Rank Management | Open Source

Greetings,
I used to sell access to my Rank Center back in the summer. I’m slowly starting to move away from development on Roblox. But, before I go, I have a Rank Management center that I am going to give full access too. Read below on how to set it up / use it.

Getting Started
In order to run this rank management center, you are going to need a hosting website. In this tutorial, I will be using Glitch.

If you haven’t used glitch before, go ahead and make an account on there. If you have, go ahead and log in.

Next, your going to need Roblox Studio for this ( obviously ).

Step 1 ( Glitch / Backend Code )

Upon getting started, go ahead and duplicate the project on glitch linked below:
CLICK ME!

  • Once you open up the project title ( upper left ) & then press Remix Project.

This will then bring you to your own project. Feel free to name it or do whatever you have too.

Editting the Code

  • Since this was a sold service, I included a whitelist for this project.

To simply whitelist your group put your group ID in between the brackets of const whitelist.

Thats it for the glitch portion!

Step 2 ( Roblox Studio )
Download a copy of the rank center here.

Once studio has opened it, go to ServerScriptService & open the script Publish.

Once you have opened that script, its time to return back to glitch.

  1. Press the share button and copy the Code link.
  2. Then go to this website & obsfucate the link you just copied.
  3. Copy the obsfucated link. Should look something like this: \104\116\116\112\115\58\47\47\114\111\98\108\111\120\114\97\110\107\

Now return back to studio & paste that link in between the parantheses.
EX: local response = http:GetAsync("PASTE IT HERE"..'ranker?userid='..p.UserId..'&role='..curRoleId..'&groupid='..Settings.GroupID..'&cookie='..Settings.Cookie)

Step 3 ( ServerSettings Script )
Now, open the ServerSettings script found below the publish script.

  1. Go to the group you are using this rank center in & copy the group ID.
  2. Follow the instructions found in the script for the gamepass ID & Rank ID.
  3. Now you need to get your Roblox Cookie. If you don’t know how to do this, look up a tutorial on how too.
  4. Once you have your cookie, paste it where it says Cookie =

It’s important to check the cookie instructions otherwise the center will not work.

If you want myself to set it up for you, send me a DM on Discord. ( basic#0003 )
There will be a small fee.

6 Likes

This isn’t very hard to deobfuscate:

print("\104\116\116\112\115\58\47\47\114\111\98\108\111\120\114\97\110\107")

I doubt that it has any effect.

Yea, it isn’t hard at all. But, the whole script was obfuscated before I even released it.

Why put the cookie in the request? Why not just have a proper authorization system?

Okay some things I feel like should really be improved here.

First, If you are already using the GroupId in the serverside why not put the cookie there like @zachariapopcorn said? Having your Authorization Cookie pass through request paramaters is a huge security risk, and I really feel like that is not necessary. Why not make this:

const COOKIE = "|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_"

await rbx.setCookie(COOKIE);

I still don’t really like having the COOKIE publicly available on your code, so I would put it in a database, but its mostly just a higher prevention. Although I really think your cookie should be placed already on the serverside.

Second, obfuscating your request URL really does not do anything at all, anyone can still make a request if they have the code or the URL. Although what really should be obfuscated is the cookie if you are going to stick with cookie passing through requests. If you are adding obfuscating to your code make sure to obfuscate other important info like the cookie primarily.

1 Like