Yucon Framework || Optimization, organization, and high-level security

So basically doesn’t work the same as a normal Event like usually you would FireServer on the client and then in the ServerScript you would just have OnServerEvent then spawn your part that way. But in this you are firing from the client then passing a Value to the server?

Nope, they work like normal remote events.

May I ask, is this something like the Knit framework, that also runs everything modular with one server and one client script?

Yes, it’s similar in that way :slight_smile:

1 Like

How would I use this framework for an FPS game? Is there any tutorials I can follow along besides polyhall’s that are straightforward to fps game? This would really help, thanks!

1 Like

I feel like this would introduce a security issue. I’ve only read the post and haven’t delved into the code yet, but wouldn’t this mean the client would be able to call server functions in a server-sided context?

Yes. It’s the creator’s responsibility to not use it for sensitive cases.

I noticed that by removing Script:Step() or LocalScript:Render()
It would give me error ,I don’t have much experience with this yet
but I still think that you should make it optional

1 Like

Is there going to be a FPS tutorial anytime soon like PolyHalls? I’ve been waiting for months

I use this framework on daily basis, although I believe plugins and classes should have the Preload and Start method as default.

1 Like

HUGE UPDATE


New Anti-Exploit Measure

Remote events now use Advanced Encryption Standard type encryption as a way to further protect the boundary between the client and server.

This means that Yucon now comes with pre-made data sets that are extremely specific and extremely tough to crack.

This is the same encryption that governments, banks, and high-end applications use to protect their data.


New API Methods

[void] self:ListenToFramework(String eventName, Function bindedFunction)

This is a replication of the BindableEvent object for Roblox. In other words, this acts a remote between scripts of the same parent.
For example, firing this on the client will also cause the client to hear it, but the server will not hear it.

self:ListenToFramework("ShowUI", function(UiName, ...)
	PlayerGuiList[UiName].Visible = true
end)

[void] self:DisconnectFromFramework(String eventName)

To connect to the framework event, you use ListenToFramework. As such, you can stop listening by using the counter: self:DisconnectFromFramework()

[Instance] self:GetSharedAsset(String assetName, Boolean? recurseSearch)

Gets an instance stored in the ASSETS folder in ReplicatedStorage, or nil if it does not exist.

If recurseSearch is set to true, then the search will continue until the instance is not nil.

[void] self:FireScripts(String eventName, ...)

This provokes any connections that have binded to the framework event of the specified name.

The below code fires the code example from self:ListenToFramework():

self:FireScripts("ShowUI", "MainGui")

[void] self:Warn(...)

A more descriptive version of Luau’s built in warn method.

[void] {SERVER-ONLY} self:ListenToServerClose(Function bindedFunction)

When the server closes (such as when all players leave, when it shuts down, migrates an update, etc.), the function bindedFunction will be called.

self:ListenToServerClose(function()
	print("Oh no, the server is closing!")
end)

[Instance] {SERVER-ONLY} self:GetAsset(String assetName, Boolean? recurseSearch)

Gets an instance stored in the ASSETS folder in ServerStorage, or nil if it does not exist.

If recurseSearch is set to true, then the search will continue until the instance is not nil.

[void] self:GetGui(String GuiName, Boolean? recurseSearcj, number?)

Retrieve a ScreenGui under PlayerGui, by it’s name, with the options to yeild, until a Gui has loaded.


You can read the API here.


Shoutout to the contributor!

This update would not be possible without @StyledDev contributing his absolutely magical knowledge of cybersecurity and encryption, so give a super huge round of applause to thank his massive contribution to the framework!

8 Likes

You can just look at the decrypt function code. Why do you need this?

2 Likes

Short answer: You don’t. This is only going to make perf worse.

Long answer: Encryption like this does actually prevent malicious actors from man-in-the-middle attacks for something like a client-server login method, which does have its uses. But you should never be doing it for every single remote- that’s just going to inflate data sizes and take up processing power.

Another interesting thing is :ListenToServerClose() when game:BindToClose() exists.

2 Likes

That code is useless without a key, which cannot be obtained easily. To obtain the key, you would need to go through the local script’s memory.

Even then, it won’t help much, because once the remote fires it’ll immediately be desynced.

Data sizes are low and processing power is minimal.

cc @ffrostfall

The difference between the two is that ListenToServerClose can be stacked/connected multiple times, while BindToClose cannot.

" local script’s memory." which, FYI, exploiters can do extremely easily. It’s a single line to save the entire game, and 3 clicks to save all the scripts for the game.

The data size is additive- if you have 60 players in a server, and this compression algorithm is adding 5 bytes per remote call, that’s 5*60 = 300 bytes per :FireAllClients(). This is, ironically enough, a huge deal when you consider the bytes to bits conversion. 300 bytes is 2400 bits, which is 2.4 kilobits, which is a big deal considering this is a single :FireAllClients().

If you scale this up to be, e.g, per every other frame, 30*2.4 = 72, which is 72 wasted kilobits per second.

Lower bandwidth results in smaller frame times, which results in lower ping. It also means that packet loss is less likely to occur, because if the route the packets are taking ends up being congested it may result in packets being dropped.

Lower bandwidth also means players with worse connections can play the game smoothly- if your internet connection isn’t good enough it can result in bottlenecks. 100 kilobytes (100*8 = 800 kilobits), is about 1 megabit per second- which if you’re trying to target mobile players, means that your connection can be straight up dropped. You should realize a lot of kids are playing Roblox on mobile data.

All this for literally no gain. plus, the encryption is probably larger than 5 bytes.

3 Likes

Would it be possible implement BridgeNet into Yucon? Then you still have the security benefits, while also saving bandwidth. Would be nice if we could disable encryption easily too.

1 Like

The network usage is more than doubled when using Yucon:

Standard remotes:

while task.wait() do
	for i = 1, 30 do
		game.ReplicatedStorage.BasicRemote:FireAllClients("Received: Fire", "Test", "Test2")
	end
end

image


Yucon

while task.wait() do
	for i = 1, 30 do
		self:FireAllClients("Received: Fire", "Test", "Test2")
	end
end

image

1 Like

JSYK it can.

Multiple functions can be bound using BindToClose if it is called repeatedly.

https://developer.roblox.com/en-us/api-reference/function/DataModel/BindToClose

1 Like

This is a great framework! Is there anyway you could implement roblox ts into it because i would think it will be beneficial for bigger Roblox studios