1
00:00:01,500 --> 00:00:02,010
Okay.

2
00:00:02,010 --> 00:00:05,790
In this lecture, I would like to show you how you can avoid malicious scripts in your game that come

3
00:00:05,790 --> 00:00:07,200
from free models.

4
00:00:07,230 --> 00:00:12,240
Now, free models can include scripts that can introduce backdoors into your game, and a backdoor is

5
00:00:12,240 --> 00:00:16,830
simply a vulnerability that allows a third party to execute commands and have total control of your

6
00:00:16,830 --> 00:00:18,840
game, which is something you don't want.

7
00:00:19,110 --> 00:00:23,840
The most common way people introduce backdoors into your game are by using scripts that have the require

8
00:00:23,850 --> 00:00:27,900
function and they require an asset that is outside of your game.

9
00:00:28,140 --> 00:00:32,160
These assets could have scripts in them that could be executed or do malicious things that you don't

10
00:00:32,160 --> 00:00:32,640
want.

11
00:00:32,730 --> 00:00:35,550
So let's go ahead and look for some malicious scripts.

12
00:00:35,550 --> 00:00:40,050
We can open up the toolbox from the home tab, or you can also do it from the view tab.

13
00:00:40,800 --> 00:00:46,920
And we're just going to try and find a model that is poorly rated and it includes scripts.

14
00:00:47,160 --> 00:00:53,520
Usually if you see a poorly rated model that includes scripts, it could be that the model is broken

15
00:00:53,520 --> 00:00:57,930
and produces some error, or maybe it's just poorly made or it could be malicious.

16
00:00:57,930 --> 00:01:00,540
So we're just going to see if we can find one.

17
00:01:00,540 --> 00:01:07,800
So I'll just look up something generic, like maybe there's some malicious scripts hidden in benches.

18
00:01:08,190 --> 00:01:13,350
Now, usually if you see benches that are highly rated like this and they have scripts, you probably

19
00:01:13,350 --> 00:01:14,910
don't have to worry about them.

20
00:01:15,900 --> 00:01:21,420
So I'm going to find a bench that has scripts and is poorly rated, or I'm going to try and find a bench

21
00:01:21,420 --> 00:01:23,880
that has scripts and it isn't rated at all.

22
00:01:32,990 --> 00:01:33,230
All right.

23
00:01:33,230 --> 00:01:37,190
It looks like I'm not having much luck finding malicious scripts here, so let's try to look for something

24
00:01:37,190 --> 00:01:37,790
else.

25
00:01:38,150 --> 00:01:42,830
Maybe we can find, like, a crate that has a script in it for some reason.

26
00:01:43,770 --> 00:01:45,260
Just kind of look around here.

27
00:01:49,880 --> 00:01:50,380
Anything.

28
00:01:50,480 --> 00:01:51,230
You.

29
00:01:52,280 --> 00:01:53,540
A weapon giver crate.

30
00:01:54,380 --> 00:01:58,190
It might be having scripts just because it's given us weapons.

31
00:01:58,220 --> 00:01:59,570
Nine scripts.

32
00:02:00,470 --> 00:02:02,300
Nine scripts in this crate.

33
00:02:03,940 --> 00:02:06,790
It could be because yeah we're including some tools in here to.

34
00:02:08,650 --> 00:02:09,790
We have a script in here.

35
00:02:11,010 --> 00:02:14,880
Looks like it's just cloning a tool and giving it to a player.

36
00:02:14,910 --> 00:02:16,650
Let's check out these tools here.

37
00:02:17,740 --> 00:02:19,630
That is very ugly.

38
00:02:19,660 --> 00:02:20,980
What the heck?

39
00:02:22,400 --> 00:02:24,720
Looks like this is just making some welds.

40
00:02:24,740 --> 00:02:29,840
Now we can find the keywords in our scripts by using a neat little tool that can search for keywords

41
00:02:29,840 --> 00:02:33,860
in all the scripts in your game, and you can open it up using control shift and f.

42
00:02:34,770 --> 00:02:38,100
And now I can search for some keywords like require.

