I don’t know if this is possible or not, but I’d love to get some input. I’ve been thinking about making some custom guns and selling them, but because I’d have to put the code inside the scripts in the guns, that means anyone who buys the guns can just pirate and sell or even give away my product for free, and I want to prevent that. What I’ve been thinking about recently is possibly creating a web server hosted on my home device, and keeping a JSON database that contains strings of code for each gun and it’s scripts. My idea is that I can just make an HTTP call from the script, retrieve the code, and then parse it with my own custom parser, and run that code. The only problem is, I don’t see any other way to do that without creating a completely new Script and then setting the source of that script to my parsed code or just the string, and running that, which defeats the whole purpose because then players can just print the source of that new LocalScript, or even open the script in studio during a test. Is there a way that I can load the data from the HTTP call and run that string of data without making it visible in a script?
I also haven’t looked to see if this is allowed yet, but I figured even if it isn’t it would be an interesting question to pose, so this isn’t me saying hey I’m breaking the ToS, in case mods try to lynch me for this.
EDIT: Okay I thought you could write to the source of instance.new created scripts, I must have read something in the API wrong, disregard that.
Closed source selling has been a long running discussion on the forum for other services as well. You can search those threads to view discussion - there are a few posts regarding pulling code from external resources and running them in game. It is possible to do.
In my own opinion, since you are looking for input, I’d say that at this point, selling goods on Roblox is silly. I’m absolutely not against a closed source marketplace but some developers on this platform are quite shady and you just can’t run things the same way you can outside of this environment. It happens outside Roblox too but within, trust is an absurdly prevalent issue.
If anything, it would be better to render services for commissions in the Collaboration category rather than to sell loose goods. If you’re only selling a good, then you have to put up with tons of unnecessary headaches that don’t make it worth it for a quick buck. If you sell your talents as a service, then you’d be custom tailoring code towards a project’s specific needs, netting higher gains (you can absolutely make more from a commission than from open selling in most or all cases) and you can network with other developers and get future opportunities as well.
This is possible, and pretty trivial to do, however making your own parser won’t secure your code at all.
If you are running the code in the game, there’s nothing preventing people from simply logging the “real code” which you’d have to run at some point.
What you want to do is flawed because the client (buyer) has the ability to modify the code that would load it. The best you can do is probably to convert it to bytecode and run FiOne however bytecode can still be converted to normal code (although, not the exact same as the original source) via an executable such as luadec51.
The only way to properly secure your code is to never give the code in the first place.
You can go for obfuscators, however the obfuscators that actually give you any layer of protection (VM obfuscators) generally also slow down your code.
Unless the gun code is running on the external website (which would be a bad idea anyway) couldn’t someone still grab the source by just sending a request themselves?
Yeah, you could just query the endpoint assuming you know what it is. You can have things like API keys but the moment someone shares one, that’s it. You can revoke them but the source will probably have been long downloaded after you tackle that problem.
I don’t recommend ever trying to sell specific goods on Roblox and instead opting to sell services. Given that OP marked one such answer about obfuscation and all (even though it should be since it actually answers the question), it’s clear that they acknowledge the risks and intend to go through with it anyway, so anything from there on is on them to bear.
It’s honestly not worth the headache and loss of further opportunities. Something like this can be reconsidered when Roblox further adds permission levels on features and potentially provides a safer way of handling closed-source code.