Yucon Framework || Optimization, organization, and high-level security

HedTB_Dev · March 11, 2022, 7:01am

May I ask, is this something like the Knit framework, that also runs everything modular with one server and one client script?

iGottic · March 11, 2022, 9:49pm

Yes, it’s similar in that way

BandaidKidd · March 22, 2022, 12:40am

How would I use this framework for an FPS game? Is there any tutorials I can follow along besides polyhall’s that are straightforward to fps game? This would really help, thanks!

Judgy_Oreo · April 22, 2022, 10:03am

I feel like this would introduce a security issue. I’ve only read the post and haven’t delved into the code yet, but wouldn’t this mean the client would be able to call server functions in a server-sided context?

iGottic · April 22, 2022, 7:55pm

Yes. It’s the creator’s responsibility to not use it for sensitive cases.

Huonzales · April 24, 2022, 12:42pm

I noticed that by removing Script:Step() or LocalScript:Render()
It would give me error ,I don’t have much experience with this yet
but I still think that you should make it optional

BandaidKidd · May 6, 2022, 12:23am

Is there going to be a FPS tutorial anytime soon like PolyHalls? I’ve been waiting for months

Dez_ent · May 15, 2022, 10:41pm

I use this framework on daily basis, although I believe plugins and classes should have the Preload and Start method as default.

iGottic · May 16, 2022, 8:36pm

HUGE UPDATE

New Anti-Exploit Measure

Remote events now use Advanced Encryption Standard type encryption as a way to further protect the boundary between the client and server.

This means that Yucon now comes with pre-made data sets that are extremely specific and extremely tough to crack.

This is the same encryption that governments, banks, and high-end applications use to protect their data.

New API Methods

`[void] self:ListenToFramework(String eventName, Function bindedFunction)`

This is a replication of the BindableEvent object for Roblox. In other words, this acts a remote between scripts of the same parent.
For example, firing this on the client will also cause the client to hear it, but the server will not hear it.

self:ListenToFramework("ShowUI", function(UiName, ...)
	PlayerGuiList[UiName].Visible = true
end)

`[void] self:DisconnectFromFramework(String eventName)`

To connect to the framework event, you use ListenToFramework. As such, you can stop listening by using the counter: self:DisconnectFromFramework()

`[Instance] self:GetSharedAsset(String assetName, Boolean? recurseSearch)`

Gets an instance stored in the ASSETS folder in ReplicatedStorage, or nil if it does not exist.

If recurseSearch is set to true, then the search will continue until the instance is not nil.

`[void] self:FireScripts(String eventName, ...)`

This provokes any connections that have binded to the framework event of the specified name.

The below code fires the code example from self:ListenToFramework():

self:FireScripts("ShowUI", "MainGui")

`[void] self:Warn(...)`

A more descriptive version of Luau’s built in warn method.

`[void] {SERVER-ONLY} self:ListenToServerClose(Function bindedFunction)`

When the server closes (such as when all players leave, when it shuts down, migrates an update, etc.), the function bindedFunction will be called.

self:ListenToServerClose(function()
	print("Oh no, the server is closing!")
end)

`[Instance] {SERVER-ONLY} self:GetAsset(String assetName, Boolean? recurseSearch)`

Gets an instance stored in the ASSETS folder in ServerStorage, or nil if it does not exist.

If recurseSearch is set to true, then the search will continue until the instance is not nil.

`[void] self:GetGui(String GuiName, Boolean? recurseSearcj, number?)`

Retrieve a ScreenGui under PlayerGui, by it’s name, with the options to yeild, until a Gui has loaded.

You can read the API here.

Shoutout to the contributor!

This update would not be possible without @StyledDev contributing his absolutely magical knowledge of cybersecurity and encryption, so give a super huge round of applause to thank his massive contribution to the framework!

commitblue · August 19, 2022, 1:40pm

You can just look at the decrypt function code. Why do you need this?

ffrostfall · August 19, 2022, 6:43pm

Short answer: You don’t. This is only going to make perf worse.

Long answer: Encryption like this does actually prevent malicious actors from man-in-the-middle attacks for something like a client-server login method, which does have its uses. But you should never be doing it for every single remote- that’s just going to inflate data sizes and take up processing power.

Another interesting thing is :ListenToServerClose() when game:BindToClose() exists.

iGottic · August 19, 2022, 7:24pm

That code is useless without a key, which cannot be obtained easily. To obtain the key, you would need to go through the local script’s memory.

Even then, it won’t help much, because once the remote fires it’ll immediately be desynced.

Data sizes are low and processing power is minimal.

cc @ffrostfall

iGottic · August 19, 2022, 7:27pm

The difference between the two is that ListenToServerClose can be stacked/connected multiple times, while BindToClose cannot.

ffrostfall · August 19, 2022, 8:01pm

" local script’s memory." which, FYI, exploiters can do extremely easily. It’s a single line to save the entire game, and 3 clicks to save all the scripts for the game.

The data size is additive- if you have 60 players in a server, and this compression algorithm is adding 5 bytes per remote call, that’s 5*60 = 300 bytes per :FireAllClients(). This is, ironically enough, a huge deal when you consider the bytes to bits conversion. 300 bytes is 2400 bits, which is 2.4 kilobits, which is a big deal considering this is a single :FireAllClients().

If you scale this up to be, e.g, per every other frame, 30*2.4 = 72, which is 72 wasted kilobits per second.

Lower bandwidth results in smaller frame times, which results in lower ping. It also means that packet loss is less likely to occur, because if the route the packets are taking ends up being congested it may result in packets being dropped.

Lower bandwidth also means players with worse connections can play the game smoothly- if your internet connection isn’t good enough it can result in bottlenecks. 100 kilobytes (100*8 = 800 kilobits), is about 1 megabit per second- which if you’re trying to target mobile players, means that your connection can be straight up dropped. You should realize a lot of kids are playing Roblox on mobile data.

All this for literally no gain. plus, the encryption is probably larger than 5 bytes.

xChris_vC · August 20, 2022, 7:54am

Would it be possible implement BridgeNet into Yucon? Then you still have the security benefits, while also saving bandwidth. Would be nice if we could disable encryption easily too.

xChris_vC · August 20, 2022, 8:10am

The network usage is more than doubled when using Yucon:

Standard remotes:

while task.wait() do
	for i = 1, 30 do
		game.ReplicatedStorage.BasicRemote:FireAllClients("Received: Fire", "Test", "Test2")
	end
end

Yucon

while task.wait() do
	for i = 1, 30 do
		self:FireAllClients("Received: Fire", "Test", "Test2")
	end
end

7z99 · August 21, 2022, 6:02am

JSYK it can.

Multiple functions can be bound using BindToClose if it is called repeatedly.

https://developer.roblox.com/en-us/api-reference/function/DataModel/BindToClose

Tebbot_Dev · July 7, 2023, 11:42am

This is a great framework! Is there anyway you could implement roblox ts into it because i would think it will be beneficial for bigger Roblox studios

iGottic · July 7, 2023, 1:52pm

Unfortunately not as this framework is discontinued.

NotBugle · July 20, 2023, 8:06pm

This really does suck!
I love Yucon and wished I’ seen it when it first came out.