laserlaser

[TUT] Protect Client Script at the Highest Level

Recommended Posts

Protect your scripts at the highest level

Now, if you're scripting yourself, you know the importance of having your scripts safe. We don't want anyone to steal our code, right? And, even though users can only steal client-sided code (since it's downloaded to their computer), it can give you a headache when you see another server using similar scripts.

Compiling only gets you so far, it's fairly easy to decompile any script and extract some chunks of code from it. While not perfect, it makes it easier for that person to "make" the script themselves; sometimes you can decompile the whole code, and it will work flawlessly.

With the release of MTA 1.1, this method became possible (cheers to MTA developers for that ). There is a simple way of "preventing the scripts from downloading to the player's PC". Okay, don't hold me for that literaly. The scripts still get downloaded, but the user can't find them in his downloaded resources folder. How? Well, here's the "magic" behind it.

Whenever the player joins your server, he downloads any necessary files, images, sounds, and also client-sided scripts (if he joined for the first time). Afterwards, the client-sided scripts are loaded, and from that moment on, they are no longer required on the player's hard drive. Why do they stay there? I don't know, seems like we're just offering others to steal them.

How do we prevent that? Using simple LUA code, we delete the downloaded scripts after they are loaded into memory. It is as simple as it sounds. Anyone looking in the folder of your resource won't find any scripts.

This is the part of the this topic.Yes It's good way, but no so good.

First, you must delete the client files from meta.xml (If we do that client side scripts won't downloand to the other PCs).Now open a server-side lua file: named = "serverProtector.lua"

And put this one:

fileList = { 
"mygui.lua", 
"mydx.lua", -- your client side files (e.g: render.lua)  
"hello.lua", -- you can increase the files. 
"classes/animation_class.lua" -- if the file in other folder, you must write the folder names. (e.g classes/gui/anim/anim_class.lua) 
} 
  
addEvent("onPlayerResourceStart",true) 
addEventHandler("onPlayerResourceStart",getRootElement(),function() 
    readToEnd = function(file_name) 
        local file = fileOpen(file_name) 
         
        if (file) then 
            local buffer 
            local toend = "" 
            while not fileIsEOF(file) do 
                buffer = fileRead(file,500) 
                toend = toend .. buffer 
            end 
            fileClose(file) 
            return toend 
        else 
            return false 
        end 
    end 
    for i,v in ipairs(fileList) do 
        fileList[i] = readToEnd(v) 
    end 
    triggerClientEvent(source,"includeFiles",getRootElement(),fileList) 
end) 

Important: You must add your scripts list by list.So if you use some function from other scripts, other scripts must be before.

Now we completed at the server-side.Now open a new client-side script(named: "clientProtector.lua")

And put this one:

  
function includeFiles(fileList) 
    for _,v in ipairs(fileList) do 
        func = assert(loadstring(v)) 
        func() 
    end 
end 
addEvent("includeFiles",true) 
addEventHandler("includeFiles",getRootElement(),includeFiles) 
  
addEventHandler("onClientResourceStart",getRootElement(),function(res) 
    if (res == getThisResource()) then 
        triggerServerEvent("onPlayerResourceStart",getLocalPlayer()) 
    end 
end) 

Now open a new client side script(named:protectorDelete.lua).And put this one:

fileDelete("clientProtector.lua") 

And now It's finish.Meta.xml must be:

  

this list..

And you must not to add the client files to the meta.xml, you must put the script folder only...

It's finish you protected your files around %99..

Notice: Someone correct the English ?

Share this post


Link to post

I don't know why these tutorials are useful when you can use protected meta subnode or simply delete the files when them are downloaded.

Share this post


Link to post

"onClientResourceStart"won't work it, if you're using loadstring.

Share this post


Link to post
I don't know why these tutorials are useful when you can use protected meta subnode or simply delete the files when them are downloaded.

'protected' atribute is not working on Linux.

Share this post


Link to post

I know, that's why I said "or simply delete the files when them are downloaded.".

Share this post


Link to post

I tried to delete files when they're downloaded before, if you disconnect while downloading, the downloaded files so far is still there.

Share this post


Link to post

What exactly is the "protected" attribute? what does it do?

Share this post


Link to post

i think its means when you enter the server and download the files gamemode starts but the gamemode files wont be save in your pc

:D

Share this post


Link to post

A friend already explained me what it does, thanks anyway.

Share this post


Link to post

What it actually does is makes sure the script is never stopped, I don't believe you can use 'stop' on a resource that is protected.

(Isn't that somewhere on the wiki, meta.xml page even?)

Share this post


Link to post

No, you are messing the 'protected' atribute from meta.xml with the 'protected' atribute in mtaserv.conf.

Share this post


Link to post

The reason it is saved client side is to decrease download the next-time you join that server. (You won't have to download the login panel again, or whatever. A one time download)

Share this post


Link to post
The reason it is saved client side is to decrease download the next-time you join that server. (You won't have to download the login panel again, or whatever. A one time download)

how much often size of the login panel?

10 kb?

20 kb?

30 kb?

50 kb?

this can be downloaded in less than 1 sec :roll:

i thinks the only things that should be saved is images and sounds and txd - dff or whatever the files that have large size.

Share this post


Link to post

Sure, but id still recommend it, they steal, mod it to be better then yours. Then you have an empty server, and children claiming the A+ code is theirs. Can't beat the hell out of them for it. Well you can, but it won't stop the influence.

P.S. Supernatural is a good series. I own them all.

Share this post


Link to post

TAPL it was an example.

(Yes it's awesome, GhostXoP :D)

Share this post


Link to post

I have one question. Should I do all this stuff in EVERY my resource? I mean changing meta.xml in every resource folder.

Share this post


Link to post
The reason it is saved client side is to decrease download the next-time you join that server. (You won't have to download the login panel again, or whatever. A one time download)

That's true, plus, if you want to open something and the client-side is deleted, then nothing is showing up :/

Share this post


Link to post
Hey can anyone just answer my question?

well, if you want it in every resource, then yes.

Share this post


Link to post

is there any way to unload the client file without stopping the resource ?

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.