How would one go about protecting their LocalScripts from the client as efficiently as possible, and what are some practices that you use to prevent exploiters from stealing your scripts? I’ve been looking into utilizing obfuscation to try and make them hard to read, but are there any other practices I should know about? Mainly looking for ways to protect them from decompilers.
I don’t have very strong knowledge in bytecode, but from what I know exploiter can use that to get the general gist of the contents of a script.
Mainly not worried about securing remotes as I am fairly confident in that, but rather preventing my scripts from being stolen.
You can never protect a localscript.
I know that, but isn’t there methods to make it as hard as possible to read and understand?
Well i think that depends on how you’ll write it? simplify etc? not that knowledgeable about those stuff but yea i guess you could make it harder to read but at the end of the day they’d still be able to yank it
Earlier I tested how effective my friend’s exploit works in my game, just so I could see how well it could decompile. It was able to basically seize every local script, and not just that, but to the point where if someone tried hard enough and replaced enough variables (which probably wouldn’t take long with find and replace) they would be able to pretty much view the actual script.
Also, just want to clear up, I myself don’t have any exploits.
i once heard that someone made all the functions in modulescripts in serverscriptservice.
using a remote function he returned the function as a whole, having nothing in his script.Source
and still executing it on the client.
Exploiters can still view modules thought wait nvm u said they’re in serverscriptservice
I don’t know if this is correct, but I’m fairly sure an exploiter would still be able to view the contents of that module if a remote function returns it.
possible but its worth the try i guess?, but that could cause issue such as delay
I’ll probably look at obfuscation as a solution
EnigmaticDevil is right
in the end everything can be hacked. there is no way to make it 100% save when it runs on a client.
the thing to consider is how much time it takes to steal it… if the effort is bigger compared to the reward people give up and it is succesfull.
but this usualy comes with performance issues.
complex systems that have no other use than security
and generaly speaking, usualy not worth the time
Either way, if they can reverse engineer it, doesn’t that mean that they already have a good understanding of scripts? so i don’t see why would they copy it
PS: Saw this thread The guide for Obfuscation
Not exactly, what I meant was that variables like the player’s character or services could be easily recognized by someone with a decent amount of knowledge, reverse engineering it on the server would be easy if you knew what you were doing as the modules and the localscripts reveal a decent portion of information, though I may have bias as I wrote them lol
Which is why I was looking at obfuscators as a potential solution