43
00:02:38,820 --> 00:02:40,630
Good thing no results found.

44
00:02:40,650 --> 00:02:44,850
Maybe I'll look for git for nothing.

45
00:02:45,210 --> 00:02:48,990
Maybe I'll look for some asset IDs using rbc's asset.

46
00:02:50,080 --> 00:02:55,540
And it does look like we have some assets, but it looks like it's just for changing the mouse cursor.

47
00:02:56,540 --> 00:02:58,160
So nothing out of the ordinary here.

48
00:02:58,160 --> 00:03:01,160
We have a lot of math operations going on for the gun.

49
00:03:03,750 --> 00:03:05,820
But from what I can see so far.

50
00:03:07,080 --> 00:03:11,430
Nothing I would say, jumps out at me as malicious.

51
00:03:11,940 --> 00:03:15,240
So actually it's just test this thing out, see what this thing does.

52
00:03:22,850 --> 00:03:23,090
Check.

53
00:03:23,090 --> 00:03:24,390
The script isn't even working.

54
00:03:24,410 --> 00:03:27,230
So, yeah, a little strange.

55
00:03:27,350 --> 00:03:27,920
Whatever.

56
00:03:27,920 --> 00:03:29,300
We don't need this create anyways.

57
00:03:29,300 --> 00:03:30,020
Goodbye.

58
00:03:30,500 --> 00:03:30,890
All right.

59
00:03:30,890 --> 00:03:36,140
So I had a poor time trying to find any malicious scripts in those crates, but I am looking for a zombie

60
00:03:36,140 --> 00:03:37,040
NPC.

61
00:03:37,280 --> 00:03:39,050
And, oh, here we go.

62
00:03:39,980 --> 00:03:42,650
25% rating and it has scripts.

63
00:03:42,650 --> 00:03:43,340
Perfect.

64
00:03:43,340 --> 00:03:44,360
14.

65
00:03:44,360 --> 00:03:45,560
Oh, goodness.

66
00:03:46,350 --> 00:03:49,890
OC This is the type of thing we want to look for malicious scripts in.

67
00:03:50,400 --> 00:03:52,590
So let's open up this model and see.

68
00:03:54,970 --> 00:03:56,310
Oh my goodness.

69
00:03:56,320 --> 00:03:58,780
What the heck is this formatting?

70
00:04:01,310 --> 00:04:04,430
Why are we looking for a player that doesn't exist?

71
00:04:04,670 --> 00:04:05,900
No idea.

72
00:04:06,930 --> 00:04:07,970
Whereas this do.

73
00:04:08,070 --> 00:04:09,210
Same thing.

74
00:04:09,210 --> 00:04:12,300
So somebody just copied and pasted a bunch of these scripts.

75
00:04:13,410 --> 00:04:14,580
So let's look for that.

76
00:04:14,910 --> 00:04:16,860
See if there's any requires in here.

77
00:04:16,860 --> 00:04:17,580
None.

78
00:04:17,940 --> 00:04:18,450
Get fed.

79
00:04:19,710 --> 00:04:20,740
Nothing.

80
00:04:20,760 --> 00:04:23,040
How about a string dot reverse function?

81
00:04:23,670 --> 00:04:27,090
And sometimes people use string dot reverse to try and call a function.

82
00:04:27,210 --> 00:04:32,450
But having the name for the function being reversed and they use string dot reverse to reverse it back.

83
00:04:32,460 --> 00:04:36,990
So you can't really search for a specific function, but it looks like this model isn't using these

84
00:04:36,990 --> 00:04:38,340
string dot reverse function.

85
00:04:38,340 --> 00:04:40,140
So we're clear in that regard.

86
00:04:41,020 --> 00:04:43,810
And I'm also going to look to see if any of these scripts are obfuscated.

87
00:04:43,900 --> 00:04:47,980
And that basically means they made the script in a way that is unreadable to our eyes.

88
00:04:47,980 --> 00:04:48,940
Like it's not English.

89
00:04:48,940 --> 00:04:52,180
It's all a bunch of weird jibber jabber, but the computer can still read it.

