'Best' way to obfuscate scripts?

I’ve been playing around with script obfuscation, and I’m honestly struggling a little bit. I’d ideally like to find one that doesn’t make use of loadstring as I know that can make the game less secure. The only (working) one that I’ve tested has been XFuscator, but even after enabling loadstring I get the error ’ attempt to call a nil value’ no matter which script I try.

Does anyone here know of any good ones that work with ROBLOX scripts, or any other ideas to hide scripts? I know that ROBLOX doesn’t really have the support for people to offer services with closed source, but I’m trying anyway, and I know that services such as CheckMeIn have some form of obfuscation that seems to work well.

Anyway, thanks for reading and extra thanks if you reply <3

3 Likes

There’s a plugin by Stravant that I use that can obfuscate and beautify scripts for you.

Simply select the script in explorer, minify it, and it’ll create an obfuscated/minified version of the script as a direct child to the script you wanted to minify.
(Beautifying works the same way)

13 Likes

Why do you need to obfuscate your scripts in the first place?

1 Like

I’m thinking of starting a small service a bit like CheckMeIn, but a different idea. I thought it would be a good learning experience if anything as I’ve been putting a lot of time into learning about web development and I’d like to see if I can find a way to integrate it into ROBLOX

1 Like

Instead of making your own, I highly recommend using a pre-established one. For example, Lauraph (I think thats how you spell it) is a very good obfuscator. Another good one is Synapse Xen. It comes free with Synapse (which is $20). I know Synapse is an exploit, but the $20 is worth it for such a good obfuscator.

4 Likes

Still not sure why you would need to obfuscate them. Is it to prevent others from stealing code?

1 Like

Yeah, that’s pretty much it. I could try making it open source I suppose though

Out of curiosity. Why do you want to obfuscate your localscripts?

1 Like

Would you be able to send me a link for Lauraph?

1 Like

I myself run a service. If I were you, I wouldn’t open source it if you plan on selling. You will loose all your sales, etc, and people will steal your scripts and take credit. Personally, I would obfuscate and download the code from an external server (which is what I do)

2 Likes

Don’t have a link, sorry. I use Synapse Xen, but Lauraph is $1 per obfuscation, so if you plan on doing lots of updates, Synapse Xen is far more cost effective in the long run.

1 Like

Oh, so I’d host the obfuscated code on a server and then download/run it with loadstring?

edit: and yeah, I’ll consider the Synapse one

So when someone tries to exploit your game by looking through localscripts, they can’t figure out how things work.

6 Likes

Pretty much. But don’t use normal loadstring, use a custom implementation. DM me on Discord (grilme99#9830) and I can get you a link to the custom loadstring. I would use the custom loadstring over the built in one because then people don’t need to enable it in their games.

Edit: for those interested, take the loadstring module from this https://www.roblox.com/library/359948692/Adonis-MainModule

5 Likes

Okay, thanks for help, I’ll send you a discord request :grinning:

1 Like

I know what ‘obfuscation’ is. I just would rather implement a ‘Never trust the client’ system. And do as many things on the server as possible. And I wanted to know why he wanted to obfuscate anyway.

2 Likes

Do you mind if you could get me something like that too? (If I dm you on discord)

2 Likes

It’s for a potential paid service, so people can download a script/model that runs something in their game for a fee, and it’s to protect the code so people can’t just re-use it themselves as I’d virtually make nothing

1 Like

Updated my solution

2 Likes

LocalScript obfuscation is pointless. Exploiters have access to any code that is kept on the client or is replicated to them and they can deobfuscate it as well. There’s only two benefits to obfuscation for code that the client can also see; those are fending off exploiters who won’t deobfuscate (typically an undedicated exploiter who only takes but doesn’t do anything further) and a headache.

There was a long debate on a related topic regarding selling ModuleScripts and even more threads around regarding code obfuscation as a result of the removal of support for third party closed source modules. Have you read any of those threads or considered any of the advice raised there?

In either case, as the solution suggests, one of the “best” ways to “obfuscate” your code is by “not including it on Roblox at all”. You can load it out from an external web server or from a GitHub repository (which may expose you to a few issues that come with either public or private repositories).

5 Likes