Help with securing localscripts

Grersh · June 9, 2021, 2:56pm

How would one go about protecting their LocalScripts from the client as efficiently as possible, and what are some practices that you use to prevent exploiters from stealing your scripts? I’ve been looking into utilizing obfuscation to try and make them hard to read, but are there any other practices I should know about? Mainly looking for ways to protect them from decompilers.

I don’t have very strong knowledge in bytecode, but from what I know exploiter can use that to get the general gist of the contents of a script.

Mainly not worried about securing remotes as I am fairly confident in that, but rather preventing my scripts from being stolen.

EnigmaticDevil · June 9, 2021, 2:58pm

You can never protect a localscript.

Grersh · June 9, 2021, 2:59pm

I know that, but isn’t there methods to make it as hard as possible to read and understand?

EnigmaticDevil · June 9, 2021, 2:59pm

Well i think that depends on how you’ll write it? simplify etc? not that knowledgeable about those stuff but yea i guess you could make it harder to read but at the end of the day they’d still be able to yank it

Grersh · June 9, 2021, 3:01pm

Earlier I tested how effective my friend’s exploit works in my game, just so I could see how well it could decompile. It was able to basically seize every local script, and not just that, but to the point where if someone tried hard enough and replaced enough variables (which probably wouldn’t take long with find and replace) they would be able to pretty much view the actual script.

Grersh · June 9, 2021, 3:02pm

Also, just want to clear up, I myself don’t have any exploits.

boeljoet · June 9, 2021, 3:02pm

i once heard that someone made all the functions in modulescripts in serverscriptservice.
using a remote function he returned the function as a whole, having nothing in his script.Source
and still executing it on the client.

EnigmaticDevil · June 9, 2021, 3:03pm

Exploiters can still view modules thought wait nvm u said they’re in serverscriptservice

Grersh · June 9, 2021, 3:03pm

I don’t know if this is correct, but I’m fairly sure an exploiter would still be able to view the contents of that module if a remote function returns it.

EnigmaticDevil · June 9, 2021, 3:04pm

possible but its worth the try i guess?, but that could cause issue such as delay

Grersh · June 9, 2021, 3:05pm

I’ll probably look at obfuscation as a solution

boeljoet · June 9, 2021, 3:09pm

EnigmaticDevil is right

in the end everything can be hacked. there is no way to make it 100% save when it runs on a client.
the thing to consider is how much time it takes to steal it… if the effort is bigger compared to the reward people give up and it is succesfull.

but this usualy comes with performance issues.
complex systems that have no other use than security

and generaly speaking, usualy not worth the time

EnigmaticDevil · June 9, 2021, 3:09pm

Either way, if they can reverse engineer it, doesn’t that mean that they already have a good understanding of scripts? so i don’t see why would they copy it

PS: Saw this thread The guide for Obfuscation

Grersh · June 9, 2021, 3:12pm

Not exactly, what I meant was that variables like the player’s character or services could be easily recognized by someone with a decent amount of knowledge, reverse engineering it on the server would be easy if you knew what you were doing as the modules and the localscripts reveal a decent portion of information, though I may have bias as I wrote them lol

Grersh · June 9, 2021, 3:13pm

Which is why I was looking at obfuscators as a potential solution