How do you obfuscate scripts?

Help and Feedback Scripting Support
#1

What I know about obfuscation so far:
An organised way to screw up code, and a way to change it back. This way if your game gets leaked the code will be unusable.

What I want to know:
Apparently it’s more complicated than this. Can anyone explain to me a rather simple way that I can obfuscate scripts in a way only I can access/people I give access to?

I want to know how to hide my scripts if it ever got leaked or exposed by a hacker. Thank you!

(This post seems pretty short and unprofessional, but I assume ROBLOX obfuscation is done differently than other platforms, so I researched as far as I think will help me and decided to ask here.)

I think this will help multiple people?

1 Like
#2

Could you explain why you would want to do this? It is impossible for an exploiter to steal server scripts, and exploiters can decompile your local scripts anyways.

Roblox has no support for closed-source code but they did before but that got removed. Since it allowed malicious developers to write malicious code to do malicious things. Plus there is probably a lot of open-source resources out there without any licensing that nobody has taken credit for. If you’re really that skeptical you might want to look into an open-source license.

3 Likes
#3

Oh, I’m not a scripter. I’m just trying to find out how to encrypt other peoples scripts. I don’t want their help because they’re the very people who can leak the game.
If someone on our team leaks the game, the scripts will be useless.

#4

I wouldn’t say encrypt is the term here but rather obfuscate. There is no reason to be obfuscating scripts anyways, and usually local scripts are useless without their server counterpart. So I think the script is indeed “useless” without the remotes it might use for communicating with the server

1 Like
#5

Yes! That’s the term, sorry for using the wrong word.

#6

Obfuscation can be helpful to confuse people who steal your code but people can also deobfuscate your code with the same obfuscation tools you are using. You can’t prevent people from taking/stealing your code and/or builds.

1 Like
#7

That’s the thing, how do I make my own? Like one only I can access. Then all scripts are secure, right?

1 Like
#8

Could you explain why you want to obfuscate your scripts in the first place? Obfuscation achieves nothing. Your code logic is still there, it functions the same, the most it does is make reverse-engineering it harder, not impossible. Please don’t.

1 Like
#9

I myself don’t have a clear idea on how to make your own but I would guess it has something to do with making your own variables and keys for such code and obfuscation.

#10

So that if the game got leaked scripts become useless, as they’re most important. But is it really always reversible? Even really complex obfuscated scripts?

#11

While it is true that people can steal your scripts, A game would likely not be fully functional because there will be missing parts and pieces of your game.

1 Like
#12

Obfuscating doesn’t make a script useless. All it does is make a script hard to reverse-engineer, but by the time someone does then they have the experience to make their own script anyways. And it looks like we are talking about local scripts here, and as I said those are useless without their server counterparts, and if someone ends up deobfuscating your script then they probably already have the knowledge to write their own server script counterpart.

And what @Spentity said:

Your code is probably going to depend on a very specific hierarchy

2 Likes
#13

So there’s no way to make it return the scripts to normal when the game starts? I thought it would do this, though. What’s the point of obfuscating your code if it just makes the game unplayable?

#14

I mean what if someone saves the game to their file. Or can only the owner do that?
This will mean everything gets leaked, except animations and sounds.
So there’s no system using advanced obfuscation to make leaked versions of games unable to be used? Like maybe code is always obfuscated, and then when you want to edit a script, you press remove obfuscation (theoretically) and you can only do this to a script at a time, and you need to be given access by an admin. Once done editing it obfuscates it again. Admins with passwords can access multiple scripts at a time. This probably has flaws but it’s just a general idea.
I can’t make this myself, but I want to know what to say to any future hired scripters that want to make a system like this.

#15

Stuff stored on the server cannot be taken. Whether that be scripts, models, whatever. That stuff is secure, and no exploit can take it.

This doesn’t mean store everything there, but server side scripts that only run on the server should 100% be kept there.

There is no need to obfuscate your code. I’m unsure why you want to, as whatever you obfuscate, an exploiter can easily reverse it. It’s a waste of time. Just store server side stuff on the server and you’ll be fine

2 Likes
#16

I’ve been told multiple times server scripts can’t be hacked in any way.
But can it be leaked? (Saved to file and sent using online upload services)
(Not trying to sound rude, sorry if it appears that way)
And it’s not really an exploiter I’m trying to fool, it’s people who want to take the leaked version, only to find the code is obfuscated. Is it really that unreliable?

Sorry if this has gone on to long, I’m not arguing, I’m trying to learn and I am listening.

#17

No. They cannot be leaked. No exploiter can get access to the server side code. And if they did it’d be a massive breach in Roblox’s server, which would get patched incredibly quick.

3 Likes
#18

Not an exploiter, someone who has game editing access.
Also thanks for the information, it helps :+1:

1 Like
#19

Then you should be doing a background check on your team members? What is the bigger picture here?

You don’t seem to understand what obfuscation is. Obfuscation is simply making a script harder to reverse-engineer.

