Game security code

Good_Scripter · September 27, 2020, 3:44pm

Don’t forget that Lua Decompilers included in exploits automatically beautify it.

Nightmare4into96 · September 27, 2020, 4:29pm

I have another idea! We could put comment marks between the code!

WaterJamesPlough · September 27, 2020, 4:35pm

Comments help you to organize your code properly, so basically you could write notes for functions to help you remember it later on in future.

How is that supposed to contribute to security though, I don’t get it.

Aiomab · September 27, 2020, 4:36pm

Your coding isn’t more secured. It just makes your life harder bc you gotta keep scrolling 9999999 miles every time you find a bug or add a new line.

Nightmare4into96 · September 27, 2020, 4:40pm

Here is what I mean:

code

–

–
code

WaterJamesPlough · September 27, 2020, 4:41pm

How is that supposed to improve security though…

Nightmare4into96 · September 27, 2020, 4:42pm

The comment marks between the code is harder to beautify it

TheEdgyDev · September 27, 2020, 4:42pm

This is not true. Decompilers don’t preserve comments.

Please, for your own sanity and for the others involved, stop believing that making your code harder to work with means a computer will have a harder time parsing it. It simply is not the case. Obfuscation is never the answer.

WaterJamesPlough · September 27, 2020, 4:44pm

Still though, an exploiter could just use a Decompiler also why do you even want to Secure your client side code, it is available to them by any way. And if it is for Server Sided, it doesn’t make sense because Clients aren’t able to access ServerStorage or ServerScriptService. So basically you will be making your life harder by doing that.

Nightmare4into96 · September 27, 2020, 4:51pm

Then, what other ways to secure the code?
Are there no other ways of protecting it?

TheEdgyDev · September 27, 2020, 4:55pm

From what are you trying to secure your code? Are you worried about people taking your intellectual property, or are you concerned about exploitation?

If you’re more specific with your needs, the community can give you more precise, valuable feedback.

Good_Scripter · September 27, 2020, 4:57pm

Comments arent replicated to the client. Luau also removed the variable names and renamed them to v1, v2 and so on, so they already did more than enough.

There is no reason why you want to protect your clientsided code more. You should work on features instead. If you obfuscate your code you literally only create a hard time for yourself.

Nightmare4into96 · September 27, 2020, 5:06pm

Oh, I didn’t know that behind the scenes Lua renamed the variables and comments are hidden away. Thanks for letting me know! I don’t know much about Lua itself. Now I’ve learned something new. Thanks for the amazing feedback. Have a wonderful day!

LukaDev_0 · September 27, 2020, 5:11pm

Actually. Behind the scenes when u play your game, Lua is compiled into bytecode. So u lose Whitespace, Variable names and other stuff. Exploiters use a Decompiler that tries to make Source code from the bytecode.

Nightmare4into96 · September 27, 2020, 5:15pm

What is Whitespace I never heard of it?

LukaDev_0 · September 27, 2020, 5:15pm

Its just like spaces. Like tabs, spaces

J_guar515 · September 27, 2020, 5:42pm

As others previously mentioned, whitespacing the code as much as possible is a bad idea, and is security through obscurity.

Looking at the code that has been beautified by railworks earlier:

local YU = game:GetService("Players")

local UI = YU.LocalPlayer
repeat
    wait()
until UI.Character

while true do
    wait(3.5)
    if UI.Character.Humanoid.WalkSpeed ~= 25 then
        UI:Kick("Unknown Command")
        wait(1)
    end
end

----

----

-----

I’m assuming that you are checking the player’s speed on the client. You shouldn’t do that because an exploiter can access all of the client-side scripts, including this one. They can edit this code and make the speed checking not able to happen at all.

I’d recommend checking the player’s speed on the server to prevent speeding in game. There are a couple of articles that explain how you should detect exploiting and implementing an anti-cheat for your game.

Teo_O781 · September 27, 2020, 5:56pm

Adding additional spaces does not help your code atall, this has been already pointed out by many people. There is no need to obfuscate this script due to it not really being a crucial part in the gameplay (not really sure how to word it), and even if you obfuscated it, someone could easily deobfuscate it if they wanted to.

On another note, i have improved your code, feel free to use it.

--[[
	Put the code in StarterCharacterScripts if it isn't there already.
	
	This code is more efficent because it does not run on a while true loop.
	It instead checks when the property has been changed, this reduces lag.
	
	There is no need for this part of the code too:
		repeat
	    	wait()
		until UI.Character
	As the script loads after the character loads (StarterCharacterScripts do that.)
--]]

local Plrs = game:GetService("Players")
local LP = Plrs.LocalPlayer

LP.Character.Humanoid:GetPropertyChangedSignal("WalkSpeed"):Connect(function()
	if LP.Character.Humanoid.WalkSpeed > 16 then
		LP:Kick("\n \n Unknown Command \n") --Replace this if you want to, your choice really.
	end
end)

Here’s the result of the script, it also works instantly.:

EDIT: Of course, this is flawed as it’s on the client.

DeFunnyPerson · October 2, 2020, 2:08pm

It’s better work on a strong server side script than working on a client script. Exploiters have access to local scripts and can delete or modify them. I would constantly check if there are any body movers or other exploit related stuff in the character. I would also check if the player GUI has any unnoticed GUIs on the server.

itsokayepic · October 2, 2020, 3:08pm

Number one thing to learn is NEVER TRUST THE CLIENT. As @DeFunnyPerson said, work on making a good server side anti-cheat with lots of checks.