Can exploiters access local scripts in Server Storage?

As the title suggests, are exploiters able to access local scripts in server storage? I know exploiters can access local scripts, but I’m not sure how exactly they do it. Are they given access to every local script the game contains? For example: I have an item in server storage, and that item contains a local script. Can the exploiter read the script?

3 Likes

exploiters cant see anything thats located in serverstorage so no they cant

3 Likes

Ok but if the item is cloned into another player (not the exploiter) through a server script, can the exploiter read the local script inside the item that is within the player? (E.g. any values being transferred through the scripts, I have a server and local script in the item connected through a remote and I want to know if the exploiter can read the values transferred through that remote)

Also if an exploiter clones an item that contains a server script will that server script run

1 Like

i think they can

i’ve never tried this myself, but if you clone a local script it should work properly on the client

Server scripts run on the server so there’s no point for Roblox to spend extra bandwidth to replicate server-side code that doesn’t get run on the client anyway (more importantly it would expose all of the security vulnerabilities in your codebase).

LocalScripts run locally on the client (i.e. your computer). That’s why they’re called “local” scripts. Your computer needs a copy of every LocalScript in order to run client-side code. Since your computer has a copy of every LocalScript, it can be stolen.

That’s unavoidable, however, only the decompiled bytecode of LocalScripts gets replicated, so a hacker who steals your LocalScripts would be able to see what your script does but not be able to see the original names of your functions and variables. The original names are replaced with placeholder names by the decompiler.

Exploiters can see everything that passes through OnClientEvent and FireClient since they have full access to their own computer and can observe everything going in and out. No matter where a server script is located, its bytecode is never replicated to the client and can therefore not be stolen by a hacker.

1 Like

Just to clarify.

The contents of ServerStorage and ServerScriptService do not exist on the client. Any localscripts you put there will not be run, nor will any players have access to them.

Regarding your second question:

Exploiters cannot access data you send via remotes to other players. They can only read remote data that you send to their client.

Regarding your third question:

No. Exploiters cannot run server scripts, or can they clone them or make them run again.

By the way, all of this is assuming your game doesn’t have a backdoor. If an exploiter has full access to your game, they can do any of the things listed above. (Regarding the one about remotes, it’s not really practical for them to do it in any way, but yeah, they still can if they want to.)

for future reference you can test questions themed about clients accessing spots by actually play testing your game in Roblox Studio, you’ll notice that stuff disappear because logically the CLIENT CANT access items in certain containers.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.