What would you guys recommend to secure your game’s scripts in case it gets leaked?
I know one way would be uploading a module script as a model to the site and requiring the asset id. What are the downsides to this? Upsides?
Any other ways?
What would you guys recommend to secure your game’s scripts in case it gets leaked?
I know one way would be uploading a module script as a model to the site and requiring the asset id. What are the downsides to this? Upsides?
Any other ways?
By Scripts do you mean
LocalScript – can be stolen no matter what
Script – Can’t be stolen by an Exploit
ModuleScript – Depends what you require it with.
The Downside is the Internet, it can be slow, it can be down, it can fail.
Upside is probably organization, you can require it anywhere and edit it at one place.
What I want to do is kind of hard to explain.
I want to convert some of the serverside game code to work with module scripts published to the set and getting them via require(assetid)
I know some admin commands like kohl’s does this.
It’s secure when it’s NOT on the Client’s Device.
If it’s on the Client’s Device then it’s also on the Device’s Memory which highly skilled Exploiters(or using an Exploit made by a highly skilled Exploiter) can extract that from memory.
If you are doing stuff ServerSide there is nothing you should worry about.
If you are afraid that other’s can Require your Module then I would say that it’s impossible to require a Module that you don’t own, unless you can trick Roblox to send you the Module.
What do you mean by leaked?
You mean someone that has Access to Edit your game Leaks it?
Or
Script stolen by an Exploiter playing your game?
Both.
I want something that i can edit in case it falls into the wrong hand so it doesnt work anymore
IK Kohl’s admins does this.
People can only use the admin commands and edit some things but they can’t see how the main code works.
I would like to note that I could be wrong but here’s my assumption:
If your game is stolen by someone saving your Game place to their PC but all of your script is requiring a module, you shouldn’t have anything to worry about.
Exploiters can’t steal Server Side stuff, they can’t see Server Side stuff.
in other words “You can’t steal what you can’t see”
Yes and no, you can still do getfenv() and you can do something with Script.Code but I’m not sure how it works because I never explored this.
I would like to know a method that people can’t steal our scripts too my fellow Dev.
I know phantom forces got leaked, and that was their whole game.
I can’t risk it, lol.
By which method?
Trojan horse? (Leaked by someone who has access to edit the game)
or
Exploiter?
and when did this happened? was it recently?
The only way your game scripts (server-side) can be stolen is if you let random people edit the place, your account gets compromised or someone finds a way to steal place files.
If you’re so worried about stuff like private keys or just code in general put it in a private module and/or don’t let other people you don’t trust edit your game (if that’s what you’re doing)
Keep in mind, making it a private module means if your account gets compromised then it’s basically useless, and you’ll also need to make the module in such a way that only “runs” the code if it’s the right place.
If a user can download place files (including server scripts etc.) then there’s a good chance they can download model files too, meaning no matter what there’s no way to 100% secure your code.
It happened a couple years ago, I believe.
So to sum it up,
the method requiring a module asset id to run is useful after all?
I’ll mention a few Experts on this subject so they can shed some light on to this topic
@crossStarCross @Corecii @ANSI_C
Understanding method hooking and keeping your game protected
To an extent, but are you trying to simply hide the code or stuff like private keys for things? If it’s just code then you shouldn’t bother with stuff to hide your code. Just obfuscate it and call it a day at the most.
I’m really just trying to hide my code.
It will be harder for them to read it if im using the require asset module way, right?
They can’t analyze it 100%
You should obfuscate it.
An Exploiter will give up (even I will) when seeing code like this
local Accsf = 5;local Bahsfdgjuy = 'STRING';local Chsstadhsjd = true;local DtASJDYEDK = print
local function HATAHSJHYAHJSYHA_LOLFASDHGGHDOLOLOL()
do
DtASJDYEDK('try reading me bro, you mad?')
end
end
Another thing,
require module asset ids dont work on studio mode. Only on online.
Then you will have to upload it as a Module when you are done editing it.
I would have separate places;
1 for my Actual game
1 for Editing/Building/Testing (or more places)
One of my projects is a paid pathfinding service. Since it needs to be secure, even while providing functionality to developers who have complete access to game servers, I am hosting it on a cloud service. Now, pathfinding is a bit of a heavy operation so I’m actually writing it in C and hosting it on a cloud that can scale easily and be positioned physically close to Roblox servers, but most uses wont require this much effort. Just grab a free trial of some cloud server, setup an image with Lua and start sending requests to it!
#NowThatIsSecurity
Yea, thought so
Seems like a real pain tho every time you update, lol.