Simple Code Security Guide

Resources Community Resources
#1

Intro

  • So as of now Roblox by default encrypts most of the scripts and modules, etc. but its good to put another layer of security and today, in this topic that’s what well be talking about.

Basic Explanation

  • So there are a lot of exploiting softwares that get more and more complicated and its almost impossible to keep up an Anti-Cheat with the exploits so thats why you should secure your scripts just for some protection in plus and for the fact thats harder to decode the script if its encoded and it adds a extra layer of security in plus to your scripts, but the most affective way would be to detect the exploting client. To do that, it doesn’t always work but sometimes the exploit software injects the game with some special scripts so It can work, if you can get a refrence of the scripts you could try and delete them from the specific service.

Methods

I | Loading String From A Pastebin/Hastebin Link
  • For this method is just as simple as using loadstring(), but the method it self is that you program what you wan’t and then add it to a Pastebin link and then use loadstring() to load the code from the pastebin link, here is an example.
-- if used, re-place the 0000 with the pastebin id

loadstring(game.HttpService:GetAsync("https://pastebin.com/raw/00000"))
II | Obsfucating Scripts
  • Obsfucating scripts may not sound that efficient but it is, since the code that is generated from a Obsfucating Plugin or Program it could significantly increase the security the game since if the exploiter wants to steal the code, it would be harder since most of the exploiting clients do not have an de-obsfucating feature and even some paid ones don’t have this feature, here is a good obsfucating plugin.
III | Fake Leaderstats
  • So basically this method is making in server storage lets say for player X a folder where are all the instances, like leaderstats, inventory folder and for the actuall player if the value of the of the leaderstats in the Player is changed or something is added to the inventory nothing changes and the exploiter gets kicked or banned, so its secure and harder to decrypt since most of the things in ServerStorage and other services are encrypted and not shown.

Ending Note

  • So I wan’t to thanks to the people who viewed this article and I am so sorry if this topic has been already made or I missed some things or I done things done, its one of my first articles, please let me know what I did wrong or I forgot to add.
#2

This post is not established enough to be a fully fledged Community Resource.

You should never use loadstring for anything as this is a massive security hole and the concept of ‘arbitrary code execution’ is a big nono when it comes to computer security

Another problem is that clients CANNOT send HTTP Requests outside of HttpRbxApiService which is locked for Roblox-only scripts.

A better option here would just be private modules, since the source of them cant even be accessed.

3 Likes
#3

Obfuscating is anything but efficient. It might give a sense of security but it’s pretty useless and it slows down scripts a ton(depending on which obfuscator you use, the more “secure” the slower).

The replies in this thread explain in detail why you shouldn’t obfuscate.

3 Likes
#4
#5

This is not substantial enough for this category.