So, I know this post may be similiar to some other posts, but I will include more details.
I sell product “licenses” using gamepasses, and my products check if the gamepass has been bought by the game owner or otherwise refuse to work, is this allowed?
And to prevent tampering, the script is also obfuscated. I am not using obfuscation for malicious purposes, but Roblox has no way to tell, is obfuscation safe to use and I won’t get my account terminated?
1 Like
It’s up to you if you want to obfuscate your code, but for me I guess it’s pointless. And I don’t think it’s a bad thing to obfuscate your code, enlugh to be against ROBLOX.
This should perfectly show why obfuscation isn’t recommended: https://devforum.roblox.com/t/is-it-against-the-rules-to-obfuscate-scripts/515510
If you still feel like this adds some security for your scripts, there’s no one stopping you.
2 Likes
One issue I see with obfuscation is that it could produce NSFW strings of text (by random chance).
Wait, you’re checking if a player owns a gamepass on the server, right? Hide the code where it’s not replicated to the client, and you won’t need to obfuscate at all.
I am checking if the owner of the game owns a gamepass/license, to let the owner use a product that is being sold
If you obfuscate it, its more likely to be cracked and distributed. Also all obfuscators are crackable now adays, just make it hard to read (Name variables random stuff like v1 or v2). Don’t obfuscate it fully.
Owner of the game, as in someone able to edit it in Studio? Or VIP servers?
I feel like this conversation has nothing to do with what I was asking in the first place,
This warning in the Save to Roblox menu warns of termination, but I am not using obfuscated code maliciously
Right, I just wanted to propose an alternate solution where you didn’t have to obfuscate code. The client can’t access any running server-sided scripts inside ServerScriptService, so I wanted to know if you’re making the gamepass comparison in there, in which case obfuscation won’t benefit anything. If you were running it locally I was going to recommend moving it to the server and firing an event/replicating content to the client based on if they own the gamepass or not.
He is giving the script to the game owner. He is trying to verify that they own a gamepass in order to unlock/activate the script. He doesn’t want the owner of the script to be able to read or change it.
I wouldn’t buy a script (or model) for my game that I am not able to see(what its doing, even if you say its not malicious) and not be able to change it to my liking, if I so choose to modify it.
IDK about TOS violations, can’t help there.
1 Like
Oh thanks, I get it now.
I would definitely avoid obfuscating source code you’re delivering someone as that most certainly will be interpreted by the recipient as in malicious intent. Distributing something on marketplace made in a way you don’t want anyone to know what it’s doing may fall under their ToS as terminable
The short answer is that it is technically allowed, though, it probably isn’t a good idea. If you are publishing some sort of service you want to lock for specific things, obfuscation won’t do what you’d like, it’s pretty trivial for someone with the right experience to come in and figure out how to get around any sort of stuff you might have to prevent your service from running.
If you want to secure something against exploiters, you’re also not going to have much luck (you might have heard the term “security through obscurity,” basically, security through obscurity, in other words, security through obfuscation, is just not really a thing you can rely on). Things like variable names will already be gone from scripts, they aren’t included when they are compiled, and obfuscation won’t prevent exploiters from exploiting or getting around any checks and things you have, it just means they can’t easily read the code that does it.
Another reason not to use obfuscation is that it will massively slow down your code in a lot of cases, it defeats a lot of luau optimizations, and usually just does a lot of undesirable things for speed.
Additionally, obfuscation by design makes it hard to tell what your code is doing. This means that, if Roblox gets a lot of reports on your code, they can’t see what it does, so, they may simply have to moderate it.
Overall, I would recommend avoiding obfuscation for all of those reasons, I know that technically it is not quite a direct answer to your question, but, your question also doesn’t really have a direct answer I suppose.
The main reason why you might want to use obfuscation that I’d personally call a good use case is to simply prevent people from getting the original source code, pretty much to protect your intellectual property, but, that’s more in like a case where you have a license for it and stuff in like an open sourced sort of situation. It makes it a little less easy to modify your code (not impossible and sometimes not even hard), and, it still comes with all of the above problems. People will naturally be less trusting of obfuscated code, and that may include Roblox.
6 Likes