EncryptV1 - Encrypt Strings, Code, +MORE!

Resources Community Resources
#41

Anyway, here’s a script to retrieve the base64 alphabet from your encryption module:

local encrypt = require(script.Parent.Parent.Packages.encrypt)

function getBase64Alphabet()
    local alphabet = ""
    
    for i=0, 63 do
        --[[
            0b00100010 (34)
            
            we shift it to the left by two
            0b10001000 (136)
            
            then encrypt converts it to a string
            "10001000"
            
            then encrypt appends 0000
            "100010000000"
            
            then encrypt takes the first 6 characters
            "100010"
            
            then gives us the corresponding character to this number
            "H"
            
            the string.sub is there to remove the excess garbage
        ]]
        
        alphabet ..= string.sub(encrypt(string.char(bit32.arshift(i, -2))), 0, 1)
    end
    
    return alphabet
end

print(getBase64Alphabet())

Try it!

Here’s it extracting the default base64 alphabet:

image
image888×219 48.8 KB

1 Like
#42

So here for some constructive criticism, let’s start.

  1. Your module is not useful and you false advertise it as a way to protect strings from exploiters. This is indeed not true as an exploiter can hook the connection, read the string, and run it through your system to check if the string can be decompiled.
  2. Even if the CryptoString is changed this module is still not secure. An exploiter can just re-use those strings later and guess them (not very hard to do for secure strings).
  3. Exploiters can still read the passed strings, all modern connection hooks have the ability to save/read/write remote arguments.
  4. Don’t advertise your module as a way to allow clients to access ‘important strings’. An ‘important string’ should never be entrusted to the client in the first place!
4 Likes
#43

Okay, I am completely sorry this was a misunderstanding in my end, I will be releasing a V2 that better improves the api, never put a cryptostring as ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, in v2 the cryptostring will not be accessed to anyone

1 Like