Can private modules be downloaded?

focasds · May 31, 2020, 2:21am

Hello, hope you are feeling really well today! This is a quick question. Can an experienced hacker download a private model from our accounts? (Idk where should I post this, I posted it on Scripting Support) because I have a private module which is a private model. Can a hacker download it easily? I got to this question because people were saying: “They can”. Is this really true?

1230james · May 31, 2020, 2:28am

You can. One is able to send a query to the Roblox asset server to access certain kinds of assets, including ModuleScripts (although only those that are named MainModule so they can be required via ID).

Noble_Draconian · May 31, 2020, 2:32am

Unless a person has access to your account, they should not be able to download private assets owned by you, not even via API endpoint.

focasds · May 31, 2020, 2:37am

Ok, so I heard Roblox removed the Private Modules where everybody were able to require them via ID. So I am the only one that can require it. Other than that, let’s say no one has hacked my account nothing like it happened. Can someone bypass roblox security and download it?

focasds · May 31, 2020, 2:40am

Hello, Reshiram110 thank you for your reply. What about @1230jamesright’s case?

1230james · May 31, 2020, 2:43am

Took me a solid minute to find this line again, but you can run this code to grab a handful of different assets:

game:GetObjects("http://www.roblox.com/asset/?id=AssetID")[1]

If it’s able to get the object off the content servers successfully, this will return an Instance of the object you’re trying to get.

Noble_Draconian · May 31, 2020, 2:45am

That only works if the asset is public or you have permissions to the asset.

focasds · May 31, 2020, 2:49am

Do you have any private model that you don’t use or it doesn’t have even a functionality to try to see if I can load it?

1230james · May 31, 2020, 2:51am

Alright I’ve tried it again; it seems you’re correct in that private modules are safe (although I only tried only two models that I’m not 100% certain that are MainModule-compliant ModuleScripts).

I’ve used this trick to get Animations that I don’t own for installing guns that run on NoCollider’s gun script, though, so there’s still some assets that are vulnerable using this method.

focasds · May 31, 2020, 2:52am

So private modules can’t be load right?

1230james · May 31, 2020, 2:53am

Try 2402616308.

ravioli ravioli gotta hit the 30 charsioli

focasds · May 31, 2020, 2:53am

This is the error that it gives: 22:53:33.449 - HTTP 409 (Conflict)

1230james · May 31, 2020, 2:55am

Then yes, private modules are safe, unless someone breaks into your account and steals them that way or if you place the script in a place that replicates to the client.

focasds · May 31, 2020, 2:56am

Thank you to @Reshiram110 and @1230james for your replies and helpful answers . Have a nice day guys!