It’s correct that there aren’t any public tools to deobfuscate IB2, but constant dumping is extremely easy and anyone can do it. Also, there are private deobfuscators/decompilers for IB2/Aztupbrew.
Constant dumping is easy if you know your way around a VM. Not everybody can do it. There’s no such thing as a private decompiler that only works on Ironbrew.
There’s no such thing as a private decompiler that only works on Ironbrew.
If you look about 2 posts above yours there is the code deobfuscated from the module. I also would know they exist as I was involved with the creation. The only non deobfuscated obfuscators right now are PSU and Luraph.
1 Like
Luraph deobfuscator is privately maintained after the owner filed a DMCA takedown on the public version. I don’t believe PSU has been deobfuscated.
Luraph’s already been changed after deobfuscation;
Thanks for decoding this. Im taking all this feedback into account and updating how this works.
1 Like
I never said don’t do sanity checks I said secure the server in the top of the post. You’re acting like I said only use this its just extra protection chill dude.
Keep in mind, I did not decode this. But always remember, ALL obfuscation CAN be undone. There’s no exception to this rule. Some may be harder than others, but you can never truly hide your source code. There’s always someone who will find a work around.
1 Like
This shouldn’t be at the top of your post when this is misleading to the point of security & sanity checks. Instead, you provide a module that gives exploiters direct access to the server with a key that’s shared on both the server & client.
There is no protection with this. This is essentially a free ticket for exploiters to hack your game. This is equivalent to a backdoor that’s concealed & obfuscated for the purpose of “extra security”. Not only is this misleading but, it promotes bad habits in a place where people come to learn & model their own style from.
There’s a clear lack of experience & terms from what you offer & what you claim to know. Perhaps, you should look into how security actually works, understand the concepts & best practices and then attempt to model an open-source version from what you learned.
1 Like
How does this give them direct access to the server?
The key is in the local script, so they can easily get it
1 Like
Can I make de-obfuscator a script?
The point of this category is to post open source assets. If you want to have an obsfucated script so it’s harder to reverse engineer (Which obfuscation really does nothing, anyone with time could reverse it), post it in #help-and-feedback:cool-creations.
1 Like
Moved from #resources:community-resources to #help-and-feedback:cool-creations
Please review About the Community Resources category before posting in that catagory.
Only post resources with a substantial free or open-source component here. Post paid service subscriptions, plugins, and other resources in #help-and-feedback:cool-creations instead.
How should I write my resource topics?
Your resource must be:
- Related to Roblox development .
- Well explained ; do not dump content here, you must explain how your resource is meant to be used.
- Significant overall ; your contributions must be more substantial than small scripts or a few individual assets. Resources that are not significant enough, too specific / not useful to many people, or too low quality should be posted in a different forum category, or you should request help from @Post_Approval to learn what can be improved.
Things you could post a Community Resources thread about:
- Significant ModuleScripts, code libraries, or frameworks that you created for public use.
- Large collections of assets / free models that you created for public use.
- Royalty-free art, audio, or texture resources.
- Free plugins you wish to showcase.
- Websites that are useful to Roblox development.
3 Likes
It says free or open source not free and open source. This isn’t paid so it should be in community resouces.
Still doesn’t give them direct access to the server.
But key is still in the local script, so what is your point?
1 Like
My point is that what sanjay2003 said is incorrect. This isn’t like some lua executer you can’t just “directly access” the server using it.
What was meant is the fact that the key is stored in a local script, which makes this useless, not necessarily that this is some server-sided executor, was likely a miscommunication from them.
1 Like
I just bypassed this. It was not hard so this isn’t really secured at all.
1 Like