Protecting Scripts

devCoastal · July 7, 2019, 4:45pm

So I am making scripts for people at the moment and selling them.

Sadly people today resell and leak products I sell.

Is there a way to protect my scripts? Or like give them a license somehow?

I know this is confusing, but if you could help please do!

Halalaluyafail3 · July 7, 2019, 4:51pm

No, if you’re giving a script to someone, there is nothing you can do to stop them from giving it to other people. Instead of trying to stop them, you should get a trusted list of people which you will sell to.

waterrunner · July 7, 2019, 4:59pm

As @Halalaluyafail3 said, there is no way to stop people reselling/leaking your code if you give it to someone. There used to be a way to stop people from ‘copying’ your code through closed source modules but they are no longer a thing.

goldenstein64 · July 7, 2019, 5:01pm

There has been a lot of talk some time ago about the removal of closed-source modules, outlined in this announcement:

There has been a few articles that list some alternatives to this:

I recommend that you just use the search bar to find some threads about it, since there is tons of information here that people are missing out on.

Creeperthekid32 · July 7, 2019, 5:02pm

You could put a comment saying whom it was created by. While this doesn’t give it licensing, I guess it helps?

--Created by Creeperthekid32 @ 14:52 PM.

anon92559147 · July 7, 2019, 5:33pm

you could always make a ‘Game check’ in the script where the script can check when ran if its in the game its supposed to (maybe by checking for the part) and if its not then to terminate the script. However most people with a basic knowledge of lua will be able to find these so its recommended you try and disguise them.

EDIT: Another good check is by verifying the placeId

TheodoreBalfour · July 7, 2019, 6:29pm

As someone has already suggested maybe hide a few pieces of code that go along the lines of

"If place if == 123445 then script = true

But really there’s no other way, once it’s gone it’s gone. This would also be easy to spot for a moderate scripter just checking your code.

Amiaa16 · July 7, 2019, 6:37pm

The most you can do is obfuscate the script (with an actual obfuscator, not an encrypted loadstring), but that still doesn’t guarantee you 100% security.

Sartorra · July 7, 2019, 7:44pm

Maybe obfuscate and add a print that says it’s made by you?

nooneisback · July 8, 2019, 1:07pm

And what exactly stops them from just simply replacing the print with something else? Here’s an example of an obfuscated code that prints “test”:

local dsd,csd,dwc,gds,sfv = getfenv,setfenv,loadstring,"test",print
local csd,dwc,dsd,sfv,gds = dsd,sfv,gds,dwc,csd
dwc(dsd)

It’s not perfect, but it serves as an example.
Now look how I will nullify it by replacing a single value:

local dsd,csd,dwc,gds,sfv = getfenv,setfenv,loadstring,"test",function() end
local csd,dwc,dsd,sfv,gds = dsd,sfv,gds,dwc,csd
dwc(dsd)

No more prints

All you need to do is search for “print” and replace it with an empty function.

Amiaa16 · July 8, 2019, 1:10pm

Here is a better example of an obfuscated code that prints “test”:

