Subscribe to download
Backdoor Shield - For Servers

Protect your GMod servers against backdoors!

Block, find, investigate and remove them.

TOOL DEV STATUS: BUG FIXES ONLY

From 03/12/2022 onwards I'll only be providing fixes for this tool, so I can focus on other projects.

Thank you all for your support and dedication so far.

• DO-NOT-USE this addon on servers with paid mods!!!! Many of them have complex DRMs, which in most cases get detected and blocked. This can lead to serious authentication problems and even license loss! If you suspect that your addons are infected, run them along Backdoor Shield in a clean server/GMod instance!
  
  
• Avoid addons that set their own environment because they can break, like:
  
  • gmDoom - https://steamcommunity.com/sharedfiles/filedetails/?id=133300986

Also, consider Backdoor Shield as W.I.P! Know that I don't intend to add fancy features or even make this addon user friendly, this project is a hobbyist experiment.


There are 2 operation modes in this addon: real-time detection and file scanner.

All detections are based on prohibited function call combinations or on very suspicious terms encountered when scanning "texts". Unfortunately Lua knowledge is required to understand the logs.

Real-time detection really is what it says it is, something that executes by itself while other addons are running.



But the file scanner is manual, so you have to open the console and run commands. It's advisable that this is done on a dedicated server or in lan mode, as in singleplayer the game will practically freeze until the scan ends.

OK. So it's possible to search for threats in common GMod locations and files using this one:

bs_scan

And for a complete scan, able to read all GMod mounted folders and extensions, there's also:

bs_scan_full

Note that both commands accept paths as arguments, so it's possible to do a targeted scan. E.g:

bs_scan "/addons"

bs_scan "/addons/MyAddon1" "/addons/MyAddon2" "/lua"

(The numbers under the detected items are the lines where they are located in the file)

However, there are some inaccessible definition files to control both the real-time detection and the file scanner, completely locked for security reasons. To access them, you need to extract the addon or to use the GitHub version[github.com]:


To see detailed information about the addon, including a list of features, how to install, where are the configurations, how to use, how to read logs and even a simplified demonstration of a backdoor decoding, go to the GitHub page:

github.com/Xalalau/backdoor-shield

Despite all the detections I made and demonstrated in the screenshots above, I was running my tests on a list of almost 600 addons downloaded from random internet forums. This type of pirated or obscure content is highly targeted and it's usually very difficult to find them here. People who upload malicious addons to the workshop are heavily attacked by the community as soon as they're discovered, so few have the audacity[github.com].


I spent many hours of my free time learning more Lua, researching backdoors and writing code, now it's all realeased for free. I like the idea of "fighting" some malicious code thing that in theory use unusual tactics to trick the game and other developers. Even though backdoors do wrong things, they have a lot insteresting stuff that in and of themselves are not bad at all.

Anyway, this is probably already the "final form" of Backdoor Shield. You know... The target audience is very small and probably made up of pirates. Just buy the addons, folks... Also, I don't like to conflict with DRMs, they use so many tactics in common with backdoors and don't like to see me detouring functions.

Lastly, here are some snippets I deobfuscated[gmbrblog.blogspot.com], if you are interested. But it's all in Portuguese.

Enjoy! =D