I would like to know if I secured the remote event from intruders or not
Script in button:
local module = game.ServerScriptService.EventPasswordModule
local ModuleScript = require(module)
script.Parent.MouseButton1Click:Connect(function()
local Password = math.random(0,999999999)
ModuleScript.GenPassword(ModuleScript, Password)
game.TextChatService.BubbleChatConfiguration.ImageLabel:SetAttribute("Status", Password)
script:SetAttribute("Status", true)
task.wait(0.0005)
script:SetAttribute("Status", false)
game.TextChatService.BubbleChatConfiguration.ImageLabel:SetAttribute("Status", nil)
end)
LocalScript in script:
script.Parent:GetAttributeChangedSignal("Status"):Connect(function()
if script.Parent:GetAttribute("Status") == true then
local rPassword = game.TextChatService.BubbleChatConfiguration.ImageLabel:GetAttribute("Status")
print("Client to Server "..rPassword)
game.ReplicatedStorage.RemoteEvent:FireServer(rPassword)
end
end)
ModuleScript:
local module = {}
function module:GenPassword(Password)
script.Parent = game.ServerScriptService
print("Gen: "..Password)
module.GetGenPassword = {
["Get"] = {
["Password"] = Password
}
}
end
return module
RemoteScript:
local module = script.Parent.EventPasswordModule
local ModuleScript = require(module)
local Event = game.ReplicatedStorage.RemoteEvent
Event.OnServerEvent:Connect(function(player,rPassword)
player.PlayerGui.ScreenGui.TextButton.FireName.Text = "["..Event.Name.."]"
player.PlayerGui.ScreenGui.TextButton.WorkText.Text = "Work = False"
if rPassword == ModuleScript.GetGenPassword["Get"]["Password"] then
player.PlayerGui.ScreenGui.TextButton.WorkText.Text = "Work = True!"
ModuleScript.GenPassword(ModuleScript,0)
end
end)
Will this help protect remoteevents from intruders?
I don’t think it even works, when you require an module, it returns the original value, and cannot be changed globally. and having a “password” to secure a remote event is pointless. also what are you trying to do??
kinda pointless? I do this so that the attackers could not farm in afk mode.
this system works great, there was one vulnerability in it, but I already fixed everything!
ok but the GetGenPassword should still be nil because GenPassword has not been called in the server, i believe exploiters can just do remote:FireServer(nil) and after the first remote call they can just do remote:FireServer(0)
local module = script.Parent.EventPasswordModule
local ModuleScript = require(module)
local Event = game.ReplicatedStorage.RemoteEvent
Event.OnServerEvent:Connect(function(player,rPassword)
player.PlayerGui.ScreenGui.TextButton.FireName.Text = "["..Event.Name.."]"
player.PlayerGui.ScreenGui.TextButton.WorkText.Text = "Work = False"
if rPassword == ModuleScript.GetGenPassword["Get"]["Password"] then
if rPassword ~= 0 then
player.PlayerGui.ScreenGui.TextButton.WorkText.Text = "Work = True!"
ModuleScript.GenPassword(ModuleScript,0)
else
player:Kick("Failed Password!")
end
end
end)
ok, but would that still work for normal players without exploits? because after the first remote call, you cant get pass the if rPassword ~= 0 then if
i can already see that it doesn’t work, and you can still do remote:FireServer(nil), BUT, after the first remote call, you cant do anything and everyone gets kicked if they try to click the button, because you set the password as 0, and you have a rPassword ~= 0 check which is conflicting
I can’t read your code because it’s so unorganized and looks pointless. Consider using a tool like Stylua, please. From what I understand from the title, you are trying to protect a remote with a password. For example, a local script can lock itself with a password that is stored on the server; if the client tries to fire a remote without a valid password, the remote will simply not let the backend run. There are many factors that can make this possible or not, but from my perspective, it’s technically possible, but in practice, it might be a different story. A lot of people know that exploiters use tools like remote sniffers, which essentially let them monitor remote activity. I’m not sure how they work, but if the exploiter can see the actual data sent through the remotes (where we send the password), then there is no way to make this happen. If they can’t see the information sent or received, though, it’s very easy to make it happen; simply lock a script right when the game runs, and unless they pull up some assembly code in their executor, you are safe. This is at least what I think; if I’m wrong, please correct me. I don’t get the point of you doing this. Hackers always find a loophole; there is no such thing as hacker-proof code. They will always find a workaround.
From what I know from talking with some of the devs that worked on quite large games they can. The data meaning like the Numbers/Strings/Objects etc that they are meant to represent. And whatever content is inside local scripts is also visible/replacable/destroyable. Wether that has changed I’m not sure (With byfron owned by roblox) But it was a concern and possible around 2020
I was talking about tools called (not referring to) remote spies. You can’t check the game’s memory; that’s why I made the “put assembly code in your executor” joke. If you generate your token (password) in the local script, you then need to fire it to the server, and then the server lists it and remembers it. The ways on the server are whatever you feel like it, even if you wish to make a folder in a non-replicated service and put string values with names. The question here is whether those tools can actually see what information is being sent through a remote. You can check the received information; that’s why we make the password on the client and make the server remember it, but if those tools can also see the information sent from the client, well, then that’s not possible, but still, I don’t see a good point to making this a thing. This should be a discussion and not really help, because this is a concept of theory and is meant to prove something possible. These methods are not reliable and shouldn’t be used in real practice. All of that stuff aside, if anyone knows about this question, please share. I actually want to know more about it. Again, if I’m wrong, please correct me; this is only my point of view, and I don’t want to influence anyone’s opinion.