local a=string.sub;local b=string.byte;local c=string.char;local d=unpack;local e=getfenv or function()return _ENV end;local f=tonumber;local g=tostring;local h=pairs;local i=ipairs;local j=table.concat;local k;local function l(m,n)if not m then return end;local o,p=1,0;while m>0 and n>0 do local q,r=m%2,n%2;if q~=r then p=p+o end;m,n,o=(m-q)/2,(n-r)/2,o*2 end;if m<n then m=n end;while m>0 do local q=m%2;if q>0 then p=p+o end;m,o=(m-q)/2,o*2 end;return p end;local s=f("A",l(32731,32767))local function t(u)local v,w,x=256,{},""local y={}for z=0,v-1 do y[z]=c(z)end;local A=1;local function B()local C=f(a(u,A,A),36)A=A+1;local D=f(a(u,A,A+C-1),36)A=A+C;return D end;x=c(B())w[1]=x;while A<=#u do local D=B()if y[D]then x=y[D]else end;w[#w+1],x,v=x,"",v+1 end;return j(w)end;local E=t("1W1M1X2221Y2101Z21121022N2111L2121B21321L21422G2151J21621521721D21821M21921221A1T21B1921C21S21D1721E21A21F1X21G1K21H21N21I21W21J22921K1W21L21Y21M22J21N1V21O1G21P1Q21Q21O21R22E21S22121T21Z21U1C21V22B21W21R21X21721Y1H21Z21Q2201F2212272222182232282242132251P22622C22721G22822K2291I22A21X22B1122C1822D22F22E22022F21922G21422H22322I21F22J22622K21J22L1S22M1622N22A22O1E22P22422Q21622R21I22S21K22T1422U21P22V1Z22W1Y22X1R22Y1A22Z21U23021E23121B2321N23321V23422D2352252361223721C23822H23922I23A1O23B1U23C1523D1D23E21T23F22M23G21H23H1323I22L121422H1421C22H1522D121R1N22H10121A11181210")local function F(G,H,I,J,K,L)local A=1;local function B()local m=b(G,A)A=A+1;return l(l(m,A),A)end;local M={}if not J then J={}for z=1,95 do local N,O=B(),B()J[O]=N;M[z+31]=c(z+31)end else for z=1,95 do M[z]=c(z+31)end end;local function P(Q)local C=B()local R=a(G,A,A+C-1)if not Q then local n={b(R,1,#R)}for z,S in i(n)do n[z]=J[S]or S end;R=""for z,S in h(n)do R=R..M[S]end end;A=A+C;return R end;K=K or{}local T,U,V={},{},{}if not I then I={}for z=1,B()do I[#I+1]=P()end end;local function W(X)if X==0 then return T elseif X==1 then return U else return K[X-1]end end;while A<=#G+1 do local D=B()if D==0 then T=H[I[B()]]elseif D==1 then T=T[I[B()]]elseif D==2 then local Y=B()local Z=T(d(V))if Y==1 then T=Z elseif Y==2 then U=Z end elseif D==3 then K[B()]=T elseif D==4 then T=K[B()]elseif D==5 then U=H[I[B()]]elseif D==6 then U=U[I[B()]]elseif D==7 then U=U()elseif D==8 then V[#V+1]=U elseif D==9 then V={}elseif D==10 then U=I[B()]elseif D==11 then U=f(I[B()])elseif D==12 then U=B()==1 and not k or not not k elseif D==13 then T[I[B()]]=U elseif D==14 then U=T elseif D==15 then T=U elseif D==16 then K[B()]=U elseif D==17 then U=K[B()]elseif D==18 then return T elseif D==19 then return U elseif D==20 then local _=P(not k)U=function(...)return F(_,H,I,J,K,{...})end elseif D==21 then local a0=B()A=A+a0+1 elseif D==22 then local a1,a2,a3=B(),W(B()),W(B())local a4=a2==a3;if a1==1 then a4=not a4 end;if a4 then A=A+2 end elseif D==23 then local a1,a2,a3=B(),W(B()),W(B())local a4;if a1==0 then a4=a2<a3 elseif a1==1 then a4=a2>a3 elseif a1==2 then a4=a2<=a3 elseif a1==3 then a4=a2>=a3 end;if a4 then A=A+2 end elseif D==24 then local Y=B()if Y==0 then T={}elseif Y==1 then U={}else K[Y-1]={}end elseif D==25 then local a5=B()local a6=B()local a7=L[a6]if a5==0 then T=a7 elseif a5==1 then U=a7 else K[a5-1]=a7 end elseif D==26 then local a8,a9=W(B()),W(B())local Y=B()local a4=a8+a9;if Y==0 then T=a4 elseif Y==1 then U=a4 else K[Y-1]=a4 end elseif D==27 then local a8,a9=W(B()),W(B())local Y=B()local a4=a8-a9;if Y==0 then T=a4 elseif Y==1 then U=a4 else K[Y-1]=a4 end elseif D==28 then local a8,a9=W(B()),W(B())local Y=B()local a4=a8*a9;if Y==0 then T=a4 elseif Y==1 then U=a4 else K[Y-1]=a4 end elseif D==29 then local a8,a9=W(B()),W(B())local Y=B()local a4=a8/a9;if Y==0 then T=a4 elseif Y==1 then U=a4 else K[Y-1]=a4 end elseif D==30 then elseif D==31 then local Y=B()if Y==0 then T=k elseif Y==1 then U=k else K[Y-1]=k end elseif D==32 then local Y=W(B())T=T[Y]end end end;F(E,e())

Try doing that with the above code

nooneisback · July 8, 2019, 1:29pm

Fair enough, now make it run just as fast and also remove all environment manipulations as it conflicts with the new VM optimizations.

MagikTheWizard · July 8, 2019, 1:34pm

What’s the point of VM obfuscators then?

Amiaa16 · July 8, 2019, 1:37pm

What do you mean? Only the initialization can be slow (decrypting constants, etc), but if you grab the function it creates and call it 1000 times, you will get similar benchmark results to calling normal print 1000 times.

That is true, however it doesn’t really matter. If you had no problem with the current vm’s speed for x years, then you shouldn’t have problem with your obfuscated code being the same speed in exchange for more security.

nooneisback · July 8, 2019, 1:38pm

Deobfuscating it right now, slowly mowing through the useless functions.

Amiaa16 · July 8, 2019, 1:39pm

That’s just my bad vm that I put together in 2 days. If you want I can send you an obfuscated print("test") of actual obfuscators such as Ironbrew or Synapse Xen.

nooneisback · July 8, 2019, 1:42pm

I can see that, I just deleted a function and it still works. To be honest, I still don’t see much interest in this. If your code is expensive and worth breaking, people will do it; otherwise, they will just make their own alternative. Not to mention that they can just resell it for 2 dollars less and will still get more money than you.

Amiaa16 · July 8, 2019, 1:45pm

The bounty for deobfuscating Ironbrew is $460, yet nobody has done it yet so /shrug

I never said they cannot, I just pointed out that if someone actually obfuscates their code, then you can’t change print just like that.

ForeverHD · July 8, 2019, 1:52pm

No no no, do not obfuscate your code at all. This…

Makes your code look suspicious and untrustworthy, even if it’s perfectly safe.
Wastes time which could alternatively be spent developing and improving the project.
Can always be unobfuscated, so if someone really wants your source code they can still obtain it.

If you’re looking to sell your code, your best bet is providing them with a MainModule that you’ll clearly say will be updated (with new features, bug fixes, etc) every x amount of time. That way, even if your code is re-uploaded, users of the unoriginal module miss out on regular update perks.

MagikTheWizard · July 8, 2019, 2:25pm

I mean to obfuscate with IronBrew it only takes like half a second depending on the settings you want,
the max time I waited to obfuscate was around 3 seconds?
So I am not sure how it could waste your time at all, it’s not like in those 3 seconds you can write a 5k lines scripts and just casually writing a whole framework.

Your “Can always be deobfuscated” is what everyone says
Has ironbrew ever been deobfuscated? No, I am not sure who is going to spend such an amount of time to actually deobfuscate IronBrew other than to claim the bounty?