Your source code is still there, and extremely easy to dissect/read.
Google keeps the source code of their websites private by using minifiers. If one of the big companies uses minifiers, why can’t you?
No, you can spoof that extremely easily. This again isn’t a replacement.
How easily can you spoof that? Would you take the effort to spoof that? If the generated code takes 1 hour to spoof, the code would be useless by then because the obfuscated API would been changed by then. If you tried to use the outdated API for retrieving code, you would be instantly blocked.
This is more secure than private modules because even if Roblox has an exploit to steal modules, you only get part of the (not really source) code that may or may not even work properly.
Minifiers can easily be turned into readable code. I think you are getting minifiers mixed up with Google’s (probably) highly advanced and secure obscuration.
It make take an hour or so to work out how to spoof it, but once you work it out you can spoof the requests in a matter of seconds to get the source.
Minifiers are not used to keep code private. They are used to increase performance / reduce bandwidth. Jquery for example well formatted, fully documented is approximately 4 times larger than the minified code.
Web developer, can confirm. Minifying is supposed to reduce the file size of code, it can be easily beautified even in the developer tools of most browsers.
Sandboxing is basically changing the environment to restrict or add particular things. An example would bd Roblox’ version of Lua: they’ve sandboxed it heavily so that it comes with built in functions like Instance.new and so that you can’t do certain things, like access most of the debug library.
To add on, obfuscation shouldn’t be used to recreate the functionality of private modules. Private modules were (for the most part) secure, whereas obfuscation, like @3dsboy08 said, is (fairly) easy to crack. This is why we need an official alternative.
also, what are you doing here lol your suppose to be a bad boi
Private Modules should not be removed on Roblox for several reasons:
-Admin scripts will render as useless
-Game copyright protections modules will render as useless when it comes to taking down copied games that are using the loader of that module
-Games will have less security
-Games will be more likely to be unsecured without private module support
-Games will be exposed at stealing and exploiting
To be honest, removing private modules support will render the games as insecure and possibly useless and when it comes to control of a game with the admin and copyright protection system, that’s a no more.
I consider that the Private Modules support should stay on Roblox in order to be secure as it is now.
However, you lose comments, local variable names, and spacing that were in the original code. You need to use advanced techniques to determine what exactly the code is doing.
Anyone worth their salt at Lua can look at code and know what it’s doing without “advanced techniques”. Even if it’s written to be intentionally confusing and hard to understand at a glance, it’s doable with a bit of time.
If you beautify minified code, it is still going to be harder to read than the original. I think maybe his point would be that for less than advanced users, who are also most likely to fall prey to malicious scripts, that might cross the threshold of what they can handle.
As the NSA likes to say: no code is unbreakable. No matter how creatively you obfuscate, somewhere there’s a math prodigy who can decrypt it in minutes. They might not even need any math skills; I gave an example earlier of someone who concealed their module using nested square root functions, and I was able to instantly decode it by just using print().
Because of the positive implications it has for people who are having their games destroyed by having private modules inside of them? Also the fact that removing them further encourages open-source products within the Roblox community.
Developers aren’t being forced to “lose income”, they can easily set up external services which their code interacts with using API keys, as multiple people have already stated multiple times on this thread. There is a lot of alternative ways to gain revenue without using private modules.
Because a lot developers are using them to put in backdoors, update games on groups and accounts that got banned, and making closed source scripts that could be open source or use api keys for.
Should read this post. So much better of an alternative than removing a non-malicious service. Also, not a lot of people have the resources to make an external site with API keys. That’s fundamentally something roblox should already have, licensing.
It’s still the equivalent of toppling a building to swat a fly. Too many Ro-businesses have become collateral damage in the war against a small minority of malicious users.