Can exploiters require a module on your game and fire functions in them?

zamd157 · September 15, 2020, 3:20pm

i hope this is in the right category
So I know exploiters can view modulescripts in their machine, but can they require it and fire functions in them? A basic example:

local module = {}

function module.printString(stringObj)

    print(stringObj.." - string passed by argument")

end

return module

So could exploiters do this?

-- In their script executor
local module = require(workspace.Module)
module.printString("Zero Two")

And one more question, is it worth to add security to it? Like, checking if the string passed by the argument is a string you will surely pass, and if not ban the person:

-- Let's assume we will only use this function to print "Zero Two" and "Lua"
function module.printString(stringObj)
	
	if stringObj == "Zero Two" or stringObj == "Lua" then
		
		print(stringObj.." - string passed by argument")
		
	else
		
		-- Firing a remote to set async to a datastore with people banned, because surely it was fired with arguments no script gives it
		
	end
	
end

So when the exploiters fire it

module.printString("GiveCash")

They get insta-banned, hahahaha
Anyways, any helpful replies are welcome!

sjr04 · September 15, 2020, 3:22pm

Yes they can, they can decompile your modules as well to view the source. No point in adding checks. Just return if the arguments are invalid!

(they can also hook your function to see what arguments are passed so they wouldn’t need a decompiler)

CreativeHell_Dev · September 15, 2020, 3:26pm

if the modulescript is on server such as in serverstorage or serverscripts. No, they won’t be able to access or require it. but if the client is able to view the modulescript. Yes, they can require/decompile it.