Encrypt Api (Free)

sanjay2003 · August 19, 2020, 4:58am

This shouldn’t be at the top of your post when this is misleading to the point of security & sanity checks. Instead, you provide a module that gives exploiters direct access to the server with a key that’s shared on both the server & client.

There is no protection with this. This is essentially a free ticket for exploiters to hack your game. This is equivalent to a backdoor that’s concealed & obfuscated for the purpose of “extra security”. Not only is this misleading but, it promotes bad habits in a place where people come to learn & model their own style from.

There’s a clear lack of experience & terms from what you offer & what you claim to know. Perhaps, you should look into how security actually works, understand the concepts & best practices and then attempt to model an open-source version from what you learned.

MMCraftin · August 19, 2020, 6:39am

How does this give them direct access to the server?

sjr04 · August 19, 2020, 6:56am

The key is in the local script, so they can easily get it

Sarptra · August 19, 2020, 9:15am

Can I make de-obfuscator a script?

mistrustfully · August 19, 2020, 9:46am

The point of this category is to post open source assets. If you want to have an obsfucated script so it’s harder to reverse engineer (Which obfuscation really does nothing, anyone with time could reverse it), post it in #help-and-feedback:cool-creations.

railworks2 · August 19, 2020, 12:20pm

Moved from #resources:community-resources to #help-and-feedback:cool-creations

Please review About the Community Resources category before posting in that catagory.

Only post resources with a substantial free or open-source component here. Post paid service subscriptions, plugins, and other resources in #help-and-feedback:cool-creations instead.

How should I write my resource topics?

Your resource must be:

Related to Roblox development .

Well explained ; do not dump content here, you must explain how your resource is meant to be used.

Significant overall ; your contributions must be more substantial than small scripts or a few individual assets. Resources that are not significant enough, too specific / not useful to many people, or too low quality should be posted in a different forum category, or you should request help from @Post_Approval to learn what can be improved.

Things you could post a Community Resources thread about:

Significant ModuleScripts, code libraries, or frameworks that you created for public use.

Large collections of assets / free models that you created for public use.

Royalty-free art, audio, or texture resources.

Free plugins you wish to showcase.

Websites that are useful to Roblox development.

MMCraftin · August 19, 2020, 6:06pm

It says free or open source not free and open source. This isn’t paid so it should be in community resouces.

MMCraftin · August 19, 2020, 6:07pm

Still doesn’t give them direct access to the server.

sjr04 · August 19, 2020, 6:08pm

But key is still in the local script, so what is your point?

MMCraftin · August 19, 2020, 6:14pm

My point is that what sanjay2003 said is incorrect. This isn’t like some lua executer you can’t just “directly access” the server using it.

sjr04 · August 19, 2020, 6:16pm

What was meant is the fact that the key is stored in a local script, which makes this useless, not necessarily that this is some server-sided executor, was likely a miscommunication from them.

AstrozTM · August 24, 2020, 5:02pm

I just bypassed this. It was not hard so this isn’t really secured at all.

Ryfiles · August 29, 2020, 8:17pm

Wow, why would you bypass that?

Ryfiles · August 29, 2020, 8:19pm

Why make a server-sided anti-cheat when it’s only reflecting on the server?

KhaledDevz · August 29, 2020, 8:24pm

By that I mean make the anti-cheat be in the server-side so exploiters can’t just delete it.

Ryfiles · August 29, 2020, 8:25pm

But still how are they going to “sever-side” the code?
Or explain how does this “server-side” anti cheat works.

KhaledDevz · August 30, 2020, 3:54am

Simple, you don’t trust the client-side to hold your anti-exploit so you make server-sided anti-cheats.

Cerulean7 · September 5, 2020, 11:33pm

I don’t think this is very useful, as it can be bypassed with max 1 lines of code and no knowledge of scripting. All they have to do is view the script’s source and see the thing being encoded (see the code block below)

game.ReplicatedStorage.RemoteEvent:FireServer(api.encode(key,"hello"))

Otherwise, if it’s stored in a variable, they can use any of these functions to see what’s being encoded (1 line)

debug.getregistry() / getreg()
debug.getupvalue() / debug.getupvalues()
getgc()
getsenv()

edit: sorry for necrobumping this, I didn’t realize this was old

redJuli21 · September 6, 2020, 12:09am

Ok I understand that this isn’t helpful because this won’t stop exploiters this just “slows” them down but on the bright side, this is a cool creation and it was meant to be useful, not to “promote bad habits” so I don’t see why most of you are attacking this person, maybe she (judging by avatar) was excited to publish this and get feedback but instead got attacked by people.

Even though I still think the module it’s not safe to use and it’s just like a proof of concept. Would not use it myself.

MMCraftin · December 8, 2020, 3:56am

Thanks for the positivity!