the only thing bad about set keys is remote spies 
well there is no remote that would allow the player to print the code i think
or gain access to it somehow
No what i mean is theres this tool exploiters use where they can see what parameters they are passing and what remote events exist. They can see everything on the client and as you know remote events need reference from client and server
Oh, you are right. I had no idea it’s deprecated until today, but in this case, nobody is really right in this situation because both os.time() and tick() are timezone dependent.
And by the way, RunService.Heartbeat is being deprecated too.
oh so they can see whats in server storage
Here is some evidence to support what I mean
No no they cant see stuff on server storage only stuff like replicated storage or workspace and anything else replicated to the client
I was just giving an example, There are better ways and I do have a good method for keys
Instead of the table yes, i actually used that since I used to suck at tables
Also accessable amongst other server scripts
so they cant get the key… im confused
They can get the key but its fine if you are giving them a new key after
oh yea i can just generate a new key each time i call a remote
that would be fine right
Sometimes you can add a fake remote event labeled “AddMoney” or “GiveGold” and just lead it straight to a ban.
1 Like
Just make sure to use an actual cipher algorithm like RSA instead of math.random() to avoid any repetition!
haha i like this one. definetly will try it out
1 Like
You mean they can detect remote events being fired all the time?
such as
for i, v in pairs(game.ReplicatedStorage:GetDescendants()) do
if v:IsA("RemoteEvent") then
v.OnClientEvent
-- etc etcyea but how do i do the cipher? is there like a ready to use function in roblox already to do that or do i have to do it myself
You give it data (the thing you are sending) and a key (the non repeating random stuff, a example could be the digits in the logarithm of 2) and then you encrypt it with that key and send the key to the client, client decrypts and then after u send it to the client u change the encryption key
Yes - any time that data is sent anywhere on the client, the exploiter can intercept it.
So your process would be:
- Generate the code on the server - send to client
- Client gets code, then does things then sends the code back to the remote
- The server checks the code from the client and compares it to the previously generated code
- If it matches, then do stuff.
However, the exploiter can actually stop the process and interject:
- Generate the code on the server - send to client
- Exploiter stops the script that sends the code back through the remote and instead does their own thing to the remote
- Exploiter sends the malicious data along with the generated code back to remote
- Server checks code, it matches, server proceeds with malicious data.
1 Like
Wait I have a question.
Would setting the remote event’s parent to nil make it impossible for the exploiter to access, since the script already has it defined
local event = game.ReplicatedStorage.Event
event.Parent = nil
event.OnClientEvent
and since it stays on the replicated storage for the server you could just fire,
or would the client not recieve any calls?