They can only read the LOCAL and MODULE scripts.
1 Like
I vouch this. If u had, then it was probably a client of module script.
They can listen to events when they get fired. They can learn from that stuff. But not read the script.
1 Like
You’ve been saying the same thing for the past 10 replies while dodging my replies despite only started scripting 2 weeks ago while I have been doing it for YEARS now.
this is what i am trying to explain thanks for elaborating on it 
.
Well i’ve been scripting for a long time. So I know what I say. Also, I use friends who have exploits to help me improving the security of my events.
1 Like
That is because scripts that listen to remote events are usually placed in serverscriptservice which exploiters CANNOT read which that is true. But please that is NOT what im trying to explain, Im trying to explain that a script like this can be read by other exploiters if placed in workspace.
i have not been dodging your replies. i have been showing you why you cannot read server sided scripts from the client. If you watch a video of someone hacking in roblox you are actually able to see what they can see. also it can easily never matter on how long you have been scripting it just matters based on how much knowledge you know and i have been scripting for longer than 2 weeks that was just my first time posting on the dev forum as i have been scripting for a few months.
Nope, it can’t. I really am trying to prove my point. I tried searching a game taht has been copied by using a exploit. I’ll try to get my friend on it soon, to prove my point.
2 Likes
I’m pretty sure you’re going to tell him that im talking about a different subject which is just cheating tbh
watch this video and listen to an actual exploiter explain what remote spy is so you understand. edit: removed so i dont get banned.
also this dude makes it make more sense
if there is a module or local script within replcated storage or replicated first it would not show(dunno bout’ any of the other services)
They cannot, attempting to use .Source will just print empty and if you try to use saveinstance, opening any server scripts will throw a comment saying
Unable to decompile.
I’m sorry, but you have absolutely no idea what you’re talking about.
I’ve seen people exploit, decompile games, and more, and not once has a server script code been visible to the Client, because it is ran in the Server.
The script is visible to the Client, but the bytecode is never sent to it therefore being unable to be read. Please stop spreading misinformation.
1 Like
And it seems we have diverted from the original question of this topic, so I’ll summarize what has been said so far, along with adding a few extra points.
Exploiters are able to view LocalScripts, edit variables and functions, completely remove them from their client and also create their own LocalScripts.
It is much harder to edit LocalScripts, but the exploiter can always just delete it and replace it with their own custom one.
As for Server Scripts, the Client will never be able to view the code, edit it or delete the script, regardless of where the script is placed.
This is why it is crucial to implement sanity checks in the Server, as the Client will never be able to interfere with these checks, while they can easily bypass any checks put in place inside of LocalScripts.
Yes I know, that’s what I said at the top. They use getgc() for this.
1 Like
Scripts in the Workspace cannot be edited by the Client. As I’ve said and will repeat once more, no server scripts can be edited by the client.
Although can scripts in workspace be read tho? I am completely aware that exploiters cannot modify server scripts.
No, they cannot be read. The bytecode isn’t sent to the Client, therefore making it unreadable.
1 Like
Ah, it seems to me that i was lied to. Thank you for clearing that up