Prevent Script Decompilation?

if the script is deleted then just make it respawn.

exploiters dont need to delete scripts by the way; just disconnecting connections/changing constants/globals/etc or anything like that and boom script broken

To add to this why cant they just delete the script that respawns it as well?
Basically to use this method and prevent deleting the first script you would need infinite scripts respawning each other.

Edit @sjr04 is correct as well changing a couple things can break the script entirely and they could just disable the scripts without deleting them

serverscript service makes scripts not visible.

what do you mean by changing constants, globals, and disconnecting connections?

Constants - strings, numbers, global names, method names
Globals - mutable/immutable objects in your script’s global environment
Connections - objects made when you utilize the :Connect method in RBXScriptEvents

I don’t understand why you want to do this?

A good to detect flying exploits can be raycasting downwards to check if the player is in air for a huge amount of time. Which can be done in the server side. Not the best option, but you can probably get the idea.

But I would request you not to waste time in trying to secure the client, even if you make it really hard, it will still be exploitable as Client has access to all the client side files. Securing your remote events and similar things is the best method for securing the game from exploiters.

Also a really good thread that explains much about common exploits, which might help you get a better understand.

Hackers have an Insane amount of power over the client, cheats work by Changing the files that are on their computers so having a anti cheat be local isn’t the best idea.

Local Anti-Cheats aren’t a bad thing of course doing them properly can stop people who don’t know(Most of them) what they are doing but if someone comes out with a script that deletes them well you just wasted about an hour of your time

My best advice would be to NEVER trust the client just secure your remotes using sanity checks
and validate data on the server when the client requests it do stuff server sided as much as possible

Also Server Sided Anti-Cheats cannot be tampered with by the client so detecting cheats on the server will be much more secure

Even if this was possible (it isn’t), the client would contain the code and therefore, it will be bypassed. When most people exploit, they run scripts & code created by people who know what they’re doing. The people who run said code can fall anywhere on the spectrum and therefore, you have to assume every client is out to hack your game because the off chance you don’t, you’ll leave your game open to issues which will heavily affect your gameplay, your activity and most importantly the driving factor to any game: Engagement. Also, it’s 5am. And I can’t think properly rn.

some serverside anticheat ideas i thought of but i think aren’t better than localscript anticheat:

1. checking studs per sec speed of player through serverscript can just be spoofed by telling server you arne’t moving so they can still move fast

2. raycast thing you said is bad because players get flung so there will be false kicks, it will just make it so that they fly low and they can spoof again.

3. calculating distance and position of points created as a trail following the player with a specific animation to see if they are flying or doing anything sus because when you fly you stop playing any animations and your character is flat like a dummy but they can just play the animation.

4. neural network to look at the player to see if they are flying because as a human i can see with my own eyes the player is fly hacking just by looking at them and my brain knows they are cheating somehow, maybe make that into a script? but how?

5. orientation checks, when they fly they move around and rotate a lot but exploiter can just make it so that they don’t rotate when flying.

6. character acceleration? you can’t do that

i dont like serverside.

It is possible, there are games that crash decompilation. Anti-decompiler and I would like to know how it’s done.

I think the term you’re looking for is “anti-place stealing”. Crash decompilation (I’m not sure if this is the correct term; sounds cool) is way too complex to be achieved properly (and within definition) on Roblox.

im not talking about place stealing, im talking about localscripts. Anti script decompiler is definitely possible because there are literally games that do it.

Wouldn’t that basically be place stealing without the geometric instances attached? I think if you had access to local scripts, you’d have access to everything on your client including geometric instances.

The main thing here is that Roblox controls the compilation of scripts so, to interfere with that process, you’d need lower level access to the engine.

i guess yeah. Stealing localscripts specifically. yes you can make anti-decompiler, there are games that can stop synapse decompiler and crash it.

Our point is that its not impossible, but that its not worth it.
Its not worth putting in multiple hours(most likely days) for something that just prevents the decompilation of code that shouldn’t even be sensitive in the first place if someone decompiles your local code it shouldn’t be able to cause any significant damage to your game

Also what are these games that achieve this? I’ve never heard of them

if they decompile localscript anticheat then they have a better idea of what they are working with so they can bypass localscript and cheat. making it so that decompiler breaks will prevent them from viewing it so they struggle.

And that’s exactly why local script anti-cheats are discouraged they can be decompiled and reverse engineered to an extent because the “LuaVM” will Censor(Might not be the right word) certain things like variables

Like this

local CoolVariable
--Will be 
local v_1

plus we come back to this
They can just remove or disable the script using other methods
Never underestimate people that make Roblox hacks they are extremely determined and will always find a way around

You know games like Rainbow Six Siege?
They use anti cheats that scan the files on your computer and detect if something has been injected those games still have hackers no matter what you do you will only be able to Decrease the amount of hackers and never completely remove them

Although your method will slow them down you must weigh if its worth the amount of time it will take
The best way to do this would be to do EVERYTHING sensitive on the server the local code shouldn’t contain anything that could possibly compromise the server

There is no way to prevent decompilation, but there are other ways of securing your local scripts.

1. Hide them. I’m pretty sure that you can create hopperbins, never parent them and put your scripts in there and they will probably work. Scripts that can not be found using Dark Dex or any other script thar allows you to see the workspace and services will usually throw unexperienced exploiters off guard. If that doesn’t work then just hide it somewhere else.
2. Obfuscation/Minimisation. Even if the exploiter decompiles your script, he won’t be able to understand anything.
3. Merge all of your local scripts into one. The maximum amount of lines in one script is 16,000. Even if the exploiter somehow manages to decompile that giant script without the decompiler crashing, he will never be able to iterate over thousands lines of obfuscated or minimised code.

In the end it’s all the same bytecode instructions all of which lua decompilers can read
you can see more or less what exploiters go through at https://www.luac.nl/

@Weldify
there are a lot of tools to get any hidden localscripts, you can’t hide them at all
and
since when is the limit 16k lines
I copy pasted the script below to 35k and counting

image1546×909 48.2 KB

also, the PF framework being not very far from being that long is still very easy to decompile

Strange. I swear I heard that the limit is like 16,384 lines, apologies then.