If i obfuscate my local scripts and module scripts and add a security check to check if the Place ID is matched to my game in the obfuscated script, would i stop any exploiters from stealing and reviewing my modules and local scripts?
no
im pretty sure roblox doesnāt allow obfuscated scripts, even if they do allow it they strongly hate it
Obfuscation can significantly degrade script performance, leading to a poorer user experience due to increased complexity and processing time.
The Place ID will work but the obfuscation is completely useless.
This is only true if you add extra code to your script to āobfuscate it moreā.
Before running your gameās code, Roblox compiles it into bytecode. This is an obfuscated version of your source code that is harder for a human to understand, but easier for a computer.
When Roblox turns your code into bytecode, all:
- Variable names
- Function argument names (Function names are kept)
- Comments
- Luau type annotations
Are removed or obfuscated.
Bytecode does keep things like function names and line numbers, but itās a lot better to keep them because without them, it becomes a lot harder to debug errors in production because Roblox canāt give you good information about where or how they happened.
Hackers canāt see your source code, only the bytecode itās compiled into. Special tools called decompilers can convert this back into code, but canāt bring back things like variable names and comments.
A good rule of thumb when writing code is to never trust the client. While hackers canāt see your source code, they can still read and modify the bytecode. Because of this, in general checks in a localscript are pointless because itās easy for an exploiter to remove it.
I suggest reading this if you want to understand more about what exploiters can and canāt do in your game:
My statement, āObfuscation can significantly degrade script performance,ā followed by yours, "This is only true if you add extra code to your script to āobfuscate it moreā is wrong! The main performance issue with obfuscation lies in how the obfuscation itself is implemented. If the obfuscation adds significant complexity or additional layers of computation.
There is a trade-off between the level of obfuscation (and hence security) and performance. Higher levels of obfuscation typically result in more significant performance decreases.
The weaker your security, the better your performance.
The stronger your security, the slower your performance.
This is what I meant by āadding extra codeā
This is a problem you should not worry about unless someone is actually doing an attack in this way
But if youāre not adding extracode, your obfuscation stinks, and it still is slower than it would be due to, guess what, Mr. Sherlock, higher complexity!
Obfuscating your code is just changing the language slightly, to truly prevent exploiters you need to improve your coding practices. Unprotected remotes will always be unprotected if you donāt protect them!