How can I protect my functions? (UPDATED)

Help and Feedback Scripting Support
#1
old

For specific security reasons, I can’t share my entire script.

Working on an anti-cheat, and I have to protect some parts of my anti-cheat from further methods and vulnerabilities.

And I have to get some specific functions from the server to stop hooking.
Here is an example with the os library;

--SERVER
security.OnServerInvoke = (function(plr)
	print(os)
	return os
end)

As you see there, it returns the os library with a remote function, and print(os) gives an output of functions inside;

{
  ["clock"] = "function",
  ["date"] = "function",
  ["difftime"] = "function",
  ["time"] = "function"
}

But when it passes to the client, it looks like an empty table;

--CLIENT
giveReq = security:InvokeServer()

print(giveReq)
print("isr done")

This time, it prints {}; empty table.
How can I fix this problem; can I try to do anything else?

By the way, I have tried to do it with RemoteEvents.

UPDATED: It’s impossible to pass functions from the server.

Working on an anti-cheat, and I’m concerned about hooking.
My main goal is to secure my functions from possible hooking attempts; how can I protect them from the client?

By the way, I will still need them. So If they get hooked, I need replacements.

5 Likes
#2

You cannot replicate functions across the client/server boundary

5 Likes
#3

As @HugeCoolboy2007 said, you can’t pass functions through events. You can send individual values however as you need them.

3 Likes
#4

Understood, can’t I do something else to protect my functions?

3 Likes
#5

What do you mean protect functions?

The client cannot see any functions that exist only on the server. Whenever the client sends you information through RemoteEvents you should always sanity check it, to make the information is valid.

3 Likes
#6

If you just need the values, then you can do what @batteryday said. But if you need the function itself, there’s no way of protecting/accessing those

2 Likes
#7

I have a function that uses the os library to detect clients’ current timezone etc.
Sanity wouldn’t help my situation; they hook the os library, so it gives the wrong information.

1 Like
#8

If you want to know the client’s timezone you simply have the client send you their timezone.

RemoteEvent:FireServer(os.time())

What can’t you do that you are trying to do? Sorry I’m a little confused.

2 Likes
#9

I’m trying to protect the client from exploiting their fingerprint. (It’s for rbxfingerprint)
Since they can hook os, you can’t pass safe os.time(). And the server wouldn’t return the client’s timezone.

2 Likes
#10

Sorry I’m not that sophisticated at hooking functions and stuff. All I know is that the client can always modify any data they send to the server. The best and only thing you can do is process that data logically so that the client doesn’t break things or give themself infinite xp.

I recommend this post by Autterfly which goes into greater detail.

1 Like
#11

It’s easy to understand:
They run something like hook(os.time,(function() --exploit end)) and change os.time to another function of their choice.

By the way, the topic you shared contains no information about function hooking and protection.

#12
#13

That’s what I’m saying. I need a replacement of my functions, so they can’t get changed or exploited.

#14

The client will never be able to exploit server functions.

The client will always have control of itself. You cannot “protect” the functions on the client.

If you are attempting to “secure” the functions on the client to ensure they aren’t tampered with, don’t. But according to this post you can if it makes you sleep better at night.

I don’t know any more than that so I cannot help you further. Good luck!