Hello, recently Roblox implemented new client security changes that have broken compatibility for software such as Nvidia Ansel. Before, you used to be able to rename Roblox to an Nvidia Ansel-compatible game, and it used to work.
However, before the start of the event, Roblox implemented stricter security measures, and they stayed in place after the event, making it no longer possible. Alongside these changes came stricter code signing requirements, making it complicated to develop legitimate software for Roblox.
An example would be OBS game capture; it used to work on Roblox if Vulkan was set as the rendering API. However, code signing certificates that aren’t explicitly allowed by Roblox no longer work even if they are issued by a reputable vendor such as Microsoft’s Azure Trusted Signing.
This has caused a few issues for me because I was developing a Vulkan layer over the past 6 months to provide support to AMD and Nvidia and to bring the latest versions of ReShade to Roblox in a way that would uphold client security without having to circumvent anything. It didn’t need anything special before the update; all it needed was a valid code signing certificate. However, with the stricter code signing requirements, certificates that are not explicitly allowed by Roblox are no longer considered valid by the client.
If Nvidia Ansel is supported again for Roblox, it is a vendor-locked solution based on a very old version of ReShade. So I’m wondering, moving forward into the future, if the code signing requirements are going to stay in place or if there is any room for changes or exceptions regarding it.
I am looking forward to your response. I’m sure there’s something that can be done without having to compromise client security. I believe that Bloxshade is very beneficial to content creators and the community overall as a whole. If there’s the potential for any change regarding the code signing requirements, it would be much appreciated, and it would allow me to continue developing a solution that isn’t dependent on Nvidia and would be compatible with other vendors.
Thank you for your attention, and I appreciate everything you do to keep the platform secure.
This does seem like an unintended consequence of a recent Roblox update, but has Roblox offered official support for compatibility with this software? If not I would suggest making this a feature request instead.
I believe that NVIDIA Ansel and Vulkan Layer can bring more to the game, for example Roblox editors, most of them use shaders to improve the looks of their videos. Roblox could possibly make Bloxshade, Ansel, or Vulkan Layer an integration into the client itself, so people don’t have to do tricky methods that could risk getting malware on their device to get shaders, while also making it so Roblox don’t have to revert any important security changes.
I haven’t been motivated to continue making videos on games for quite awhile now, especially since I like to cover a lot of developer showcases, and shaders would usually enhance the atmosphere you get in a lot of them.
I just wonder if what Roblox did ever accomplish more good than bad because no doubt people ended up turning to shady services that claim to still work after all legitimate shader projects were patched, the whole community is just waiting for any response at this point.
yeah, if we can’t have external shaders, can we atleast have some refined lighting features for our games (excluding the bare bones ones we already have?)
The thing is Roblox didn’t even need to do anything, they just could’ve left it to the people passionate about making Roblox look beautiful instead of shutting down the community entirely, and I doubt they’d ever make any improvements to lighting as big as external shaders accomplished.
Unfortunate that we continue to lose compatibility for security reasons, all while metrics show exploiters returning in large numbers. Really odd and sad state it’s in right now.
It feels that roblox loves destroying little passion projects all the time, and the funny thing is, is that their anti exploit measures don’t even work correctly. I still encounter exploiters frequently in games, the volume is less, but their anticheat measures are not very good in the state that they are in currently
it doesn’t make it better that roblox keeps creating defunctional features like the enforcement ban update (or just useless stuff)
PS roblox: we don’t need AI stuff, the roblox assistant is horrible, the 3d mesh generator is even more horrendous, and us developers don’t want goobers with no skills to create fully fledged games to fill the platform with even more copy and paste games. Just my opinion though.
I’d say them providing dedicated support for something like Bloxshade is less likely to happen than if they were to just ease up on the restrictions they put that caused Bloxshade to disfunction. So although it might’ve been unintended, there’s no way they’ll go out of their way to put resources in something other than the platform, there’s already hardly any feedback from them on topics like these nowadays.
Security should nearly never be prioritized over user experience. Exploits continue finding bypasses due to their profitability, but software like this will never have the sole purpose of profit. This in turn lowers the user experience of hundreds of thousands on this platform.
This is a great point. I don’t believe the new restrictions have significantly improved security. Most exploits are not concerned with code signing or following the rules. Additionally, I doubt the latest code signing restrictions had the intended effect, as many would bypass them regardless or were already circumventing them in the first place.
The recent code signing restrictions have also broken support for NVIDIA Replay, as it turns out. I believe it has broken support for a lot of harmless software, and the changes are doing more harm than good.
This is a sad thing to see. It’s Roblox actively hurting the user experience. My hope is that this doesn’t extend to other third party things in the future (like Bloxstrap).
Signing has been tightened up because previously, less restricted signing was being used by a large number of cheats to circumvent Hyperion.
As for Nvidia Ansel, I think it should be obvious that pretending to be a different game to enable certain features is not a scenario we can support.
Last but not least, shaders have been used for cheating, and allowing custom shaders without having any control over them opens the door to all kinds of exploits. Also, and this is a point I do not like to emphasize too much if I can avoid it, but here we go anyway, RoShade violates the TOS, so strictly speaking, we shouldn’t allow it in the first place.
Seeing community members being unhappy with stricter signing requirements while also being unhappy with the amount of cheating on Roblox is somewhat of a conundrum. Security doesn’t come for free.
We cannot tighten up security and at the same time be more lenient on it. There are several ideas and proposals in flight to solve this issue in a satisfying manner, but it is too early to publicly comment on them just yet.