Hi! It’s me again! I’m having a problem right now:
I want to create a plugin:
Or rather, a light version and as soon as the PluginMarketPlace is available for everyone, the whole version (spoiler, you will have to pay for this, if the PluginMarketPlace will be available for everyone in the future). But right now I have one thing in mind:
That people will steal the source code of my plugin. I was thinking about making the Lite version free and open source, but keeping it secret. However, I have no idea how to protect my plugin. I thought I would do something like this:
--Plugin
local Plugin = require(id)
Plugin.LoadPlugin(UserID_of_current_developer)
--SourceCode
local SourceCode = {}
function SourceCode.LoadPlugin(ID:number)
if UserPurchasedPlugin(ID) then
--RunMyCode
end
end
return SourceCode
But I’m not sure that this will protect my plugin. It would allow Roblox to look at my source code (on the subject, if no one sees my source code, then a bad person could do bad things, Roblox can look at my stuff, and it wouldn’t hurt, right? Since Roblox can theoretically ispezionieren my stuff) if there would be a problem and I could check if the person has bought my plugin or not, if he is allowed to use it or not. But is this the right and only way? And can I protect my plugin from bad developers (so they can’t steal my source code in any other way)?
I’m very new to source code protection, so I definitely have no idea. You can correct me very well if I said something wrong. Because really, I want to keep my source code secret from the whole plugin, but in a legal way (that Roblox can control my source code too, so if someone thinks I did something wrong, Roblox can control it himself and this is all legal. And yes, I have read this: Best way to protect a module?)
You could possibly use the require function to call a more protected and private script.
You could also just try to obfuscate it using something like Ironbrew to make it harder for people to steal your source code.
I can’t guarantee that your code will be 100% Secured as there will always be someone who will be able to deobfuscate your code or find some sort of way to steal it.
require wouldn’t help since you can’t require private modules anymore. That would just take an extra step to view the source. Even with paid plugins, there’s nothing stopping you from cracking it open and taking a look. This is actually a really important thing, since there’s already so many backdoor plugins on the market even when the source is openly available. If people couldn’t even check if a plugin was a backdoor, that’d lead to some bad places.
As @rogchamp mentioned, if you want people to be able to use your plugin, it’s code will be open for all. The best way to protect your plugin is to make it unique & worth it, so that people would rather support it than the free version.
But my idea is, and im most likely to do this with my plugins is, whenever u buy the plugin u now own the plugin so with roblox apis and such u can check if the player owns it, so no more false copys + obfucscate it so nobody can tamper with it to disable it
High chance of getting terminated off the platform. In the Creator Store, you cannot obfuscate your code due to security reasons.
Many other plugins have tried this method, where they check if they own the plugin, but that can easily be bypassed by literally going to the folder that the plugins are stored in, getting the plugin’s .rbxm file, loading it manually, and changing/deleting the part in the code where it checks if the user owns the plugin. Pretty easy.
Unfortunately, you cannot protect your plugin’s source code, since it gets downloaded to the purchaser’s computer. If it’s paid, you cannot see or download the source code until you purchase it, but once it’s obtained, you can see it no matter what.
roblox needs to keep it secret its so annoying i spend weeks working on something release it someones buys it and starts charging a cheaper price for a copy
I can confirm. Most plugins check ownership by checking its own name. If the plugin is from the marketplace, it uses the format cloud_<assetid>. If it was a local plugin, the name will just be the name of the plugin rbxmx file.
Moon Animator Suite tries to hide the ownership check by indenting this line really far so that it can’t be seen
That’s the issue. you could just change it and use it for “free” even tho you didn’t pay for it.
Ig I was naive when I posted this topic: if there would be a solution, there would also be a solution for piracy of bigger and more expensive softwares. But, since there’s none, it’s unlikely that there’s one for small size Roblox plugins