Script Protection

Hey developers, I was wondering how I should go about script protection is obfuscating it a good thing?
How should I protect my scripts?
“Protection” I want to stop my scripts from being stolen and copied.

1 Like

tl;dr don’t

You also need to define “protection”

Is there anything else I can do to stop it from getting stolen or atleast make it more secure?

I don’t want my hard work to be copied and used in other ways, that is the only reason why I want to protect it.

The chances of your work even being copied are super low. I wouldn’t worry about it. Plus, it won’t hurt if you don’t find out. You can just report anyone who copies your work.

In general, it’s pretty difficult to reuse somebody’s local scripts without the server counterparts unless you already know a fair bit of scripting and reverse engineer it, by which point the person is skilled enough to just create their own scripts anyway.

3 Likes

The only reason for script protection isnt for malicious reasons, my company uses it to protect our code so people dont steal it, and claim credit.

1 Like

But your code can still definitely be stolen. Obfuscation provides zero security. The logic of your code is still there. The most obfuscation does is make code harder to read. There is zero reason to obfuscate code imo unless you are hiding a backdoor or something. You can’t assume everyone who purchases your product will steal it. And as I mentioned, what are the chances of that even happening, and if it goes unnoticed then it won’t hurt you.

1 Like

I’ve looked at several free models which use obfuscation to put off people from editing them such as Synapse Xen or changing the strings to decimals and putting the script onto one line because of blacklists etc.
Also, I agree that obfuscation only makes it harder to read because the logic is still there and really, there’s no point in accessing code when you don’t want to change it

If you was to use a anti leak script that might help as when the user downloads the place it wipes the scripts for the user not for you

Those free models are usually obfuscated because they put backdoors in your game that they don’t want you to find out about. I’d hardly call that a good example of what you should be doing.

1 Like

I usually reverse engineer my scripts to create a backup part for example if they try and change credits there is a separate part that says

(btw the credits instance name is ‘Credits’)

if Credits.Text == “Credits text from credits here”
then
(script here)
else
print “Stolen Script. Script Name: (script name)

or something like that.

And then the stealer simply does Ctrl+Shift+F, types in Stolen script and then they have found your “protection” and delete it.

You only cost them an extra 2 minutes of work unfortunately.

That’s precisely why it’s generally considered a waste of your time and won’t stop anyone who actually wants the script.

2 Likes

I arrived here with the same doubt and by the way the problem always remains.
In short, how do I prevent my source code from being seen (and stolen)?

Not really sure why you replied to my comment specifically, but read the other 12 posts above mine and you will see how we got to the conclusion of there being no point in trying to stop your code being seen if it is on the client side or in a public plugin / module.

Server side scripts are not readable and are impossible for anyone to steal if you keep your account secure and don’t use team create on the place with the script. If you do use team create, ensure you trust those who you’ve given access to.

When I create my own game I use cheats to test my games anti cheat as well as place stealing scripts to see what parts of my game an exploiter can access. To keep it simple exploiters can steal everything in your games as well as the instances of server scripts(outside of ServerScriptService). What they are not able to steal are the code in the server scripts.

Now lets talk about script protection for local scripts. With place stealing scripts exploiters are able to gain access to the code of only your local scripts but when they decompile your scripts some of the code looks quite different from the original.
Here are some Image examples: (I will be using the Roblox Humanoid animation script)
Original code:


Stolen Code:

From comparing the stolen and original code you can see only some similarities between each other.

Conclusion:
To conclude you could honestly just leave it as is because the person stealing your scripts is going to have to spend a bit of time renaming and moving around a lot of code to look like the original. If you really want to hide your code for reasons such as something anti cheat related you can consider obfuscating of minifying your code because it would just make it 100 times harder to understand what would be going on in your scripts.

1 Like

Only harder, but not impossible. Decompiled scripts don’t look great anyways.

1 Like