How do I make my scripts impossible to leak?

I’m making some scripts and I don’t want exploiters going and looking at them so how would I make them non leak-able?

Ironbrew and Xen and Luraph are all dead.

Well, soon as exploiters can see your client sided code, I’d say this isn’t possible. Along with, if you have a module script inside of ReplicatedStorage, or just anywhere the client can see, an exploiter will also be able to see it.


I mean like

not client side code.

If the script is on the client it is impossible to stop it being leaked because the player has control over there client. Any ‘security’ you put in place will have it’s workarounds and you will be fighting a loosing battle if you try and secure client sided code on the client. I wouldn’t take the time to obfuscate client sided code because if will slow down development and client sided code alone wont be any use to anyone without the server.

If your code is on the server it is impossible for an exploiter to get hold of it let alone read it. Secure your remotes and put the popper sanity checks in place.

1 Like

A exploiter can see any code, if it is in ServerStorage, SSS a simple backdoor can see you’r script. There is no way to make scripts inpossible to leak, exploits can see much scripts and with a backdoor any game can be copyed/script stealed.

Yeah, what @waterrunner said. Exploiters can only view client sided code.

1 Like

What are they going to do about it when the script is heavily connected to remotes anyways?

1 Like

Exploiters cannot mess with server side. They only have controls on the client. Only if they get hold of remote events and know how to use them, that’s a problem

i mean like

if there is a vulnerability to be on serverside in my game

and also i found that someone made a website to revive ironbrew

There isn’t, like I said only if they get hold of RemoteEvents or RemoteFunctions then it’s a problem.
To avoid this, give keys to your remoteEvents like
Remote:FireServer("A_Key", . . .) and when receiving the remote event you can do checks if the key is correct then execute code.

An exploiter can’t see the contents in ServerStorage nor anything else on the server. An exploiter can fire remotes from there client to the server with tamped information but not directly access the server.

The best way to fix vulnerabilities between the client and the server is by securing your remotes with popper sanity checks. Obfuscating your code is a band aid solution to fixing exploits. You may want to read over these two community tutorials because they explain exploiting very well:


I said a exploiter can see any client-side code, and then i said if it is in SS or SSS a simple backdoor can see it.

No they can’t.

There’s nothing you can really do about this, like nothing. You could hash your stuff (client-side so the local player can’t do anything) but that doesn’t stop them from nicking your source code.

You shouldn’t care about this anyway, most AAA games have backdoor unpackers so people can easily view what’s inside.

The best thing you can do right now is watch for viruses/backdoors. Here, take this.

please, read the entire post before posting random stuff, i said an exploiter can see the client-side code, and plugins can see code from SS and SSS scripts. Please, do not post these random stuff again.

what lmao

To not break forum rules, I won’t reply to any more of your arguments here. I just read your original post again and you clearly stated this:

if you are going to make an argument as stupid as me quoting a few words then I recommend you don’t say anything.

p.s: proofread your posts next time

Don’t give this advice. This is not security, and is usually bypassed almost instantly. Instead, rely on proper sanity checks on the server side with server side info.

In your first post you used exploit and backdoor interchangeably, which I assume is what is leading to the confusion.

@Cinema_Sin, I believe what Turtle meant to say was exploiters can access client code, and there is a separate non exploit related issue that backdoors can access server code and client.


Client-side? Just consider all assets, including scripts, to be public.
Server-side? Roblox would need to do a boo-boo.

The biggest source of leaks is you, the developer. Mainly through Team access.

1 Like