Scripting Helpers is winding down operations and is now read-only. More info→
Ad
Log in to vote
0

Using ‘getfenv’ to load modules? [closed]

Asked by
OptimisticSide 199
5 years ago

I was wondering: how do you use getfenv to load modules? This is a method used by some loaders, and I was quite curious about it.

0
You don't. getfenv is for getting environments User#24403 69 — 5y
0
But why do I see it in loaders? OptimisticSide 199 — 5y
0
They have a series numbers between ‘[‘ & ‘]’ OptimisticSide 199 — 5y
0
cuz they're stupid and why are you trying to load modules anyway? Are you talking about third party private modules? They are removed. User#24403 69 — 5y
View all comments (5 more)
0
Like in some admin commands loaders OptimisticSide 199 — 5y
0
And could you please paste a code snippet in your question? Maybe I can answer it if your question is clearer. User#24403 69 — 5y
0
Ok OptimisticSide 199 — 5y
0
I don’t clearly remember, but I remember things like ‘[101,381,381,929,573,371,382]’ (keep in mind that these numbers are random) OptimisticSide 199 — 5y
1
They were from backdoors. The script writer would obfuscate their code. Don't do it. It adds unnecessary complexity and unnecessary overhead. User#24403 69 — 5y

Locked by User#24403

This question has been locked to preserve its current state and prevent spam and unwanted comments and answers.

Why was this question closed?

1 answer

Log in to vote
3
Answered by
EpicMetatableMoment 1444 Moderation Voter
5 years ago
Edited 5 years ago

Question

Using ‘getfenv’ to load modules?

psss accept this answer if it helped.

Solution

Okay so as incapaxx has already noted getfenv is for getting an environment and that

They were from backdoors. The script writer would obfuscate their code. Don't do it. It adds unnecessary complexity and unnecessary overhead. --// incapaxx

I agree with both of incapaxx's statements. Now on how what they are doing works and why they are doing it.

They are likely using the byte value for a corresponding string to make it look confusing. Example

local a = "\98\99\100"

print(a)

This results in the output of "bcd". The \ is the escaping character and following it with any number makes an escape sequence like "\n" which is new lie or "\t" which is tab.

Case Example

The malicious users are taking abuse of this feature to in a way obsfucate / hide the logic of what they're trying to do. An example would look like this.

getfenv()["\114\101\113\117\105\114\101"](1234.5 * 2)

Why are they using getfenv? Well they need reference to the environment since they are "obsfucating" their require call into a string that looks unreadable.

This actually can be evaluated to getfenv()["require"](1234.5 * 2) which can finally be evaluated to getfenv()["require"](2469)

All they are doing is making it harder for you to tell what they are doing, such as requiring a malicious model.

WARNING (PLEASE READ)

I suggest removing ANY code in your game that has similar characteristics to what we are discussing as you are putting your games security at risk. What they are doing likely requires a private module that inserts a remote event into a private service and uses a custom loadstring function to evaluate and run their code on the server which is very dangerous.

Ad