I’ve been wondering if it’s allowed to obfuscate scripts with obfuscators, such as IronBrew, as I am very (very) paranoid of backdoors, and do not want any scripts to get stolen or leaked etc.
There is no reason to obfuscate scripts.
Security through obscurity is not real security. If you obfuscate your scripts you’re merely making it harder to understand, but your code logic is still there. You can lose performance by doing this, and debugging obfuscated code is going to be hell. Also, obfuscation is generally associated with bad scripts. So if someone comes across your scripts they might assume it is malicious and report it.
If your script is not malicious then there is nothing to hide.
Also deobfuscation exists, so yeah obfuscation provides zero security
Thanks! (30 charrrrrrrrrrrrrs)
I haven’t seen anyone fully deobfuscate known lua obfuscators, it’s more like getting the constants than deobfuscating.
Manual deobfuscation is possible as well. It might take longer, but is definitely possible. I have done it many times.
To answer your question: You are allowed to obfuscate your scrips.
However adding onto what @incapaxx said, there is not much point in obfuscating your scripts for security reasons because all obfuscating does it make code harder to read and understand. The best way to protect your game against backdoors is by having the appropriate server sided checks and not trusting the client. It is also impossible to stop exploiters steeling your scrips because those scripts are on the players client.
It is worth mentioning, an exploiter can only steel your client sided code so without the server that code is almost worthless because parts/most of the stolen code will rely on some of the servers input. If you are worried about people steeling your games code just make your game better than the stolen copies and if you suspect a game has stolen your code report it to Roblox.
so, its against the rules? i want to obfuscate my code, the dude that im working with hasnt paid me yet, and i dont want to be scammed and i want to make a whitelist system on my code so if the guy dont pay me and kicks me out of the project i can blacklist the game and my scripts will be fine
I believe it is not against the rules, although I do suggest you un-obfuscate your code when you turn in your work (after they have paid you, presumably).
So what of all the sellers who make premium frameworks for people to buy, you saying because they obfuscate their code that it’s malicious?
If your script is not malicious then there is nothing to hide.
Laughably incorrect.
Also deobfuscation exists, so yeah obfuscation provides zero security
Go deobfuscate Alpha Engine then, I’ll wait.
i will do it, thx anyways bro but i think it will be safe againts exploiters decompiling the script, it will not work because of the whitelist system
thats what im saying bro, try deobfuscating psu or moonsec, both are easily dumpable but impossible to deobfuscate (execpt for moonsec because TR4SH exists which costs 50£)
It’s inexperienced people like the one I replied to that continue to spread mass misinformation. It’s unfortunate.
I’m obfuscating my client decryption and encryption im working on a client and server anti cheat that communicate with each other through remote events and the messages they send to eachother will be encrypted so obfuscating my client side anti cheat is necessary for my encryption to be secure.
they even mentioned “TR4SH” which is a known scammer that sells a fake deobfuscation service. I can’t believe he’s still relevant and that people believe it…