Securing Code for Anti Cheat

So I want to make an anti-cheat that people can use in their games. The problem, is I want to make it so people can’t just steal my code and configure it, as I want to make some premium anti-cheat features that will cost 10 robux to whitelist your group or profile with it. If I don’t secure the code people can just configure it and get it for free. I have seen khols admin do something where you configure it in a module script and then they require the actual code that makes the admin work, therefore you can not just steal the code. How can I do this? I am pretty sure I have to use require() but I am lost after that, can’t find anything on the dev forum after 30 minutes.

1 Like

You’ll probably have to check for memory spikes, but that can be inaccurate. You cannot really defend against exploits like script editors and script injectors other than using the method I stated. As long as your module isn’t just given to the client and is kept on the server, you should be good.


inside () goes the assetid number where the actual script is located

Would I upload a normal script as a model to roblox then require the models ID?

Yes, make sure the script is uploaded as a public script model on an alt account no one knows about, and then get that scripts model asset id and put it in the (), so require(8329131)

You only need one script made in serverscriptservice, and all you do is type in require(idhere)

Thank you, let me try it out quickly.

require wont keep your code save.
i would just do
game:GetService(“InertService”):LoadAsset(ID).Parent = Workspace

th reason kholl does it is to autoupdate the script.
all you have in your script is require(id)
and if they want to update the module they update that module.

1 Like

Like @boeljoet said, putting the module inside a require() call isn’t going to protect the script since you can just get the ID and view the source on the Roblox website with an extension such as BTRoblox (or load it directly into Roblox Studio with InsertService)

When private modules were a thing, requiring a private module so that others couldn’t see the source (like Kohls admin did) would work, but they were removed in late 2018.

You could try obfuscating the script, but that would likely create concerns over the script potentially being malicious (since now you’re unable to look through the code and validate it’s legitimacy), and also hinder the script’s performance.

1 Like

Players can still find it by searching the id