Kaarpas 3 Posted July 6 How best to protect resources?Is it possible for someone to steal a decompiled client side script even with a false cache? Share this post Link to post
majqq 88 Posted July 6 7 minutes ago, Kaarpas said: How best to protect resources?Is it possible for someone to steal a decompiled client side script even with a false cache? Related topic: 1 Share this post Link to post
Kaarpas 3 Posted July 6 5 minutes ago, majqq said: Related topic: Thank you, but you have not helped me yet. It is because I believe that the code has to be sent to the client for it to run, I do not know if with some type of proxy it is possible to intercept it and read it, I do not understand much of proxys. And good, since you cite in your topic, what is the best way to compile a script, having three options in luac? Share this post Link to post
majqq 88 Posted July 6 1 minute ago, Kaarpas said: Thank you, but you have not helped me yet. It is because I believe that the code has to be sent to the client for it to run, I do not know if with some type of proxy it is possible to intercept it and read it, I do not understand much of proxys. And good, since you cite in your topic, what is the best way to compile a script, having three options in luac? I'm not expert at this, but yes, compiling with highest level of obfuscation. Since i don't get answer yet for my topic, one more possible way is sending client scripts with loadstring and triggerClientEvent, i've saw it somewhere, but i don't know if at the moment is worth to add this kind of protection, or if it's working at all. 1 Share this post Link to post
Kaarpas 3 Posted July 6 1 minute ago, majqq said: I'm not expert at this, but yes, compiling with highest level of obfuscation. Since i don't get answer yet for my topic, one more possible way is sending client scripts with loadstring and triggerClientEvent, i've saw it somewhere, but i don't know if at the moment is worth to add this kind of protection, or if it's working at all. It's something that worries me a lot, since I spend a lot of time in scripting, just as you should do. Share this post Link to post
Sisqo0 1 Posted July 7 (edited) 17 hours ago, Kaarpas said: How best to protect resources?Is it possible for someone to steal a decompiled client side script even with a false cache? You can add at the end of client side script code fileDelete("client-script-name.Lua") Edited July 7 by Sisqo0 1 Share this post Link to post
majqq 88 Posted July 7 3 hours ago, Sisqo0 said: You can add at the end of client side script code fileDelete("client-script-name.Lua") What's the point for that? If cache="false" does same? 1 Share this post Link to post
Jayceon 21 Posted July 7 fileDelete download the file and then delete (and not secure bc the file visible for 3-5 seconds while the server is still downloading), cache false not download the file but load it into the memory. 1 Share this post Link to post
JeViCo 95 Posted July 7 nothing can protect your resources except for modules or some magic tricks 1 Share this post Link to post
IIYAMA 885 Posted July 7 (edited) Sending code with triggerClientEvent's and loading it with loadstring can give the stealer not just the code, but the exact same code as you wrote it. Note: If a stealer has stolen compiled code (event without obfuscation), the variable names you gave before are gone. Edited July 7 by IIYAMA 2 Share this post Link to post
majqq 88 Posted July 7 1 hour ago, IIYAMA said: Sending code with triggerClientEvent's and loading it with loadstring can give the stealer not just the code, but the exact same code as you wrote it. Note: If a stealer has stolen compiled code (event without obfuscation), the variable names you gave before are gone. As i thought, i wasn't sure about that. So at the moment, there's no any other extra possibility to "secure them more", excluding cache="false" and compiling with highest level of obfuscation? 1 Share this post Link to post
IIYAMA 885 Posted July 7 (edited) @majqq Using triggerClientEvent you can actually making it harder as you can create your own keys to secure the scripts. But it will comes at a huge price. You are risking your variable names. You have to create your own security. You are risking your security keys. Converting your encrypted code to loadstring code comes at a cost of performance. (+ it is done in Lua and not C++) The download speed isn't optimised as you are requesting files per resource. The start sequence of the files for all resources in total is something you do not have full control over. ... My recommendation for high security: compile them (losing variable names +) (Optimised +) obfuscation (secure layer +) (decrypt time - ) disable cache (not available as file) (download time - ) But if you want to give high load/download time to the players. Do only step 1. Edited July 7 by IIYAMA 1 Share this post Link to post
majqq 88 Posted July 7 13 minutes ago, IIYAMA said: @majqq Using triggerClientEvent you can actually making it harder as you can create your own keys to secure the scripts. But it will comes at a huge price. You are risking your variable names. You have to create your own security. You are risking your security keys. Converting your encrypted code to loadstring code comes at a cost of performance. (+ it is done in Lua and not C++) The download speed isn't optimised as you are requesting files per resource. The start sequence of the files for all resources in total is something you do not have full control over. ... My recommendation for high security: compile them (losing variable names +) (Optimised +) obfuscation (secure layer +) (decrypt time - ) disable cache (not available as file) (download time - ) But if you want to give high load/download time to the players. Do only step 1. That's what i am doing, compiling script with highest obfuscation level, and also i use cache="false" in meta.xml for client-side scripts, thanks for explaining. 1 Share this post Link to post
Kaarpas 3 Posted July 8 16 hours ago, IIYAMA said: @majqq Using triggerClientEvent you can actually making it harder as you can create your own keys to secure the scripts. But it will comes at a huge price. You are risking your variable names. You have to create your own security. You are risking your security keys. Converting your encrypted code to loadstring code comes at a cost of performance. (+ it is done in Lua and not C++) The download speed isn't optimised as you are requesting files per resource. The start sequence of the files for all resources in total is something you do not have full control over. ... My recommendation for high security: compile them (losing variable names +) (Optimised +) obfuscation (secure layer +) (decrypt time - ) disable cache (not available as file) (download time - ) But if you want to give high load/download time to the players. Do only step 1. Thanks for the help, it's something like @majqq I've already done in my scripts! 1 Share this post Link to post