Encrypt Api (Free)

The point of this category is to post open source assets. If you want to have an obsfucated script so it’s harder to reverse engineer (Which obfuscation really does nothing, anyone with time could reverse it), post it in #help-and-feedback:cool-creations.

1 Like

Moved from #resources:community-resources to #help-and-feedback:cool-creations

Please review About the Community Resources category before posting in that catagory.

Only post resources with a substantial free or open-source component here. Post paid service subscriptions, plugins, and other resources in #help-and-feedback:cool-creations instead.

How should I write my resource topics?

Your resource must be:

  • Related to Roblox development .
  • Well explained ; do not dump content here, you must explain how your resource is meant to be used.
  • Significant overall ; your contributions must be more substantial than small scripts or a few individual assets. Resources that are not significant enough, too specific / not useful to many people, or too low quality should be posted in a different forum category, or you should request help from @Post_Approval to learn what can be improved.

Things you could post a Community Resources thread about:

  • Significant ModuleScripts, code libraries, or frameworks that you created for public use.
  • Large collections of assets / free models that you created for public use.
  • Royalty-free art, audio, or texture resources.
  • Free plugins you wish to showcase.
  • Websites that are useful to Roblox development.
3 Likes

It says free or open source not free and open source. This isn’t paid so it should be in community resouces.

Still doesn’t give them direct access to the server.

But key is still in the local script, so what is your point?

1 Like

My point is that what sanjay2003 said is incorrect. This isn’t like some lua executer you can’t just “directly access” the server using it.

What was meant is the fact that the key is stored in a local script, which makes this useless, not necessarily that this is some server-sided executor, was likely a miscommunication from them.

1 Like

I just bypassed this. It was not hard so this isn’t really secured at all.

1 Like

Wow, why would you bypass that?

Why make a server-sided anti-cheat when it’s only reflecting on the server?

By that I mean make the anti-cheat be in the server-side so exploiters can’t just delete it.

But still how are they going to “sever-side” the code?
Or explain how does this “server-side” anti cheat works.

Simple, you don’t trust the client-side to hold your anti-exploit so you make server-sided anti-cheats.

1 Like

I don’t think this is very useful, as it can be bypassed with max 1 lines of code and no knowledge of scripting. All they have to do is view the script’s source and see the thing being encoded (see the code block below)

game.ReplicatedStorage.RemoteEvent:FireServer(api.encode(key,"hello"))

Otherwise, if it’s stored in a variable, they can use any of these functions to see what’s being encoded (1 line)

debug.getregistry() / getreg()
debug.getupvalue() / debug.getupvalues()
getgc()
getsenv()

edit: sorry for necrobumping this, I didn’t realize this was old

2 Likes

Ok I understand that this isn’t helpful because this won’t stop exploiters this just “slows” them down but on the bright side, this is a cool creation and it was meant to be useful, not to “promote bad habits” so I don’t see why most of you are attacking this person, maybe she (judging by avatar) was excited to publish this and get feedback but instead got attacked by people.

Even though I still think the module it’s not safe to use and it’s just like a proof of concept. Would not use it myself.

2 Likes

Thanks for the positivity! :heart:

1 Like

Looks broken now:

Attemp to index number with gsub

Does this work on a plugin?
I tried to test it on a local plugin and got
“Decode cannot be called from the client”
Anybody know how to fix this?

Why would I use this API when I can go use an open-sourced AES implementation coded in pure Lua?

Just a fyi, you made the whole module closed-source, how are we able to tell that your API can actually ensure the encrypted data will not be brute-forced in any particular ways?

Oh, if I missed the main point of this thing, I am sorry.

2 Likes

It doesn’t matter if someone brute forces it this api essentially just makes a hash for data. An example of how I use it is I have a limited item system in which each item has a unique hash which is just the encoded text “userid:tick():item:serial”. This is not meant to be security based hence why I put “WARNING: DON’T USE THIS AS ANTI EXPLOIT PROTECTION SANITY CHECKS WORK BETTER” at the top. Thanks for the github link though I will check it out and see if there is anything in there I can implement :smiley: