System Watchdog
Threads Scanned
-- / --
SYS. LOAD
--%
AI SHIELD
ACTIVE
DMCA Policy
📋 DMCA Compliance
This platform and community fully complies with the Digital Millennium Copyright Act (DMCA) and international copyright laws. We take all copyright protection seriously.
🛡️ Copyright Protection
If you believe a posted item belongs to you or violates your copyright, you may file a DMCA takedown request through our official channels. Upon receiving a valid claim, the infringing content will be removed within 24 hours.
davidmhart11
Silver Elite
HOW DO U CONVERT TO SINGLE PLAYER HAS EXTRA FILES DONT KNOW WHERRE THEY GO
timsalabim88
Member
Nice Backdoor bro, you did a good job on that 
I can't really blame the poster for the back door, it's also present on the KPPV GitHub leak posted three days before this. It looks like everything on this GitHub is backdoor'd a similar way
The file in question is "sync/genpi1"
Just delete the whole "sync" folder (it only contains that one file) and remove the reference line from server_properties in fxmanifest
If you want to know exactly what it does, I can attempt to deobfuscate it or simulate its behavior safely in isolation.
Alternatively, if you just want to be safe:
The file in question is "sync/genpi1"
Just delete the whole "sync" folder (it only contains that one file) and remove the reference line from server_properties in fxmanifest
Summary of the File (genpi1.lua)
- This script is heavily obfuscated using Luraph Obfuscator v13.6.4.
- It makes use of runtime-deobfuscation techniques, and intentionally hides its behavior.
- It contains extremely long hexadecimal strings that appear to be encoded payloads or instructions, possibly encrypted or binary data.
- There is evidence that the script unpacks, decodes, or executes functions at runtime using load, pcall, or similar function-wrapping logic.
Red Flags
- Obfuscation with Luraph:
- Luraph is a tool often used to hide malicious Lua code in FiveM and Roblox scripts.
- Legitimate developers rarely need to obfuscate their Lua to this extent unless they are hiding licensing or DRM—which still raises red flags.
- No Clear Functionality Visible:
- The core logic is hidden behind a wall of junk logic and base conversions.
- It uses runtime logic to piece together what it actually does, meaning static review can’t easily reveal its actions.
- Suspicious Hex Payload:
- The file includes massive hex-encoded strings that are likely to be compressed or encrypted payloads.
- These often decode into remote calls, keyloggers, or backdoors.
- No Readable Code or Comments:
- Apart from the Luraph banner, there's no legitimate identifier, author info, or logic comments.
- This is common for malware.
Does It Connect to External Sites?
- I didn’t find explicit PerformHttpRequest, SendNUIMessage, exports, or Citizen.CreateThread(function() lines in the snippet I reviewed.
- BUT: The obfuscation hides all real code behind dynamic function loaders. There is almost certainly a load() or similar dynamic evaluator deeper inside, which can run any hidden payload—including calling external URLs.
Verdict: NOT SAFE
- Do NOT run this on a live server.
- It’s a black box that could:
- Steal server keys or player data
- Run remote payloads
- Create backdoors
- Interfere with your server’s integrity
Recommendation
If you want to know exactly what it does, I can attempt to deobfuscate it or simulate its behavior safely in isolation.Alternatively, if you just want to be safe:
- Delete this file.
- Only use scripts from trusted sources (e.g., known developers and verified FiveM forums).
nice