For instance

print(1)

can become

return(function(g,a,a)local j=string.char;local e=string.sub;local o=table.concat;local l=math.ldexp;local n=getfenv or function()return _ENV end;local m=select;local a=unpack or table.unpack;local k=tonumber;local function p(h)local b,c,d="","",{}local f=256;local g={}for a=0,f-1 do g[a]=j(a)end;local a=1;local function i()local b=k(e(h,a,a),36)a=a+1;local c=k(e(h,a,a+b-1),36)a=a+b;return c end;b=j(i())d[1]=b;while a<#h do local a=i()if g[a]then c=g[a]else c=b..e(b,1,1)end;g[f]=b..e(c,1,1)d[#d+1],b,f=c,c,f+1 end;return table.concat(d)end;local i=p('23S23U27523T23Z27523U26Y26W26B26C27223V27927923E25123U23Y27924823W27927G27524827827G27427H27927427R23X27Q27X275');local a=(bit or bit32);local d=a and a.bxor or function(a,c)local b,d,e=1,0,10 while a>0 and c>0 do local e,f=a%2,c%2 if e~=f then d=d+b end a,c,b=(a-e)/2,(c-f)/2,b*2 end if a<c then a=c end while a>0 do local c=a%2 if c>0 then d=d+b end a,b=(a-c)/2,b*2 end return d end local function c(b,a,c)if c then local a=(b/2^(a-1))%2^((c-1)-(a-1)+1);return a-a%1;else local a=2^(a-1);return(b%(a+a)>=a)and 1 or 0;end;end;local a=1;local function b()local f,e,c,b=g(i,a,a+3);f=d(f,138)e=d(e,138)c=d(c,138)b=d(b,138)a=a+4;return(b*16777216)+(c*65536)+(e*256)+f;end;local function h()local b=d(g(i,a,a),138);a=a+1;return b;end;local function f()local b,c=g(i,a,a+2);b=d(b,138)c=d(c,138)a=a+2;return(c*256)+b;end;local function p()local a=b();local b=b();local e=1;local d=(c(b,1,20)*(2^32))+a;local a=c(b,21,31);local b=((-1)^c(b,32));if(a==0)then if(d==0)then return b*0;else a=1;e=0;end;elseif(a==2047)then return(d==0)and(b*(1/0))or(b*(0/0));end;return l(b,a-1023)*(e+(d/(2^52)));end;local k=b;local function q(b)local c;if(not b)then b=k();if(b==0)then return'';end;end;c=e(i,a,a+b-1);a=a+b;local b={}for a=1,#c do b[a]=j(d(g(e(c,a,a)),138))end return o(b);end;local a=b;local function o(...)return{...},m('#',...)end local function l()local j={};local k={};local a={};local i={[#{"1 + 1 = 111";"1 + 1 = 111";}]=k,[#{"1 + 1 = 111";{485;27;655;337};"1 + 1 = 111";}]=nil,[#{{513;934;885;524};{619;244;354;249};"1 + 1 = 111";{289;463;951;76};}]=a,[#{"1 + 1 = 111";}]=j,};local a=b()local d={}for c=1,a do local b=h();local a;if(b==0)then a=(h()~=0);elseif(b==1)then a=p();elseif(b==3)then a=q();end;d[c]=a;end;i[3]=h();for i=1,b()do local a=h();if(c(a,1,1)==0)then local e=c(a,2,3);local g=c(a,4,6);local a={f(),f(),nil,nil};if(e==0)then a[3]=f();a[4]=f();elseif(e==1)then a[3]=b();elseif(e==2)then a[3]=b()-(2^16)elseif(e==3)then a[3]=b()-(2^16)a[4]=f();end;if(c(g,1,1)==1)then a[2]=d[a[2]]end if(c(g,2,2)==1)then a[3]=d[a[3]]end if(c(g,3,3)==1)then a[4]=d[a[4]]end j[i]=a;end end;for a=1,b()do k[a-1]=l();end;return i;end;local function j(a,b,g)a=(a==true and l())or a;return(function(...)local h=a[1];local c=a[3];local a=a[2];local a=o local d=1;local a=-1;local i={};local f={...};local e=m('#',...)-1;local a={};local b={};for a=0,e do if(a>=c)then i[a-c]=f[a+1];else b[a]=f[a+#{"1 + 1 = 111";}];end;end;local a=e-c+1 local a;local c;while true do a=h[d];c=a[1];if c<=3 then if c<=1 then if c==0 then local a=a[2]b[a](b[a+1])else b[a[2]]=a[3];end;elseif c>2 then local a=a[2]b[a](b[a+1])else do return end;end;elseif c<=5 then if c>4 then b[a[2]]=a[3];else b[a[2]]=g[a[3]];end;elseif c==6 then b[a[2]]=g[a[3]];else do return end;end;d=d+1;end;end);end;return j(true,{},n())();end)(string.byte,table.insert,setmetatable);

All that mess just to print 1. I won’t specify which obfuscator I used since I don’t want to give anyone any ideas. All it is doing is making the fact that it prints 1 less obvious.

It doesn’t break the game if used in another place.

1 Like
#20

Don’t give them access then…?? If you can’t trust them with leaking your game, then they shouldn’t have access in the first place

1 Like