90
00:04:52,180 --> 00:04:57,850
And if you see any scripts that are obfuscated, be very wary because if they want to obfuscate it,

91
00:04:57,850 --> 00:04:59,760
there's obviously something they want to hide.

92
00:04:59,770 --> 00:05:03,610
So I would avoid any models that have obfuscated code in them.

93
00:05:05,710 --> 00:05:09,840
Looks like our zombie here doesn't have anything suspicious other than, like, some weird stuff going

94
00:05:09,840 --> 00:05:10,620
on in our game.

95
00:05:10,620 --> 00:05:13,320
It could be that it's just broken.

96
00:05:18,500 --> 00:05:19,520
And it kills me.

97
00:05:20,540 --> 00:05:23,030
But it's not even chasing me.

98
00:05:25,700 --> 00:05:29,120
So I would just say that this thing is poorly rated because it's broken.

99
00:05:29,660 --> 00:05:30,560
Unfortunate.

100
00:05:31,370 --> 00:05:33,440
So goodbye, boss Zombie.

101
00:05:33,740 --> 00:05:35,360
I guess we'll just keep looking.

102
00:05:38,340 --> 00:05:42,690
So I actually had a very difficult time trying to find a free model with a malicious script in it.

103
00:05:42,690 --> 00:05:44,790
So I just decided to make my own.

104
00:05:45,240 --> 00:05:50,730
So let's say I got this bench right here, this nice little bench from the toolbox, and I put it into

105
00:05:50,730 --> 00:05:55,860
my game and I saw that it included one script and it didn't have any ratings.

106
00:05:56,070 --> 00:06:01,740
So I guess the first procedure would be, okay, let's see if I have any required functions being used.

107
00:06:02,010 --> 00:06:02,430
Good.

108
00:06:02,430 --> 00:06:03,470
No results.

109
00:06:03,480 --> 00:06:04,760
How about get fence?

110
00:06:06,060 --> 00:06:06,990
Nothing.

111
00:06:06,990 --> 00:06:08,850
Maybe a string dot reverse.

112
00:06:09,860 --> 00:06:10,510
Okay.

113
00:06:10,560 --> 00:06:12,180
Nothing suspicious so far.

114
00:06:12,180 --> 00:06:14,820
So let's go ahead and find the script in our bench.

115
00:06:15,780 --> 00:06:18,240
Must be a child of this union.

116
00:06:19,200 --> 00:06:24,960
So we have this well here, it's got a child, some guy, whatever.

117
00:06:25,080 --> 00:06:31,290
It's just called Q Perfection Weld, which is a pretty commonly used script for welding stuff, as you

118
00:06:31,290 --> 00:06:33,120
can see, created by Quint.

119
00:06:33,150 --> 00:06:37,620
So I'm not thinking much of it filled with a standard stuff.

120
00:06:39,050 --> 00:06:41,540
I don't see anything strange in here.

121
00:06:42,430 --> 00:06:43,360
Seems fine.

122
00:06:44,450 --> 00:06:46,490
However, if I go to play my game.

123
00:06:47,850 --> 00:06:49,110
Should see here.

124
00:06:50,200 --> 00:06:52,150
Oh, no, I am hacked.

125
00:06:52,150 --> 00:06:53,550
I cannot see anything.

126
00:06:53,560 --> 00:06:54,640
What is going on?

127
00:06:55,570 --> 00:07:02,380
Well, if I go to the server and I try to delete this guy out of my player and there player, guy,

128
00:07:02,410 --> 00:07:03,130
here it is.

129
00:07:03,250 --> 00:07:05,260
Let's delete this guy called Bench.

130
00:07:05,260 --> 00:07:06,140
That's in here.

131
00:07:06,170 --> 00:07:07,340
Must be coming from our bench.

132
00:07:07,410 --> 00:07:08,320
Just delete it.

133
00:07:08,920 --> 00:07:09,520
Uh oh.

134
00:07:10,810 --> 00:07:12,500
I'm deleting it, but it's not going away.

