How To Hide script.Source From Exploiters?

After doing a quick google search, I found out exploiters can view the source code of a script. I am making a script where with a key, you can use admin commands. How do I hide the source?

1 Like

Exploiters can only decompile (view) LocalScripts and ModuleScripts, You can make a RemoteEvent that sends the key the player inputted to a ServerScript which will have the key stored in it and check if the key is correct, also it would be more safer to just use a UserId whitelist or something like that.

there is no way to hide a specific script. exploiters only can’t access ServerStorage and ServerScriptService, means anything you put in those folders cannot be viewed by any client including you. i suppose admin commands dont need localscripts, so you can just script it all in serverscriptservice.

by the way,

this is false, exploiters can decompile anything that their exploit engine can see.

They can’t view the source code of server scripts, but they can view the server script Instances

Server script bytecode isn’t sent to the client so the exploiter’s machine doesn’t have it (the same reason why they can’t view ServerScriptService and ServerStorage)

2 Likes

In Roblox, it’s not possible to completely hide the source code of your scripts from exploiters, since they can always use a Roblox exploit tool to view and modify the code. However, there are some steps you can take to make it more difficult for exploiters to access and modify your code.

One common technique used by developers is to obfuscate their Lua source code. Obfuscation is the process of transforming your code to make it harder to read and understand, while still preserving its functionality. This can make it more difficult for exploiters to understand how your code works, and can also help protect against automated analysis tools.

There are several Lua obfuscation tools available that you can use to obfuscate your Lua code. Some popular options include Luau Obfuscator, Script Obfuscator, and Ironbrew. These tools typically work by renaming variables, functions, and other elements of your code to make it more difficult to understand.

Another technique that can help protect your code is to move sensitive logic and data out of your scripts and into server-side code. For example, if you have important game logic that you don’t want exploiters to be able to modify, you can move that logic into a server-side script, which is not accessible by clients. You can then use remote events or functions to communicate between the client and server as needed.

Finally, it’s important to keep your scripts up-to-date with the latest security best practices, and to stay informed about new exploits and vulnerabilities as they are discovered. You can also use Roblox’s built-in security features, such as the DataStore service, to help protect your game data against exploits.

2 Likes

When the game starts, Roblox compile it to bytecode (Harder to understand the code).
But the exploiters can get the bytecode and decompile.

You can create server script and use LMB Client-Server Module (If you want get mouse and userinputservice in server side)

You use Remote Events. Exploiters can’t see the scripts that are under ServerScriptService so you have a LocalScript that acts like “may I please use admin commands, look I have the key it’s [key]” which the exploiter can see and read(view its Source) and a server script that acts like “Sure let me check if the key is correct, if it’s correct I’ll give you admin commands”(which the exploiter can’t read because it’s not replicated to them). Basically, those 2 scripts communicate through the remote event(the client sends parameters through it to the server and the server can see which player fired it and what they sent) also you should ratelimit the remote event if you don’t want exploiters to brute force the answer.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.