Can I obfuscate Plugin Code?

Was wondering if we could obfuscate plugin code. I just don’t want my plugin code to be leaked since Plugins can be easily leaked. I am not doing this for any malicious purposes but trying to protect my code. All the posts on this topic is from ~2020 and I was wondering if the rules have changed since then.

3 Likes

Nope.

To maintain community safety, Roblox may terminate accounts that publish spam or assets with malicious or obfuscated code.

That’s also shown when you go to publish a plugin.

4 Likes

You can. It’s perfectly fine to use obfuscated code if the plugin has no malicious intent, however, issues arise from Obfuscating plugin code (I made a few plugins obfuscated, some of which ran into such problems as;) insert service not being detected. (Or Roblox deliberately blocks insert service on obfuscated plugins I am not sure)

No no no no. Obfuscating Code is against the community standards and will be punished.

That makes no sense, If im selling a plugin, I don’t want people to be able to just copy paste its code, if roblox won’t provide security, then I will take it into my own hands.

1 Like

Then roblox will simply moderate your account?

If roblox says ‘do not do this’ and you proceed to do it, you are practically asking for the consequence.

2 Likes

If you “take it in your own hands” then you will simply get banned. That is how it is.

If ROBLOX says there is a CHANCE and that it may be accidental, its not saying that’s it is DIRECTLY against the rules. Note how it says “may” and not “will”

1 Like

It’s completely unfair this Plugin Ripper exists on the Roblox website, in this case. “View source code” as advertised. You can’t obfuscate, but developers can still rip the source only using provided APIS. No!

Hot take edit: If you publish a plugin, paid or unpaid, intend for it to be copied. Do note, if someone rips a paid plugin, this is considered a violation. If you ultimately want to protect your plugin source, don’t publish or distribute under any circumstance

There is a chance to get away with breaking any rule on Roblox. It still doesn’t mean you can/should break them… Roblox is not saying it’s allowed just because they cannot guarantee every plugin uploaded will result in moderation.

Then how are you supposed to make money if you can’t publish or distribute?

If you wish to make money, then publish it. If you want to protect the source code, don’t. And I should add that even if you get away with obfuscation, most people who steal source code just re-publish it under their own name. And removing security barriers, even obfuscated ones, is a cake walk in Lua.

2 Likes

This. It’s also just like making a game on the platform. Local and module scripts’ sources are always loaded in memory from the client in some form, so you accept the risk of having it stolen by publishing a game (through means of exploiting). Same concept with plugins, they’re in memory and thus are retrievable in some way. Sure, taking its source and re-uploading it may violate copyright laws and whatnot but that doesn’t mean stealing won’t happen.

1 Like

First, as obfuscators become more and more advanced, and AI progresses this argument becomes less and less true. A strong obfuscator backed by AI is a serious roadblock.

Second, I find it absolutely infuriating that roblox refuses to protect our intellectual property, then moderates us for trying to do so ourselves. I understand the argument about malicious code but its pretty simple, if you dont trust a script dont execute it. Same rule exists everywhere on the internet. Not sure why roblox feels the need to play parent here and tell us what we can and cant do. Furthermore, not sure why im being barred from revenue because some other clown wants to misuse a legitimate programming principle.

For games, I can maybe understand but my case resolves around plugins. It is overwhelmingly easy for someone to just scrape out my entire plugin file and from there its all over. Once its on the marketplace I can kiss any chance of monetization goodbye. Of course roblox makes the argument “oh we will moderate the people stealing plugins” but once its out its out.

TLDR: not sure why roblox cares about obfuscation when my 80 year old grandmother understands to not execute scripts if you dont trust their source.

Plugin Ripper uses InsertService:LoadAsset() which will only work if you own the plugin or it is free. Also by free, on any free plugin page there’s literally a download button which downloads the source of the plugin.

image

1 Like