Using it is. You are basically suggesting as an option that people spend 20$ on an entire exploit program. Who knows what they will do with the exploit itself later on.
And plus Xen at its current state is discontinued so ¯\_(ツ)_/¯
This is a good tutorial and I may use it to make it harder for exploiters, but as @brokenVectors said, somebody could copy your obfuscated code and it would work!!! So this is not a solution to stop re-distributing.
Possibly you could check the owner of the module or have an obfuscated code that has to be entered
1 Like
You can use a licensing system so if they get the code, it doesn’t work
1 Like
Saying “licensing system” doesn’t solve the problem. You need to describe how you will manage to stop someone from copying and pasting the exact code and have it just work. You also need to take into account the fact that people have full control over the environment of the script, so even querying outside services to see if the user should be able to use the script is a bad idea. Additionally, requesting arbitrary code off some outside site is a big red flag too.
2 Likes
This would not be effective. Most companies obfuscate the code because modules have to be open-sourced. This leaves the code open to anyone who is smart enough to paste an ID. So with that licensing system, use an obfuscator to stop people from getting the API endpoint, or acess to the database.
actually this can help with hiding anti-exploits by integrating mesures in your code, if exploiters cant even see what your code is doing then they cant tell what parts are the anti-exploits
Biggest issue with this is that they can just, y’know, disable their client from getting kicked, and intercept all remotes that tell the server to kick them.
at that point you already blocked out 95% on the exploiting community, the skids who know nothing about scripting and just steals stuff from v3rm, only 5% of the exploiters would even know to do that and even then if you play your cards right they would already be banned, besides the best anti exploit is making your game paid acsess for, obvious resons
1 Like
Well, if the “skids” are just taking stuff from v3rm, your just stopping them for 2 minutes until someone who knows what they are doing releases a patch for your anti-cheat.
All script kiddies generally do is use exploiting suites / free scripts, so if one person finds a patch, everyone benefits from it. All someone has to do when they find a patch is just reply to the thread and you got the entire 95% of the people you stopped back into the game.
Client-Sided anti-cheats aren’t bad, and are somewhat effective AT TIMES. They shouldn’t ever be your main anti-exploit, and you shouldn’t take more than 5 minutes writing it, because it’s just gonna take someone 5 minutes to unpatch it.
Obfuscating your own code is even worse. You won’t be able to read it either, and unless you keep a copy of it saved on your PC your never getting your original source back. It isn’t worth the time that it takes.
1 Like
as someone who used to exploit, it can take months for a patch to come out, even then it can just be extreamly minimal, exploiters are generally lazy or too focus on cafes, rarely will they get up and actually do somthing for a real game unless its massively popular and competitive.
In the case where it does happen and there is a patch its easy to detect and patch out anyways because literally EVERYONE will be using it, everyone whos exploiting anyways.
not to mention, exploiters that know how to script are generally greedy anyways because they don want their bypass to be patched so they stay silent about it so they can keep using it
keeping copies of your code is already a good practice wether its obfuscated or not and isent hard to do, and exploiters cant even see your server sided stuff so you dont need to bother with obfuscating that, and if your smart you would have your anti-cheat in layers, the first one isent easy to bypass but not impossible, thats why there is a second layer, the goal is to make sure that first layer is as hard as possible to bypass so its harder to cheat then to play the game normally
What about the use case where you don’t want people to steal your game? Most of the logic in my game happens on the client and if it were to be stolen (which it will be), then thats a major loss.
In a GitHub world, yes.
But we’re in Roblox here where most are <13 and/or not educated about these, and will just steal the stuff…
1 Like
It’s really easy to deobstrucate scripts using my method. This is how I found the source of a podtech phone. This is why now I firmly believe obstruction is useless. It makes the developer spent extra time which can be bypassed very easily after one person figures out how to do it.
(Im talking about hiding the source of products you sell)
usually also people think that making their whole script in one line will make it hard to deobstrufcate, but uh: A simple paste can redo all of it.
Properly license it and file copyright infringement if you’re paranoid about it. Regardless, obfuscation doesn’t stop people from just ripping the file and deobfuscating it.
Honestly, most code on the platform isn’t revolutionary. There’s no ‘trade secret’ or some asset that is making you any revenue or credence, it’s the sum of the parts.
But, in all fairness, the main fault I see is when the client has control over critical gameplay elements, which is never a good sign. Practice an authoritarian server model instead.
TL;DR: the use case provided has many other better solutions to obfuscation. It’s naïve to believe deobfuscating is the answer in that predicament.
1 Like
It’s not a GitHub world when it’s a non-FOSS license.
At the very least for a minor, their infringing content is taken down.
At the most for a minor, their parents won’t be too happy with a $25,000 fine.
Eighteenth birthday comes around and now $750-$30,000 fine per each infringing work with up to another $150,000 tossed on top depending how many boxes the judge checks off.
It is naïve to believe “this is Roblox, minors are invulnerable and licenses are only for the honest ones”. Licenses are enacted by governmental bodies in nearly any country of origin; they are still crimes; there are still punishments.
Interesting topic, but I wish you sorta stated ways to obfuscate the code.
Like making the variables too long.
Adding functions in that do nothing which the script does, and input an error if a cirten part of the code is deleted.
Making the variables have similar and long names
No line breaks
putting things before the ends, so that people have to search for them to find a end.
Also making like 2304958 line breaks between lines of code
You have no clue what you are talking about. 90% of the code that is written for games in the games industry is client side. You design a game to run on the computer, and then you write up server code for networking between clients. I’m not talking about some amatuer Roblox game here, okay.
Let’s say we are making an FPS on Roblox. The code that controls player movement, gun animations, gun firing, etc is all located on the client. Now an FPS is not the greatest example because there are a gazillion FPS frameworks on Roblox so the client side code in a Roblox FPS isn’t really something people would seek, but that is besides the point. You can’t just “design the game so the code controlling stuff like animations and movement is on the server”.
I’d just like to add that my game has 13 thousand lines of code and 12 thousand of them are on the client. This includes things like a custom physics engine and other things that took thousands of man hours. I would very much not like my code to be public, which is why I’ve always took an interest in ways to secure it or deter peepers, such as obfuscation.
1 Like
It’s not worth it to be rude, especially when you completely missed what he was saying. You can have 90% of your code on the client and still have a server authoritative model.
Server authority does not mean more code on the server. It means setting up the code in a way that the server has a way to check whether or not a player’s action is valid before replicating it to the other clients.
1 Like
My question was
What about the use case where you don’t want people to steal your game?
And he responded with “server authority” which is a measure for game security as in anti-cheat, but not security as in preventing people from “borrowing” your code. If anyone’s missing the point, he is. That is why I got irritated. Sorry but I’ve seen this “oh if you have important code on the client then you’re doing it wrong” answer so many times on these discussions about obfuscation, and I’m sick of it. There are cases where lots and lots of important code must be run on the client, so good obfuscation can be useful as a deterrent.
Also for the record, I’ve been researching and implementing server-authoritative movement for the past month, so I already knew what it was 
1 Like
His point still stands. Realistically, no one will steal your entire client code and then go out of their way to recreate possibly thousands of lines of server code (a lot of the time using absolute guesses).
The best course of action is to not worry about obfuscating. The reason you hear it so much is because in truth, and somewhat harshly, your code doesn’t matter to the exploiters. People don’t decompile your client to steal and make games with the code; it’s barely legible guesses done by software trying to reconstruct what the original creator might have meant. They do it to reverse engineer and find flaws that can be used to exploit your game.
Obfuscation, especially when done badly, will incur performance penalties on your code without solving anything.
1 Like