Model/Asset Whitelist System Help

Hi everyone! I need some help with model whitelisting. I am planning on uploading a pack of cars for sale. However, I do not know how to whitelist the cars so if the owner of the game did not buy the game-pass it would destroy the cars. I have thought of utilizing Trello or module scripts for the list. I was thinking if I used a script to check if the player was whitelisted in Trello or a module script, it would then run the function to delete the cars but is there any way to make a more secure system? Because a player can simply remove the script, it would ruin the whitelist.

I have looked on youtube, scripting helpers, and the devforum itself and could not find anything of use. If you have any ideas I would appreciate hearing them!

5 Likes

There is absolutely nothing you can do in this scenario. The answer is in the question:

Sorry, but the only answer here is not to do anything at all. Don’t bother with the whitelist, don’t bother with selling your cars. Put the idea to rest, it’s not possible to achieve this.

It would be significantly more beneficial to render services for open commissions in the Collaborations category than to sell loose goods which don’t fit across every project’s needs. Not only will you be making assets for specific projects, but you can net higher gains and have the opportunity to network with other developers as well.

tl;dr services >> goods. You can’t do this, so take commissions instead of selling loose assets.

2 Likes

Well, I have seen a RoAviation group called PodTech.They sell the modules which gives the tool in-game, making it almost impossible to resell, so why isn’t it possible to create a whitelist system like that?

2 Likes

I don’t know how different the circumstances are with the little information that is provided about how they have their system set up, but please do read the OP and my response.

This is about selling a model and including it with a whitelist so that people who haven’t bought the model are unable to use it. To do this, you’d need a script in the car in the first place, which can easily just be removed and thus you’re left with the car geometry with the whitelist removed.

In addition, do remember that third party private module loading is removed. When that was still a feature ideally parenting the car to the module would be enough, but as of right now you could just insert the module and take the car model right out.

They use an bot system that creates an whitelist.

This is incorrect.
There are multiple services out there that do what @Coolman26071 wants to do, for you.

Such as;
Military Simulator Industries, MSI for short, by @RoyallKiller, or Atekcore Whitelisting by @DesiredLion for instance.

I won’t go into full detail on how this is done, but it’s nothing more than basically;

  1. Setup a discord bot that includes at LEAST the following commands;
    !verify - bind discord account to roblox account
    !generate - a unique xxxx character key that can be redeemed
    !redeem - redeem a key that is generated and only provided to a user when they bought a product
  • then when redeem is runned, somehow check the tech that it was generated for if you are selling multiple products (can be done by e.g starting the key’s first 3 characters with a specific combination such as; TE1), do the same for the amount of slots they bought (how much games it can be used in) and then save all that into a database.
  1. To your code that makes the product you’re selling work, add code that checks for the “main” whitelisting script. Then obfuscate all this

  2. Add a “main” script which uses an API to check the database for the game creator’s ID. then check how much slots they have bought and how much games are running with the tech inside.

  3. If the user is using tech A in game 1, and the user has bought a license for tech A, and they are not exceeding their slot limit, then allow the product to work, else delete/destroy / break the product.

Sure, this ain’t a 100% proof solution but this is the best you can get since Roblox removed private module scripts. But due to obfuscating the product code, they can’t just simply remove the code that checks for the “whitelist checker”. Due to the whitelist checker, they can hand out to others, however they can’t do anything with it as their userID will not be in the database. Sure they can remove the “whitelist checker” but if you added code within the product code like I said is obfuscated, then it’ll break aswell.

Once again this ain’t 100% stealer-proof as all code can be obfuscated but it’ll be hella work for them if you do it right.

3 Likes

If you’re going to tell me I’m wrong, then you should at least know what you’re talking about and what the thread is discussing. You aren’t the developer of either system and you don’t know how they function either. I’m not wrong here.

First of all, it’s important to understand the distinction between what you’ve linked and what the OP wants to do. OP wants to sell a car model but doesn’t want those who didn’t pay for the car to get access to the model. This is fundamentally different from selling access to functional systems because there’s no functional components to be sold here, only a car model. There are two common ways that this can be done, both of which do not work:

  • Add a script that deletes the car from the DataModel if it doesn’t detect that the end user has made a payment. Simply deleting the script rids that concern and then it can be republished freely. Doesn’t matter if you obfuscate it or whatever, the point is that the script is there and it can be deleted, so any effort to that extent is wasted.

  • Lock the car model behind a script that only inserts it to the DataModel at runtime if it detects that the end user has made a payment. Doesn’t take any effort at all to reparent the script’s children. If you’re inserting it from another source (e.g. InsertService), then you must also remember that InsertService limits insertions to assets that are either in the owner’s inventory (for a group place, it must be in group models) or models uploaded by Roblox. This is also an anti-developer solution because they lose any sort of customisable freedom with the model.

This is why I’m not wrong in what I’m saying and you’re free to prove me wrong that it’s not impossible to sell models without code while preventing non-payers from using those models. If there’s no code involved, then the only thing left is the model itself which is inherently easier to take than code. With code, you actually have to take extra steps to get it.

I’m also not exactly wrong in saying that services are better than goods. By rendering services instead of one-off models you get the opportunity to network with other developers, contribute more than one model to a project and create models that are directly fitting to the style and needs of the project. Additionally, you may earn more from a running project than a one-time commission (depends on the offer details of course).

Now coming back to the idea of paywalling code: the crux of key redemption systems is obfuscation and/or external hosting, both of which have been proposed solutions as per the removal of private modules. Obfuscation can be reversed so I won’t bother to talk on that. It’s not a real solution for protecting code, it simply adds complexity needed to access raw code. There’s no argument to be had in “you can include the whitelist bit in the obfuscation” - people can republish deobfuscated content.

External hosting has been proposed as an alternative for private modules which is probably more reliable to “lock” your code, probably in exchange for performance though. This method is also limited to server-sided code, considering you can’t write to the Source of LuaSourceContainers at run time (and therefore cannot write out client-side code to a proxy ModuleScript or whatever).

If this thread was about paywalling a system rather than a model? Sure, I might be wrong in that case which is why I would respond differently and propose searching through existing threads about private module replacements. This isn’t about that though.

3 Likes

You’re right indeed, but he never said it was just a car model. I assumed that

I am planning on uploading a pack of cars

meant working cars and not just the model. That’s my bad.