Script Activation Keys

bigcrazycarboy · August 3, 2017, 4:32am

As a Roblox developer, it is currently impossible to make scripts be verified before they run. I’ll expand upon this below:

Exploiters like to inject scripts, and this is a very big problem. So my solution would be to have a master script that creates a key that scripts must have in order to run (like a property.) All scripts would share this key, and if the script doesn’t have the key in their properties then the script can’t run. This would keep developers from needing to rescript their games for Filtering Enabled.

example: AcceptedKeys = {“39BcDefg29f0”, “3hfeuyr3yri394rhruihf”}

If a script doesn’t have a proper activation key, then the game would block it from running.

the key could be randomly generated per server, or preset by the creator. I think this would be a better alternative to Filtering Enabled.

The script could change every so often, so p = game.Workspace.Script.VerificationKey
p = “3234b23h4h”
wait(10)
p = “3h4iu2hkj3b4”

This would make it practically impossible for an exploiter to inject a script.

EchoReaper · August 3, 2017, 4:38am

Exploiters are unable to inject scripts – they are only able to run code locally. Because of this, there’s no need to verify on the server, and verifying on the client would be a waste because they can tamper with their client. Unfortunately, there’s no easy way the engineers can prevent clients from executing arbitrary code – even AAA titles like CoD fall victim to this.

You should just use FilteringEnabled – there’s no excuse not to. It’s how games should be made.

doser225 · August 3, 2017, 4:39am

Yeah but sending the key to the server might be an issue, because the exploiter would be able to see client-side what key it’s sending to the server, and an auto-renewing key wouldn’t help very much either, as the exploiter can possibly just make a program that auto updates its key so that it can continually use its malicious scripts.

bigcrazycarboy · August 3, 2017, 5:11am

All true, but for filtering disabled games it would be a step in the right direction - plus that’s another line of code for the hacker.

EchoReaper · August 3, 2017, 5:16am

Non-FE games are being phased out. “Experimental mode” (non-FE) is not meant to be used for production-level games. Please implement your game properly – no security measures will be developed for non-FE games.

Noble_Draconian · August 3, 2017, 12:06pm

Even with FE turned on, something like this could be quite useful. If anything, it’s another layer of security. It may not stop determined exploiters from cheating, but it will stop the majority of most exploits.

wravager · August 3, 2017, 4:31pm

Exploits usually run in ScriptContext or CoreGUI which developers are off limits to. Also, as long as you have proper sanity checks and client server verification, you don’t need to worry about exploiters running code.

unix_system · August 3, 2017, 6:26pm

This is not how Filtering Enabled, scripts, or exploits work.

Please read these wiki articles here:

Maximum_ADHD · August 3, 2017, 7:10pm

Roblox actually does stuff like this already, you just don’t see it because it’s all behind the scenes.

just use filtering enabled pls

unix_system · August 3, 2017, 7:21pm

Yeah, he wants a public facing setting thing I’m pretty sure (why tho)

This thread is wrong in many ways, so I think that this thread should be locked (because it’s clear that, not only does something similar happen internally, but this thread is extremely misinforming)

bigcrazycarboy · August 3, 2017, 7:23pm

Yeah go ahead and lock it, I think I have my answer. A public facing thing is what I was going for but I guess there would be no point if Roblox already is doing it.

unix_system · August 3, 2017, 7:24pm

@Lilly_S please lock

Lilly_S · August 3, 2017, 7:30pm