I am attempting to make an ordering system (similar to bloxburg’s burger place) for a game that I am working on. An NPC walks up to a cash register, orders a meal etcetc. When a player finishes their shift, I need to use a remote event to give the player their cash.
I am aware that remote viewer (included in most paid exploits) is capable of viewing the arguments of remote events that are fired. How can I successfully fire the shift finished remote event without including the amount of cash a player earns? Is there a way of doing this?
From what I know (from a trusted source who now develops anti-exploits, after years of exploiting), while exploiters can read Server-Client info, they cannot read Client-Server info. Your best bet is to generate a random key for each remote event on runtime.
If you have one key that’s permanent across your entire game (hard coded in, not generated on runtime), then they can simply download the code, decompile it, and figure out the key incredibly easily. So it has to be randomly generated on runtime.
Like generating a code every few minutes that’s used throughout the server?
How can I store that code and make sure scripts can access it? I have an exploiter friend that says values can easily be compromised through a script that lets you “view everything in the game, where it is and what it’s properties are”
The shift ending is fully serverside as I do it via part:Touched. What I’m looking for is a way to grant a player their cash while remaining with a secure remote event.
Ok, I’ve never played bloxburg so there may be some things I’m missing. But if you can detect when a player’s shift ends on the server. Why don’t you award them cash on the server?
The idea is you shouldn’t be adding security to your remotes. You should be thinking offensively, as if you’re someone trying to compromise your game. Set up checks on the server that don’t rely on information the client provides, make sure things the client is asking for make sense, and don’t store anything sensitive on the client.
In your post you mention that players have shifts. Like Xalneth suggested, you can have the server be the one that decides when the player’s shift starts and ends.
Assuming your game is time based, you can just check the time between when the player began and ended their shift, which at this point should already be in the server.
If your game is task based (ex. serve specific orders given by the NPCs) you can have the server send the client the NPC needs as they come in, and the client can send back an action (like picking a specific ingredient). Even here, you inevitably won’t be able to stop people who bot this, but you can diminish the impact by adding things like cooldowns/debounces (ex. a customer must be in the store for at least 20 seconds before leaving and another one coming in).
I have concluded that the ordering system is so easy that I will just have a specific window where the remote event can be fired. I will also put a time limit on the shifts so people can’t afk. Thank you so much for your help, I will be using serversides for NPCs now.
Most exploiters have a wide choice of debug functions they can use to hijack your random key system. Furthermore, there have been numerous examples of seed cracking in other scenarios. This method should never be used as a way of “securing” your RemoteEvent transmissions, along with any other useless attempts to do so.
