There are lua decompilers for roblox that people use to decompile scripts in games but how do you make a script that breaks the decompiler and crashes it to prevent decompilation of your local scripts?
Any ideas? or what to start?
5 Likes
From what i know there is no way to do this unless there is a bug with the Decompiler plus if there was with whatever Decompiler the person uses it will either be fixed or they will just switch to another one without the bug
Thereās no point in making your script impossible to decompile. What do you have to hide?
If you suspect your script is vulnerable or can be tampered with, you really shouldnāt be focusing on whether someone could figure out the inner workings of your code. Follow the best and most effective practice - never trust the client. With enough time (or skill) any person can at the very least disassemble the bytecode of your LocalScriptās. Having good checks on the server side can render most exploits useless.
11 Likes
anti decompiler because of the usage localscript anticheat. It isnāt useless to have localscript anticheat because you can make it very hard for the exploiter to bypass, but it will make it a lot easier if they can see the local script.
There isnāt much merit to an āanti-decompileā unless you have sensitive information in your code outside of comments. But then again sensitive info should never be accessible to clients. If your server is secure then it really doesnāt matter if exploiters can see your local code
What kind of anti-cheat are you implementing?
anticheat just regarding flying exploits. why? I believe you can crash decompiler when someone tries to decompile your game so that they canāt retrieve your localscript. I know itās definitely possible.
In any case, these checks can still be bypassed if anyone wants to be bothered. Every aspect of your script can be watched, logged, tampered with, debugged and hooked. Movement cheats should be detected on the server. An anti-decompile will just stall most uneducated exploiters.
1 Like
Well hackers can get bytecode only from local scripts and modulescripts not server scripts,
at all roblox isnāt sending server script bytecode to client because thereās no reason to,
decompilers can decompile only local script and module script (of course if you donāt have backdoor in your game so they can get into server) also when hacker decompiles local script or module script they will see your variables as āu_1,u_2ā etc. because decompiler canāt get names of variables
2 Likes
To add onto this the* Hacker could just Delete the script in question
thats what im getting at. make it really difficult for the exploiter to bypass anticheat so that they spend so much time trying to figure it out or give up.
you can easily prevent exploiter deleting the script.
How? Cheats like SynapseX have access to files inside the roblox client(You do not)
please explain how you would prevent a Hacker from deleting a script
if the script is deleted then just make it respawn.
exploiters dont need to delete scripts by the way; just disconnecting connections/changing constants/globals/etc or anything like that and boom script broken
4 Likes
To add to this why cant they just delete the script that respawns it as well?
Basically to use this method and prevent deleting the first script you would need infinite scripts respawning each other.
Edit @sjr04 is correct as well changing a couple things can break the script entirely and they could just disable the scripts without deleting them
serverscript service makes scripts not visible.
what do you mean by changing constants, globals, and disconnecting connections?
Constants - strings, numbers, global names, method names
Globals - mutable/immutable objects in your scriptās global environment
Connections - objects made when you utilize the :Connect method in RBXScriptEvents
I donāt understand why you want to do this?
A good to detect flying exploits can be raycasting downwards to check if the player is in air for a huge amount of time. Which can be done in the server side. Not the best option, but you can probably get the idea.
But I would request you not to waste time in trying to secure the client, even if you make it really hard, it will still be exploitable as Client has access to all the client side files. Securing your remote events and similar things is the best method for securing the game from exploiters.
Also a really good thread that explains much about common exploits, which might help you get a better understand.
Hackers have an Insane amount of power over the client, cheats work by Changing the files that are on their computers so having a anti cheat be local isnāt the best idea.
Local Anti-Cheats arenāt a bad thing of course doing them properly can stop people who donāt know(Most of them) what they are doing but if someone comes out with a script that deletes them well you just wasted about an hour of your time
My best advice would be to NEVER trust the client just secure your remotes using sanity checks
and validate data on the server when the client requests it do stuff server sided as much as possible
Also Server Sided Anti-Cheats cannot be tampered with by the client so detecting cheats on the server will be much more secure
1 Like