Are there any suggestions for features that prevent reverse engineering of code? (Suggestions for my anti-reverse engineering Plugin)

Hello and thank you in advance for reading!

Currently I am working on a little side project, which is a plugin. This plugin it’s purpose is the following: “Make it a living nightmare to read, let alone understand the code”

Why do I want it to be a living nightmare? well, this is going to be a free plugin for Roblox studio made to help other Dev’s prevent/reduce the possibility of reverse engineering of your plugin (or even local script) code!

This is what I currently have (Nothing yet is implemented, it is just a draft):
(am I using the correct word for this? is it Encode or Encrypt , let me know )

1. Encrypt the object/part names (with the provided Encryptio key)
2. Encrypt all variable and function names inside of the scripts (
3. Create false function paths which basically are dead ends and are useless.
4. Remove any Blanklines to make the code even harder to read.

Personally I think that I am on the right track, but I don’t think that this is enough. I feel like more can be done to make understanding the code even harder.

This is what my question is about, Do you have any suggestions to make code harder to read?
There are 3 things that you must keep in mind:

1. The code must still be functional after applying your suggestion
2. It must be reverseable (In order for the decryption feature to work)
3. It must be achieveable through code

Thank you guys so much for your help and feedback! Please go nuts with your suggestions!

P.S. this plugin will not solve the copying of any plugins, it will just make it very hard to understand the code if someone was to reverse engineer it.

You could make it so the whole script compresses into one line

That is a good one! Though from what I understood you can’t really put multiple lines of code on one line, or is there something like in C# where you just put a Semi-Colo ( ; ) at the end of a line

I don’t think you’d really need to decrypt/decode anything at all. If you’re obfuscating your code, it’s probably already ready for release. You should have a copy of the original source on hand anyway.

Randomize the variable names and minify everything.

You can add a semi-colon at the end of a line.

Lua doesn’t need a line delimiter. “local x = 5 print(x)” is valid syntax, even on the same line.

Well yes, but personally I think that if someone has to change a bit of code, then them being able to decrypt the code and adjust it would be a good thing! Because well only they would know thier password (unless someone brute forced it)

If your code can be decrypted by you, then it can be decrypted by any user who wants it enough.

What if someone reverse engineers the anti-reverse engineerer and uses the source to reverse engineer the plugins that were specifically encrypted to not get reverse engineered? (Lol.)

No seriously though there’s a site that minifies Lua instantly and you’re better off using a minifier than a plugin like this, no offense. And keeping a duplicate of the un-minified source code removes the use of the whole decrypt situation you have going on here.

I just replied to compUcomp who asked the same thing, so if you are interested, that would be my reply, but I do have something to add.
Honnestly I don’t really want the process to be unreverseable, because then the plugin would not be user friendly, but you two do have a point!

I could make a “Permantent Encryption” option which would encrypt it with a really long randomized password. which would be unreverseable because the password would not be stored. What do you think of that?

In lua, semicolons have no use except to fix ambiguous syntax. Example:

local x = func
(a or b).method()

See how this can have two meanings? You’re assigning the return value of func(a or b).method() to x, or assigning func to x and running (a or b).method(). Using a semicolon:

local x = func
;(a or b).method()

Now it’s obvious to the interpreter which one you want.

If you’re throwing the key to the encryption away, you might as well not use an encryption algorithm at all. Just randomize all the identifiers.

Just randomize all the identifiers.

Which is pretty much the plan if I were to implement a “Permanent Encryption”. I could still use the password, but what you are suggesting would be much easier.

You have not yet put a pattent on it I hope

Okey, well thank you for your reply! I think minifying is a good option to make the code unreadable!

Minifying probably can be undone with just a simple website tool, but regardless a nice addition!

Removing blank lines seem useless. Exploits don’t get a scripts source code: they get its bytecode and they try to decompile it

Well what I mean by blank lines is this:
|
V

^
|
It is mostly a formatting thing. This feature practically is useless if I am going to implement the minifying thing. Please correct me if I misunderstood you in any way!

What Jxl_s means is whitespace isn’t visible in the bytecode anyway.

Even if you minify, the bytecode will basically stay the same. It’s the same with variable names: changing their names will not prevent much.

The plugin is mostly there to prevent people from understanding the code, so if you were to read it you won’t get understand a thing.

Normal people probably won’t look at bytecode (correct me if I am wrong here)

I don’t know if I am propperly understanding you, so just tell me if I said something stupid!

The point is exploiters don’t get the source code at all. Spamming newlines, randomizing variable names, etc. does nothing since whitespace information and variable names isn’t present in the bytecode.