Module script can be hacked?

well i have 2 local scripts each of them has user input service and both of them have the same input lets say it is “K”, so both of them fires at the same timei ,i’ve put a module script in playerscript service to prevent this from happening by useing a variable set to true or false depending on scenarios. can the hacker modify the variable inside of module script?

2 Likes

yes, an “exploiter” can change any value that exist on his machine/device
the only things that an exploiter can’t change are the things that exist on the server / things that doesn’t exist on his machine

5 Likes

any solution to this problem ??

3 Likes

that cant be really solved on the client they can even delete the whole script or duplicate/modify it
what you can do is add server verification for what the client will do
also the solution depends on what you are using it for

for example, if it’s a fighting game you can have the variable on the server instead of the client and check for it on the server when the event is fired

2 Likes

You can save your module privately then require the module by its id require(Module_Id_Here), private modules are safe until someone breaks into your account and saves it.

4 Likes

i don’t undestand if i require it from local script the hacker can too no ?

2 Likes

By using ID they cannot unless they are using your account, if you publish it privately, you are the only one can require it.

2 Likes

still don’t understand … what do u mean id ? like changing the name ?

2 Likes

Look, you publish the ModuleScript with Save to Roblox and disable Allow Copying and copy the ID and require it by require(paste your id here).

2 Likes

but the hacker can look at his local script and he would see the require(–some ID) and then he can use it no ?

2 Likes

The module is in your inventory, they can see the ID, but they won’t be able to access it anyways.

1 Like

they cant just do this ?
require(game.rp:WaitForChild(idhere)).anyvalue = value ??

1 Like

What do you mean by that code? anyways they cannot access the module, the only way is to log in your account and manually take the module.

2 Likes

i meant by that code is the code that the hacker would write on his exploiter programme

1 Like

They are not the module owner. Again, the only way to get the module is by the place owner.

do people use this method ? thats my first hearing about it to preent hackers

Yes, if you research, you would know that.

is there any post that mentions it?

1 Like

If the client can do it, so can exploiters.

Exploiters have the same access to module scripts that you do as the game designer, except their access is even stronger. There’s really no way to secure the client against hackers. You could try storing instances inside your local script then deleting the module script, but they could still change the local script function environment with an updated version. If you’re storing something vulnerable on the client side, consider doing it on the server side instead, otherwise you’ll have to bite the bullet