Encrypt Api (Free)

ROBLOX HAS BLOCKED THIS SCRIPT FROM THE MARKETPLACE BECAUSE OF THEIR NEW RULES. STOP THIS POLICY CHANGE. IF YOU HAVE A DEVFORUM ACCOUNT LEAVE A REPLY HERE: Creator Marketplace: Improving Model Safety. IF NOT THEN SHARE.

I have recently made a new api called the encrypt api. It can encrypt and decrypt strings for any purpose.

DISCLAIMER: Don’t use this as a single security method. This is more of a hash generator.

How it works:

This api can convert strings into jibberish text and then back into a readable string.

How to use it:

You can require the module then use the api function

-- Call The API
local api = require(5574188332)
-- Set Your Key
local key = 1023921391233933

--Encode Text
print(api.encode(key, "test"))

--Decode Text
print(api.decode(key, "84cd84f3"))

--Encrypted Remote

game.ReplicatedStorage.RemoteEvent.OnServerEvent:Connect(function(plr, text)
	print(api.decode(key, text))
end)

As you can see the remote is decrypting the jibberish back into the word “hello”.

Important Extras:

There is no way to run the api on the client.

Documentation:

module.encode(key, string) - encodes the string
module.decode(key, string) - decodes the string

Resources:

Local Module:

https://www.roblox.com/library/5574327070/Encrypt-Api-Local-Side

Place with all the scripts above:

https://www.roblox.com/games/5574333643/Encrypt-Api-Place

If you need any help you can contact me on my dev server: Discord

26 Likes

Security through obscurity won’t keep your game safe for long. This kind of approach to an anti-exploit will just end with someone taking maybe half an hour to find your encryption key and leaking it to everyone.

28 Likes

I know this is just some extra security for heavily targetted games. Its not made to be the only thing you have. If someone does the find the key the changing of the key can patch all the exploits for the game for a little bit.

1 Like

This doesn’t make sense. Server side checks fix the trust issue whether or not an exploiter can read what’s being sent.

The title is also misleading. “A New Way To Stop Exploiting” implies it’s both new and that it stops exploiting. Key systems have been around forever and used in many games. They have also never stopped exploiting.

11 Likes

lol

if an exploiter decompiles this the result would roughly be

local v1 = require(script["YWR1aXdhZHVod25kcw=="])
local v2 = 1023921391233933
print(v1.encode(v2,"test"))

game.ReplicatedStorage.RemoteEvent:FireServer(v1.encode(v2,"hello"))

so the code is literally working for the exploiter since it is sending the encoded result and they can see that the key is static. even if it were dynamic what prevents them from hooking :FireServer so they can just send over the key your game scripts send over?

8 Likes

Like I said in the post use https://obfuscator.aztupscripts.xyz/Home for obfuscating the script so they can’t see the key. It uses homebrew which has never been cracked.

What prevents them from dumping constants? There are also tools to deobfuscate. It is possible for exploiters to reverse engineer any obfuscation attempts. It just isn’t all worth it when your backend can be secure.

5 Likes

Or just secure your game through proper server sanity checks/validation

All the security through obscurity posts on Community Resources needs to stop :confused: . It is not a helpful community resource , it just promotes bad habits

19 Likes

I never said don’t do server side checks this is just extra protection so remote spy doesn’t work.

2 Likes

The problem with implementing “extra protection” is that it gives the developer extra work (sending a key through every remote and verifying on the server) for practically zero returns, as mentioned multiple times above it can be easily sidestepped.

3 Likes

I mean you can use the api for just encrypting stuff on the server side for random use cases I guess.

There is really no point in this as it’ll get bypassed and released, which everyone will then use.
There are ways to make exploiting really, really annoying on client-side to the point where developers of the exploits have to implement functions to help out / bypass those anticheats (cough rogue lineage), but those are way more complex , while this just encrypting a key (which you can grab anyway, I’m unsure why you’re saying this prevents remote spies) which doesn’t even seem to be dynamic?

You’re implying this is hard to bypass when it’s not: you can grab that key in under 5 minutes.
Please do not try to secure the client, as it just makes it worse in the end.

P.S: obfuscating doesn’t really matter anyway, as even if you were to obfuscate both the module and the localscript & even have the keys be dynamic, exploiters could still just call the module to encrypt it themselves…

3 Likes

I’m not sure encryption plays a special part in securing roblox’s remote network.
The server is perfectly capable of verifying if requests are valid; likewise the client can assume the communication from the server is also valid. Any sensitive information should never be sent to client; so there shouldn’t actually be any risk in players seeing data sent from server.

Also why obfuscate the encryption module’s source code?

2 Likes

Hey, could you please include the original source and not some obfuscated mess? I don’t think anyone wants obfuscated code doing who knows what to their game :slight_smile:

It is much harder to verify the legitimacy of this module as well as inspect what the module does when its source is obfuscated.

Only thing I could get is its constants.

encode
127
1
-1
2
256
20618

gsub
.
198292304344
128
byte
256
%02x
format
4 Likes

This is useful, a lot of “geniuses” try using Remote Spy and Firing any event. For someone who owns a simulator game, this is very useful.

The only reason why I won’t add it is because the API is obfuscated. I don’t wanna call you a malicious reason but who knows what the code could be doing?

3 Likes

giving out an obfuscated module defeats the purpose of it being a “community resource” imo

3 Likes

If they are using the obsfucator I added in the post then you can’t just grab the key and the module doesn’t work without your key so they can’t just call it

It’s obfuscated cause if someone sees the full source they could reverse engineer the whole api and make it so it no longer protects anything. They are 2 other keys build into the api code.

Anything client isn’t secure. Not sure what you are talking about.

2 Likes

The module is flawed to begin with so why bother obfuscation. This resource has no place in #resources:community-resources anyways.

5 Likes