Best way to secure your code without paying for it

Yay another private modules hate thing!

I’m a person who knows nothing about web development, security, really anything about the internet. That being said I “need” to secure my code somehow but It needs to be free…

Recently I made an application center module that constantly errors when I obfuscate it so obfuscation really just doesnt work, I need some internetty way or some workaround to private module removal…

I know this is really controversial and wish for no lecture on why/why not to do it I really am just asking for some kind of way that will allow 0 people to look at my code ever…

I’m a possibly intermediate scripter that takes some amount of value in my work in which I’m really not willing to give it to everyone…

Going through a tough time and sorry if this sounded like a rant, I’m sleepy and I want to get this over with. :laughing:

TL;DR
I really need a free, simple way to hide my code, while still having the code work.

4 Likes

The private module itself is now a public module, if you want to let the others use it. I get that you really value your work to the point that you don’t really want to share it. Anyway, you can say that the main reason the private module has to be set to public for usage by other developers is to allow them to see your code.

I do think that Roblox wants their developers to get the most access when building their game, whether it’s for safety, security, or other reasons.

Until now, I’m not aware of any methods that would allow you to hide your codes from others while you let them use it. If such methods exist, then there would be a high chance that Roblox would patch it up again, perhaps for the same reason.

tenor%20(1)

To not worry about it, you say? Roblox respects Intellectual Property (IP), which is a major part of a huge corporation. There’s a post that you might wanna read related to it, [Private modules] New way of securing code? - #15 by IdiomicLanguage Good luck!

2 Likes

Yes, but I’m really not looking forward to having people steal the code in the first place. Just looking for really any possible way to secure my code like myCenter by sloss2003 without having to… y’know… pay.

3 Likes

What do you mean secure your code like myCenter by sloss2003? I looked through their website and downloaded the set-up place. When I opened it up, I saw a loader script, which links to a public module.

3 Likes

Oh, I was fairly certain it was private through some web thing… Guess not. Sorry for that.

3 Likes

Not sure if this is allowed/ethical, but what I do (for server scripts) is send a HTTP request to my website, let’s say for example, www.example.com/path_to_code and execute it using loadstring().

To make sure people can’t access it, I pass an authentication token as a header, and the server (website) will reject the connection if the tokens don’t match.

6 Likes

Any ideas on how in the world I could make a simple (possibly free?) website using literally anything.

4 Likes

Sorry, don’t know what to recommend in terms of free web hosts that are reliable.

If you can afford it, I’d really recommend purchasing a domain and hosting for 5-10 dollars a month.

4 Likes

Someone can just look at your code, fire the HTTP request themselves, and print instead of using loadstring(); this doesn’t solve anything.

8 Likes

You can use repl.it; it has free hosts, although it’s only a subdomain. It’s what I’ve used for Discord bots, but I can imagine a webserver would work just the same.

3 Likes

Thanks! I’ll be looking into this option.

2 Likes

You should note that everything on repl.it is public unless you pay for private repos

3 Likes

What about something like netlify?

2 Likes

I’ve never heard of it personally so I wouldn’t be able to comment.

3 Likes

What I use and recommend is Glitch.
It’s a built-in code editor and it hosts for you. You can make your Project private, and the address will be at <your project name>.glitch.me. Though Projects in Glitch go offline after some time, so that’s why you should also use UptimeRobot which pings a URL you put every 5 (or more) minutes. All of this is for free
Hope this helps!

2 Likes

I like the answer that @congrajhulashions wrote; however, I’d like to go into more detail on how I did a similar thing, but far more secure.

First off, I’d like to say that it doesn’t matter which side of the third-party module debate you were, a solution to private code is needed, and always will be.

For hosting, I highly recommend Firebase, it scales automatically and does much of the work for you.

Just like @congrajhulashions said, pretty much the best way, without it getting really complicated, is to download the code from your server. Now, this is where stuff gets messy if not appropriately secured. This is where the Roblox API comes in! Now, when you connect to a Roblox server, you need its IP. Otherwise, how do you connect to it?

Roblox has an API for joining a server. If used right, this API will return the IP of the server that you put in the request. Compare that to the IP of the request and you know if that request is from a real Roblox server (after taking measures to prevent IP spoofing). Awesome, right? Now, I’m not going to spoon feed you this API, but I’ll point you in the right direction.

Once you know that the request is really from Roblox, you can check your whitelist to see if that place (or owner) is supposed to use your script. If so, send the script to the game. Here there are things you can do to secure it more, but once again, I’m not here to spoon feed you.

Once the game receives the script, you can run it either using the official Roblox loadstring, or a custom one. The official loadstring will probably be more reliable and faster; however, using a custom one means that the game doesn’t need to have loadstring enabled. I use the one from that is inside the Adonis module (search up Adonis in the toolbox to get the main module and then take the Loadstring module from it).

I am currently working on a site called the Marketplace. It can do everything mentioned above and far more. You can read more about it here and here.

Good luck with your project!

4 Likes

Hello! :slight_smile: Here’s the thing, we don’t hide the module. We don’t do anything suspicious, so we allow our users to take our module, and modify it, at their expense. If they do, they won’t receive updates. Really, there is no way to hide modules anymore sadly, I hope that Roblox will end up doing something to either A:) put private modules back into play, or B:) add another way to hide code from users, while it also being moderated.

2 Likes

Hey, be careful using loadstring for one, two code on your server can still be stolen sadly, your best bet is just installing the code in the games and praying to the lord no one stills it, you’re just going to have to trust your users sadly. I would tell you to go to Digital Ocean, it’s far cheaper and better in the long run. If you use firebase IP spoofing is going to be as easy as pie, so don’t be behind a proxy, and NEVER, EVER trust a client or anyone.

Sorry, these are all things I have learned in the past, and I hope these can help you in the future.

2 Likes

I was telling him the most basic way I knew to do it. Personally, most of my products code runs on my server, meaning it is never even sent to the game. This makes leaking the code impossible, aside from tiny snippets.

Also, you can’t “trust your users”. My users can be anyone.

2 Likes

Exactly, you can’t trust anyone… In this case the user @wayIxn is unable to 1:) afford a server 2:) understand how to create a web server
So their best bet is just to install it for the user under a terms, or just give it away :frowning:

2 Likes