Hacker can get a random Number in a script or local script?

Hello my name is FraduiKeng and I would know if Hacker can get a random Number in a script or local script ?

-- example ;
local RandomNumber = math.random(1,10)

I don’t know if I’m in the right category.

2 Likes

To my knowledge they can only read scripts if they are local, but unless you are using it in a value they really can’t (correct me if im wrong)

I use a random number which comes from the server to the client and which immediately returns from the client and server to protect a remote and I need to know if a hacker can get the random number

Yes, an exploiter could intercept that.
Trusting the client with anything is always a bad idea because they have full access to Roblox’s client memory.

Yes they can, pretty much any can

There would be another way to protect my remote ?

I suggest not bothering and to just make sure your clients can never do anything malicious to the server.

The best protection is to never trust the client.
Ensure to do checks on the server, quite often.

Say you are making a shop and you have a RemoteEvent for buying something.

Have the server make sure the player has enough money, and if the item exists, etc.
The client can still do these checks themselves, but dont rely on it, the checks on the client are only there to attempt to do less RemoteEvent calls, in turn using less bandwidth, but its not an end all be all measure.

Yes but if I do not have this possibility to check it’s by the server

Then dont do what you are trying to do… or figure out a way to do this check

You should rarely ever need RemoteEvents where the server cant check if the data is valid/correct

I want to do if the client sees a part is missing for example, he tells the server that the client is missing this part and I would like to prevent hackers from saying the part is still there that is wrong

They only have full control of local scripts.

Then do the checkings on the server.

Not sure where you got this random key idea but it’s a bad way to protect your game’s remote events, like everyone else has said, just make sure to secure your events on the server-side itself such as “player buys sword, server checks player’s money, if they have enough, give the sword, if they don’t then don’t give the sword”.

It’s just general safety checks that are needed for remote events to be secure.

Yes I know all that but if the server is not able to verify its because it is done that the client side (example: a part has been deleted in the client) how the server could know its ???

Think of the server as the master client, it has full control over everything that everybody sees, so a part deleted on someone else’s client will only delete it on their side, as far as the server is concerned, that part is still there and the collision would be too, they just see the part missing on their side whereas everyone else sees the part there.

Edit: The server has control over everything that everybody sees and interacts with in the game, if someone has access to that part, you haven’t secured your game correctly.


Edit from the 1st of November 2023, I no-longer use Roblox for any of my projects/endeavors as I do not wish for my projects to be locked into this centralized ecosystem, Roblox have made horrific decisions in the past and there is nothing stopping moderation or a hacker from permanently nuking my project from orbit.

Examples: Project A is on Roblox, Account is hacked, Project is deleted.

Project B is standalone and hosted via a dedicated server on a VPS, Account is hacked, A few misuses of permissions and account is disabled temporarily via the server itself but the project is perfectly fine aside from minor damage caused by misused account permissions.

Think before using platforms like this, Their blessings can also be curses.

If this a script which was there for him blocks something (example his blocked are walkspeed at 16), he could delete it and then go to the speed he wants

What do you mean by this exactly?


Edit from the 1st of November 2023, I no-longer use Roblox for any of my projects/endeavors as I do not wish for my projects to be locked into this centralized ecosystem, Roblox have made horrific decisions in the past and there is nothing stopping moderation or a hacker from permanently nuking my project from orbit.

Examples: Project A is on Roblox, Account is hacked, Project is deleted.

Project B is standalone and hosted via a dedicated server on a VPS, Account is hacked, A few misuses of permissions and account is disabled temporarily via the server itself but the project is perfectly fine aside from minor damage caused by misused account permissions.

Think before using platforms like this, Their blessings can also be curses.