Kaarpas

Resource protection

Recommended Posts

How best to protect resources?
Is it possible for someone to steal a decompiled client side script even with a false cache?

Share this post


Link to post
7 minutes ago, Kaarpas said:

How best to protect resources?
Is it possible for someone to steal a decompiled client side script even with a false cache?

Related topic:

 

  • Like 1

Share this post


Link to post
5 minutes ago, majqq said:

Related topic:

 

Thank you, but you have not helped me yet. It is because I believe that the code has to be sent to the client for it to run, I do not know if with some type of proxy it is possible to intercept it and read it, I do not understand much of proxys. And good, since you cite in your topic, what is the best way to compile a script, having three options in luac?

Share this post


Link to post
1 minute ago, Kaarpas said:

Thank you, but you have not helped me yet. It is because I believe that the code has to be sent to the client for it to run, I do not know if with some type of proxy it is possible to intercept it and read it, I do not understand much of proxys. And good, since you cite in your topic, what is the best way to compile a script, having three options in luac?

I'm not expert at this, but yes, compiling with highest level of obfuscation. Since i don't get answer yet for my topic, one more possible way is sending client scripts with loadstring and triggerClientEvent, i've saw it somewhere, but i don't know if at the moment is worth to add this kind of protection, or if it's working at all.

  • Like 1

Share this post


Link to post
1 minute ago, majqq said:

I'm not expert at this, but yes, compiling with highest level of obfuscation. Since i don't get answer yet for my topic, one more possible way is sending client scripts with loadstring and triggerClientEvent, i've saw it somewhere, but i don't know if at the moment is worth to add this kind of protection, or if it's working at all. 

It's something that worries me a lot, since I spend a lot of time in scripting, just as you should do.

Share this post


Link to post
Posted (edited)
17 hours ago, Kaarpas said:

How best to protect resources?
Is it possible for someone to steal a decompiled client side script even with a false cache?

You can add at the end of client side script code

fileDelete("client-script-name.Lua") 

 

Edited by Sisqo0
  • Like 1

Share this post


Link to post
3 hours ago, Sisqo0 said:

You can add at the end of client side script code


fileDelete("client-script-name.Lua") 

 

What's the point for that? If cache="false" does same?

  • Like 1

Share this post


Link to post

fileDelete download the file and then delete (and not secure bc the file visible for 3-5 seconds while the server is still downloading), cache false not download the file but load it into the memory.

  • Like 1

Share this post


Link to post

nothing can protect your resources except for modules or some magic tricks

  • Like 1

Share this post


Link to post
Posted (edited)

Sending code with triggerClientEvent's and loading it with loadstring can give the stealer not just the code, but the exact same code as you wrote it.

Note: If a stealer has stolen compiled code (event without obfuscation), the variable names you gave before are gone.

 

 

Edited by IIYAMA
  • Like 2

Share this post


Link to post
1 hour ago, IIYAMA said:

Sending code with triggerClientEvent's and loading it with loadstring can give the stealer not just the code, but the exact same code as you wrote it.

Note: If a stealer has stolen compiled code (event without obfuscation), the variable names you gave before are gone.

 

 

As i thought, i wasn't sure about that. So at the moment, there's no any other extra possibility to "secure them more", excluding cache="false" and compiling with highest level of obfuscation?

  • Like 1

Share this post


Link to post
Posted (edited)

@majqq

Using triggerClientEvent you can actually making it harder as you can create your own keys to secure the scripts. But it will comes at a huge price.

  1. You are risking your variable names.
  2. You have to create your own security.
  3. You are risking your security keys.
  4. Converting your encrypted code to loadstring code comes at a cost of performance. (+ it is done in Lua and not C++)
  5. The download speed isn't optimised as you are requesting files per resource.
  6. The start sequence of the files for all resources in total is something you do not have full control over.
  7. ...

 

My recommendation for high security:

  1. compile them (losing variable names +) (Optimised +)
  2. obfuscation (secure layer +) (decrypt time - )
  3. disable cache (not available as file) (download time - )

 

But if you want to give high load/download time to the players. Do only step 1.

 

 

Edited by IIYAMA
  • Like 1

Share this post


Link to post
13 minutes ago, IIYAMA said:

@majqq

Using triggerClientEvent you can actually making it harder as you can create your own keys to secure the scripts. But it will comes at a huge price.

  1. You are risking your variable names.
  2. You have to create your own security.
  3. You are risking your security keys.
  4. Converting your encrypted code to loadstring code comes at a cost of performance. (+ it is done in Lua and not C++)
  5. The download speed isn't optimised as you are requesting files per resource.
  6. The start sequence of the files for all resources in total is something you do not have full control over.
  7. ...

 

My recommendation for high security:

  1. compile them (losing variable names +) (Optimised +)
  2. obfuscation (secure layer +) (decrypt time - )
  3. disable cache (not available as file) (download time - )

 

But if you want to give high load/download time to the players. Do only step 1.

 

 

That's what i am doing, compiling script with highest obfuscation level, and also i use cache="false" in meta.xml for client-side scripts, thanks for explaining.

  • Like 1

Share this post


Link to post
16 hours ago, IIYAMA said:

@majqq

Using triggerClientEvent you can actually making it harder as you can create your own keys to secure the scripts. But it will comes at a huge price.

  1. You are risking your variable names.
  2. You have to create your own security.
  3. You are risking your security keys.
  4. Converting your encrypted code to loadstring code comes at a cost of performance. (+ it is done in Lua and not C++)
  5. The download speed isn't optimised as you are requesting files per resource.
  6. The start sequence of the files for all resources in total is something you do not have full control over.
  7. ...

 

My recommendation for high security:

  1. compile them (losing variable names +) (Optimised +)
  2. obfuscation (secure layer +) (decrypt time - )
  3. disable cache (not available as file) (download time - )

 

But if you want to give high load/download time to the players. Do only step 1.

 

 

Thanks for the help, it's something like @majqq I've already done in my scripts!

  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.