My lua compiler is that safe for my game?

fares14213 · April 10, 2023, 9:03am

I am actually creating a game that create Operating System using Lua.
So everyone can make is own OS and his own files and publish it to the local marketplace that i created.
I wonder if my lua compiler is actually safe?

In the lua compiler I have overwrite all lua globals to a empty function,

I have overwrite the script instance to the targeted instance ( args when launch )
I have overwrite the game to a “game” Table, so there are the display interface(It’s a sub-parent of the Player’s Inteface for security), (Client-Server)GetService and the mouse, the userid, the name, the displayname and language of the player, Create,Read,Write and remove Flie, Load LUA “module” and RunPE(the function named to run the script)

And i have created my own loadstring based to a module.
I have check in the memory, if there a value called game:GetService(“DataStoreService”), The main player’s interface or basic “game” Interface, gonna stop the script.

There are a another high-permission instance?

ObviouslyGreen · April 16, 2023, 8:08am

Why do you need a lua compiler in an OS simulator? Does the lua compiler run the given script on the client or the server? If it’s on the server then you should indeed worry about all this but if it isn’t, you don’t really need to since it’ll only change what the local player can see and nothing else. Just make sure all of the RemoteEvents and RemoteFunctions are secured.

fares14213 · April 16, 2023, 10:16am

I mean, i have create a lua compiler for those want create complex application in my game.
I can use loadstring but it’s not secure the player that manage the app can change in the datastore and infect my game. And the lua compiler is loaded in server so i have created a system that communicate with the client all Things: Mouse and UserInputService,I have put a tools helper and i created a anti-bypass like the player has access to the datastoreservice

ZestyIsSour · May 24, 2023, 6:50am

Maybe you can recreate lua inside the game? And maybe encode it or something.

samjay22 · May 24, 2023, 8:23pm

Im not quite sure how any of this is possible, you cant overwrite the global game reference because roblox locked the metatable its attached to. They also disabled getrawmetatable so you cant just force pull that to overwrite it. If you attempt to write to the game table you get an access violation error. You can manipulate the environmental variables per script and in theory, you can use modules with callbacks to simulate full control, but I don’t understand how you achieved what you are saying you did.

fares14213 · May 25, 2023, 4:32pm

I won’t recreating game reference, and change metatable stuff like this.
I want just to imitate the real system of a computer.

samjay22 · May 26, 2023, 4:51am

Ahh, in that case as long as you secure remote events you can do whatever you would like. The client has no control over what occurs on server.

fares14213 · May 26, 2023, 6:10pm

Yes i have created a server-client for UserInputService and Mouse