If i obfuscate my local scripts and module scripts and add a security check to check if the Place ID is matched to my game in the obfuscated script, would i stop any exploiters from stealing and reviewing my modules and local scripts?
no
im pretty sure roblox doesn’t allow obfuscated scripts, even if they do allow it they strongly hate it
Obfuscation can significantly degrade script performance, leading to a poorer user experience due to increased complexity and processing time.
The Place ID will work but the obfuscation is completely useless.
This is only true if you add extra code to your script to “obfuscate it more”.
Before running your game’s code, Roblox compiles it into bytecode. This is an obfuscated version of your source code that is harder for a human to understand, but easier for a computer.
When Roblox turns your code into bytecode, all:
- Variable names
- Function argument names (Function names are kept)
- Comments
- Luau type annotations
Are removed or obfuscated.
Bytecode does keep things like function names and line numbers, but it’s a lot better to keep them because without them, it becomes a lot harder to debug errors in production because Roblox can’t give you good information about where or how they happened.
Hackers can’t see your source code, only the bytecode it’s compiled into. Special tools called decompilers can convert this back into code, but can’t bring back things like variable names and comments.
A good rule of thumb when writing code is to never trust the client. While hackers can’t see your source code, they can still read and modify the bytecode. Because of this, in general checks in a localscript are pointless because it’s easy for an exploiter to remove it.
I suggest reading this if you want to understand more about what exploiters can and can’t do in your game:
My statement, “Obfuscation can significantly degrade script performance,” followed by yours, "This is only true if you add extra code to your script to ‘obfuscate it more’ is wrong! The main performance issue with obfuscation lies in how the obfuscation itself is implemented. If the obfuscation adds significant complexity or additional layers of computation.
There is a trade-off between the level of obfuscation (and hence security) and performance. Higher levels of obfuscation typically result in more significant performance decreases.
The weaker your security, the better your performance.
The stronger your security, the slower your performance.
This is what I meant by “adding extra code”
This is a problem you should not worry about unless someone is actually doing an attack in this way
But if you’re not adding extracode, your obfuscation stinks, and it still is slower than it would be due to, guess what, Mr. Sherlock, higher complexity!
Obfuscating your code is just changing the language slightly, to truly prevent exploiters you need to improve your coding practices. Unprotected remotes will always be unprotected if you don’t protect them!