Is it just a user-agent check or something? aka Roblox/WinInet
No it’s far more than that. We get the real ip of the game server and compare it to the requesters ip
From what Meta_data’s question suggests, does an obfuscated script that was just downloaded check back with a server for verification that a game is authorized?
If so, what happens if someone sandboxed it and then later spoofed responses from its HttpService to make it work?
Speaking of sandboxes, do you plan on integrating sandbox functionality in the future? Not being able to read third-party code is discomforting.
Good question. Still not 100% sure how exactly I’ll do it, but my plan is to not just have a “yes” or “no” response. I’ll need to somehow incorporate a dynamic response which is required for the script to work. That way, simply sandboxing it won’t help you, as you need to know the random response.
And yes, the plan for sandboxing is the following:
- sandbox the running script so the game owner can control and track exactly what the script does
- automatically detects things the script could do, and provide it as a warning on the products store page