How does one use a alternative of a private module, instead of a open-sourced module?

Hello, Developers!

I am not sure if you guys have heard of this but, Roblox is removing private modules.

Let’s get to the point, how does one use a alternative of a private module, instead of a open-sourced one.

On first of 1st February, roblox will disable all private modules, I am speaking for Developers who uses private modules for many reasons such as admin, application centres and others

Like if we make the module to public, other players would be able to get our module and make it or rename it as theirs.

I would want a alternative to private modules if I was you.

Any suggestions?

1 Like

In this post: Removing Support for Third Party Closed Source Modules
they detail that the removal was of support for third party private modules. This means that you can indeed use private modules, but they must be created/published by you.

So I guess if you want to use a private module just get the source code of the closed module from the creator and then (with permission) publish it as your own and use it in your game.

What’s your use case? There is virtually no other alternative to “keep my code hidden but let people use it anyway” that I’m actively aware of.


You have 3 options:

1) Make your module open source. This is the easiest option, but probably isn’t what you want.
2) Obfuscate your source code and put it into a public module - just be aware any obfuscator can be cracked as easily as it was created - none that I know of are particularly difficult to analyze.
3) Compartmentalize your module’s source code - this better for some situations then others, but for services that can be ran on an external website you can just create an API key system. (and sell those for a fee/etc)


Is there a way I can do this if I have edit game perms in a group on Roblox?

If you can edit a game then you have access to its scripts. You could probably copy paste them into another script and then publish that as a closed module. Just make sure the creator of the module is okay with it. :stuck_out_tongue:

Would the creator of the game be able to view the module if it’s a closed one? (I’m not the owner of the group)

You are dealing with interpreted code that can be easily deobfuscated, detranspiled or beautified no matter how you obfuscate or transpile it.

You have a few choices that are actually worth your time:

  • Open source your system. Benefit from others that do the same.
  • Provide a remote service that is worth having remote and worth using. It won’t matter that the user portion of such a system is open source (i.e. an interface) as long as the remote service is under your control. You can then sell access and your time maintaining this service.

Closed source systems that you provide by obfuscation for a payment can be superseded by open source alternatives and you will see that this will occur after this change. Don’t try to sell obfuscated or weirdly-constructed-private-services that only really need to run some code locally – there are a lot of people out there that have way more time than you to reverse engineer anything you release.

Now imagine if all those people properly contributed to your locally running system (admin commands, application center system, etc) instead to make it even better than what you did yourself.

1 Like

There’s no alternative to a private module, you’d sadly have to make it public.

It worked :smiley:

What worked? Please explain what you did and indicate a solution by marking a solution to your thread, so others with a similar problem may see what they can do to help their own problem.

There are two solutions, one by thomas and one by cds, they’re the same.

Well, the owner would have the module in their inventory.

That’s not specific enough. You said “it worked”. What worked? People are going to read this thread if they have a similar problem or wish to know how to accomplish something. An obscure response is not helpful for people who are struggling with this problem and wish to find an answer. Also - if there are two solutions, then just mark the one that’s been the most helpful for you. If a thread is solved, you should indicate that it has been solved. Solutions guide others towards an appropriate answer.

1 Like

Well, I tried obfuscating the private module to a public one, but obfuscated.

Yes, but how?

using a obfuscator

local Script = [[print(“hi”)]] – < Put script here

function Encode(Text)
Text = tostring(Text)
local Table = {}
for i = 1, #Text do
local T = Text:sub(i, i)
table.insert(Table, T)
local T = {}
local MyText = “’”
for i, v in pairs(Table) do
local Key = string.byte(v)
MyText = MyText…math.floor(Key/128)
Key = Key % 128
MyText = MyText…math.floor(Key/64)
Key = Key % 64
MyText = MyText…math.floor(Key/32)
Key = Key % 32
MyText = MyText…math.floor(Key/16)
Key = Key % 16
MyText = MyText…math.floor(Key/8)
Key = Key % 8
MyText = MyText…math.floor(Key/4)
Key = Key % 4
MyText = MyText…math.floor(Key/2)
Key = Key % 2
MyText = MyText…math.floor(Key/1)
Key = Key % 1
MyText = MyText:sub(1, #MyText -1)
if tonumber(MyText) then
MyText = tonumber(MyText)
return MyText
local Encoded = Encode(Script)
print([[local BinaryEncrypted = ]]…“table.concat({”…Encoded…"})"…[[ function decode(str) local function binary_to_string(bin) return string.char(tonumber(bin, 2));end;return (str:gsub("("… ("[01]"):rep(8) … “)”, binary_to_string));end;local Binary = BinaryEncrypted _G.EncodedBinary = decode(Binary);loadstring(_G.EncodedBinary)()]])

This isn’t an obfuscation. It’s just an encrypted loadstring which can be cracked by adding loadstring = print on the top.
Also keep in mind most games have LoadStringEnabled set to false. Forcing someone to enable it in order to use your module isn’t the best idea.

If you really want to go about obfuscating your module then use a vm obfuscator. Otherwise you can always make it open source, or just some parts of it, and use a webhost for the rest, though it really depends on your module.

If you’re, let’s say, worried about your api keys getting exposed, you can utilize the headers which HttpService sends while performing a request. They contain stuff such as the place id, which you can use as an additional authentication.


The idea behind removing closed-source modules was not to have it bypassed with a different, but also unsafe (security wise) method… Obfuscation is slower, it is shady because why obfuscate all your code and what is running, and it can be deobfuscated by someone with the know-how to do so. The reality is, if you are so concerned about someone stealing your code, then don’t make it public. That simple. If you are selling something and you don’t know the buyer well, then don’t sell it to them. Think about it this way: don’t feel targeted now that your code is vulnerable, if it goes public (even though modules could also be vulnerable for the creator). Builders, UI/ decal creators, clothing creators, and others have had this problem since the start of Roblox, but they continue business as usual.