Ah sorry. That was obvious, and I didn’t think. Would it be easier to simply use gamepasses (or clothing item or whatever) instead, which can be identified as owned by a user?
Id rather use Developer Products as its already implented.
In that case, I think your best bet is to go with a third party system as @EpicMetatableMoment said.
What 3ps can I use for this case?
I think you might be better just attempting to trust the people you’re giving code to. No matter what you do your system can be bypassed.
For example, gamepass identification can be spoofed by creating a fake game object, with a fake GamePassService and fake :PlayerHasPass method.
Example code that could be used to wrap the game object:
local function wrap(object)
local objectType = type(object)
if (objectType == "userdata") then
local newObject = newproxy(true)
local newObjectMetatable = getmetatable(newObject)
function newObjectMetatable:__index(key)
local original = object[key]
local originalType = type(original)
if (originalType == "function") then
return function(_, ...)
return original(objkect, ...)
end
end
return original
end
return newObject
end
return object
end
--[[
insert obfuscated code below that does everything your service does
this obfuscated code still has to reference the environment its running in so
you can overwrite the variables it'll use.
]]--
Same can be done with HttpService for keys, and honestly you can’t do anything because they can just get to a point where they just dump all constants like strings and numbers and quickly steal all your API keys.
2 Likes
I could obfuscate it, and hope for it not to be decoded. Its better than no protection at all.
That does not work because the obfuscated code still has to reference the variables in the environment its running in. If they’re redefined before the obfuscated code is ran there is no way for the obfuscated code to know whether the functions are spoofed or not.
I don’t understand. What do you mean exactly?
This is essentially an educated guess!
I’m not anywhere near qualified to explain how custom lua-vms for obfuscation work, but essentially when they parse their custom bytecode and generate their own instructions they’re limited to using built in functions to emulate the complete functionality of lua.
I can require a module perhaps?
No. They could just create a fake require and steal your ID.
require = print
--// insert obfuscated code that requires your module
There is no guarantee your code is being ran by the people it is supposed to be ran by. I suggest one time purchases for services and or trying contracts…? (Not completely sure on the legaility or possibility of the last option; contracts)
I would figure out a way but before we discuss possibilities of de-obfuscation, first maybe find a 3ps that works and then we’ll test if it can be de-obfuscated, but first we need to find one.
Nothing I’ve listed does any deobfuscation. It just abuses the way the obfuscated code works.
Ok but first lets find a 3ps before figuring out issues it may occur.
They can just spoof HttpService.
Well if you still want to use some 3rd party server I would heavily suggest something that allows files to be private and only accessible through an API key. I do not know of any free service that does this, but you should be able to set something up your self on github pages (you can give github some money and they’ll let you privatize your github page’s source!!)
Is there like a database I could use?
Still requires you to set your own server and stuff up
How do I connect mongo to ROBLOX though?
You can’t directly. You have to use it on an external server where the Roblox server requests via some api you have setup to access the data they want to.
1 Like
Yeah this is a prime example of why I keep saying it’s not a good idea to sell products on Roblox anymore and to instead take commissions. By the way, your exact question has been asked before, so please do search before posting threads.
4 Likes