So, on a game we are currently developing, I used a method (that worked great) to protect our animations: I simply used a “fake lD” (thats an L and a D) and a random number, then I HTTP Encrypted “id” and the actual animation id like so:
(this was to prevent animation stealing, it’s subtle but it works, somehow)
Now, recently, (I think) an API update was pushed and it broke my method, resulting in THIS error Animation "https://www.roblox.com//asset/?id=&serverplaceid=0" failed to load in "Animation.AnimationId": Animation failed to load
The only solution is to simply go back to the good old rbxassetid://, but that’d make our animation vulnerable.
Is there ANY other way I could protect our animations? Thanks.
I’m not sure why you want to do this in the first place? This seems relatively pointless. Anything that the client can see can steal. Just because you add an “encryption” to the id, doesn’t mean it can’t be fetched later or resolved.
Your method also seems to have lost support. That just proves that your method isn’t stable enough for continued usage.
Surprisingly: it actually worked for a while until it lost support.
I did figure out that it did loose support, it’s kinda saddening to see a method go to waste, and the animation stealers go to town again.
From this, I can only assume that there will be no other alternatives.
Saying that this works is a delusion. The client can see animations, they can steal them. There’s more than one way to steal something. Hiding your id is just shooting yourself in the foot for no gain.
This isn’t a very effective way to stop asset stealing… There are a few functions you can use to just grab the playing animation on the Humanoid I believe and scrambling the id isn’t gonna save you. There’s no way to protect your assets and you shouldn’t need to worry about protecting your assets.
I will say that meshes are maybe something you want to protect, but if meshes get stolen you can get them taken down. The difference protecting assets at all makes to you isn’t worth the effort anyway. Asset stealing isn’t really a risk anybody takes into account because it doesn’t affect the majority of players anyway and it definitely won’t affect your game.
Take Jailbreak for example. The models on that map have been stolen countless times but it hasn’t made any impact despite the game’s popularity. You can find hundreds of places using Jailbreak’s assets and none of these places are functional.
Are you concerned about animation stealing? Since you can’t load animations that you don’t own, anyway.
Besides, it’s really trivial to break your html “encryption” (an aside: it isn’t encryption, it’s just encoding) anyway. Just paste the URL here and press Decode url: https://www.url-encode-decode.
The behaviour you mentioned was most likely changed as a result of a recent update to patch an exploit which involved providing a malformed AnimationId to generate a stack trace on the server (still kind of is exploitable, however has been reported internally).
It’s fundamentally impossible to prevent the client from stealing local resources. Security through obscurity isn’t security, it’s a layer on top of security. In your case a user would simply be able to decode the URL encoded ID.
As an additional note, you’ve mentioned that you’re stupid multiple times in this thread. This is definitely not the case. Stupidity isn’t making a mistake or not knowing something. The forum is for learning and growing as a community, so don’t feel antagonised by any of the above replies, they’re just trying to help so instead learn from them .
I dont think it had to do with the stack trace exploit, but rather the other one that I talked with you about in dms. OP maybe be able to fix the problem by adding a ‘&serverplaceid=0’ with the correct place ID.
I believe you have me confused with another individual, I don’t recall exchanging dms with you.
Addressing what you said, however, I believe it wouldn’t make a difference. The OP was using a malformed AnimationId, which is no longer possible after the exploit I was referencing to was patched.
This isn’t encryption. This isn’t anything. It’s easy to bypass (just open the link in a browser), and even those “services” you talked about wouldn’t care about this encoding, it’d just treat it as a normal ID.
.