox would mention that viruses possibly exist in the model section on the developer page

missed a chance to send comedy gold embeds to that webhook

amazing video, you are the best developer i saw ever

I’m I create server sides and backdoors you’d be surprised to how many there are I created Stamp SS and I’m partnered with other ServerSides such as floppaware, strategy SS, teefus, pact SS, Topk3k and cephalon

6:07 | I got a AD for Discord when he said that... :flushed:

me while watching the vid normally : sounds interesting my brain after 2 seconds later : **Plays horror music**