Hey there! I’m looking for a way to obfuscate my scripts (mainly a modulescript). I tried AXON, but that does not work for my modulescript (see below:)
Thanks in advance for any ideas,
Jonas
(P.S: I don’t get that error without obfuscating, lol.)
7 Likes
If your module’s obfuscated code does a function call at the end you must prepend it with return so that it actually returns the value from your code to the module.
This is most likely your issue.
3 Likes
Aha, that did the trick, thanks! 
1 Like
WOAH! Thank you SO MUCH!
1 Like
Is there any freely available solution? Xen does appear to be linked to a Roblox exploit.
The web is positive about Xen, although I’ve also found a message that Xen is included by purchasing an exploit. I’m possible looking wrong.
Where can I use them?
Best regards,
Chris
2 Likes
What is your reason for wanting to obfuscate code? It generally has more drawbacks than benefits:
Pros:
- Can be used sparingly to make critical logic in client-side code more difficult for beginner or intermediate level scripters to reverse engineer
Cons:
- Provides no actual protection from expert Lua coders recovering your code
- Looks suspicious: If put into a public module, Model, or plugin, is likely to be moderated because most exploits use obfuscation to hide their requires and web endpoints, and no one has the time to de-obfuscate and study your code. The associated account may also be at risk if the usage is consistent with how exploiters do things. Since private modules were blocked, exploiters are using obfuscation more than ever.
- Makes it harder to debug your own code
My recommendation is to only use obfuscation on the critical section of your game’s code you want to harden against theft–if at all–and to never, ever, ever distribute obfuscated code in a free model, plugin or module.
5 Likes
In my case, im planning to sell a planekit, and the only way i know of hiding it/ making it harder for anyone to get their hands on the script, removing the restrictions ive implemented, which only allow the people who have purchased the planekit to use it, is trough obfuscation. Due to private modules being removed.
The Roblox platform just doesn’t have support for this business model yet.
Developers don’t want to put someone elses’ obfuscated code in their game. Doubly true if it includes instructions to enable HttpService to access some kind of whitelist or authentication server. This is not only a huge red flag, but even if they fully trust your intentions, no one should make their game dependent on some third-party server they don’t know anything about, or a block of code that could be rendered inoperable by an update that they would then be dependent on you to fix (with no guarantees that you would be available to do so quickly, or indeed at all). Putting someone else’s opaque code in your game is a bad idea on any platform that doesn’t have the formal concept of something like a trusted developer cert or digital signing system.
It’s an equally bad idea to compile userids, usernames or placeids into a module. That just gives anyone who de-obfuscates your module and finds something exploitable a nice directory of which games they can leverage the exploit in. It’s not a scalable solution either.
Lastly, if something is good enough to buy, it’s good enough that someone else will decompile and leak it.
5 Likes
Obfuscation tends to make a script look shady, would refrain from using it.
3 Likes
Yeah thought over it again. Only being used positively.
Indeed, I understand that. The point is (as I’m working with @marketmanager1 ) that we’ve had some module copiers or abusers before. The module is communicating with our endpoints on our servers. Abusers spammed that endpoint.
For every thought about the suspicious look:
We use the require() in the model that’s been used. This is inserting an obfuscated script, and the customer won’t see the code (except they get the model by pasting the ID in a model link).
We have an idea to create an open-source model, using keys that could be generated using a portal. It’s useful to easily suspend abusers using a rate-limit system, although it’s more diffucult for the customer and can lead into less customers that’s using the model.
I don’t really want to obfuscate code, as it’s not bulletproof. When there’s something like private models, with a screen that’s showing you what the model can do, it would be more appreciated by developers (for my opinion) as they can easily see when the model is requiring suspicious functions.