135
00:07:12,520 --> 00:07:14,500
It keeps duplicating itself.

136
00:07:15,460 --> 00:07:16,660
Something's going on.

137
00:07:16,840 --> 00:07:18,840
So let's go back to our script here.

138
00:07:18,880 --> 00:07:21,430
Let's look in here for any suspicious activity.

139
00:07:21,430 --> 00:07:25,180
Like what is what is this bench DUI being used for?

140
00:07:26,170 --> 00:07:28,540
So we see we have a reference to it right here.

141
00:07:28,960 --> 00:07:30,210
It's called SW one.

142
00:07:30,220 --> 00:07:36,730
So let's use control F to search in the script and see where this SX one variable is being used.

143
00:07:37,890 --> 00:07:39,930
And it looks like it's being used right here.

144
00:07:39,960 --> 00:07:40,440
Ooh.

145
00:07:40,470 --> 00:07:43,470
So we have a player added event being connected to.

146
00:07:44,840 --> 00:07:51,140
And it's getting the player and it's having a loop where it keeps adding this guy into the player's

147
00:07:51,140 --> 00:07:54,440
player guy over and over and over again.

148
00:07:54,860 --> 00:07:58,730
So we have found our malicious activity, our malicious script right here.

149
00:07:59,030 --> 00:08:00,500
So we can actually delete this.

150
00:08:00,530 --> 00:08:01,400
Get rid of that.

151
00:08:02,090 --> 00:08:02,780
Let's get rid of TSS.

152
00:08:02,780 --> 00:08:03,680
One, two.

153
00:08:04,550 --> 00:08:09,980
And in fact, maybe we don't even need this benched UI here anymore since it was just used for malicious

154
00:08:09,980 --> 00:08:10,730
purposes.

155
00:08:11,580 --> 00:08:13,650
So now if I go and play my game.

156
00:08:16,660 --> 00:08:17,170
Perfect.

157
00:08:17,170 --> 00:08:19,810
We don't have that guy stuck on our screen anymore.

158
00:08:21,910 --> 00:08:27,910
Now, sometimes scripts will include malicious activity within other scripts that are actually needed

159
00:08:27,910 --> 00:08:29,320
to make the model work.

160
00:08:29,320 --> 00:08:35,170
But in this case, if I don't believe that this script has any use or purpose to making this model work,

161
00:08:35,380 --> 00:08:39,580
then I can just delete it and test to see if it broke any functionality.

162
00:08:40,360 --> 00:08:41,820
And of course it didn't.

163
00:08:41,830 --> 00:08:44,470
My bench should still be able to work just fine.

164
00:08:45,370 --> 00:08:47,560
So yeah, here's my awesome bench.

165
00:08:48,040 --> 00:08:52,690
So the whole idea here is that if you find a model that you want to use and it includes scripts, ensure

166
00:08:52,690 --> 00:08:57,460
that you just quickly go over the scripts using the find all window and look for any places where the

167
00:08:57,460 --> 00:09:00,950
require function or the get found function is used.

168
00:09:00,970 --> 00:09:04,480
And you always want to pay attention to the rating of a free model as well.

169
00:09:04,810 --> 00:09:10,270
If you ever encounter a free model that causes issues in your game or is performing some malicious activity,

170
00:09:10,270 --> 00:09:11,710
then simply just delete it.

171
00:09:11,980 --> 00:09:16,720
If you find any models with scripts that are obfuscated, meaning that you can't read them, then that's

172
00:09:16,720 --> 00:09:19,540
a little suspicious because they're trying to hide something from you.

173
00:09:19,540 --> 00:09:21,520
So I wouldn't use those models either.

174
00:09:22,420 --> 00:09:25,550
At the end of the day, it really just comes down to common sense.

175
00:09:25,570 --> 00:09:27,870
Don't use models that are poorly rated.

176
00:09:27,880 --> 00:09:32,260
Always try to look out for strange behaviors and strike down any malicious code in them.

177
00:09:33,180 --> 00:09:38,850
So that was just kind of the basic overview of how you can avoid or find malicious scripts in your games.