Kaarpas Posted July 6, 2019 Share Posted July 6, 2019 How best to protect resources?Is it possible for someone to steal a decompiled client side script even with a false cache? Link to comment
Scripting Moderators ds1-e Posted July 6, 2019 Scripting Moderators Share Posted July 6, 2019 7 minutes ago, Kaarpas said: How best to protect resources?Is it possible for someone to steal a decompiled client side script even with a false cache? Related topic: 1 Link to comment
Kaarpas Posted July 6, 2019 Author Share Posted July 6, 2019 5 minutes ago, majqq said: Related topic: Thank you, but you have not helped me yet. It is because I believe that the code has to be sent to the client for it to run, I do not know if with some type of proxy it is possible to intercept it and read it, I do not understand much of proxys. And good, since you cite in your topic, what is the best way to compile a script, having three options in luac? Link to comment
Scripting Moderators ds1-e Posted July 6, 2019 Scripting Moderators Share Posted July 6, 2019 1 minute ago, Kaarpas said: Thank you, but you have not helped me yet. It is because I believe that the code has to be sent to the client for it to run, I do not know if with some type of proxy it is possible to intercept it and read it, I do not understand much of proxys. And good, since you cite in your topic, what is the best way to compile a script, having three options in luac? I'm not expert at this, but yes, compiling with highest level of obfuscation. Since i don't get answer yet for my topic, one more possible way is sending client scripts with loadstring and triggerClientEvent, i've saw it somewhere, but i don't know if at the moment is worth to add this kind of protection, or if it's working at all. 1 Link to comment
Kaarpas Posted July 6, 2019 Author Share Posted July 6, 2019 1 minute ago, majqq said: I'm not expert at this, but yes, compiling with highest level of obfuscation. Since i don't get answer yet for my topic, one more possible way is sending client scripts with loadstring and triggerClientEvent, i've saw it somewhere, but i don't know if at the moment is worth to add this kind of protection, or if it's working at all. It's something that worries me a lot, since I spend a lot of time in scripting, just as you should do. Link to comment
Sisqo0 Posted July 7, 2019 Share Posted July 7, 2019 (edited) 17 hours ago, Kaarpas said: How best to protect resources?Is it possible for someone to steal a decompiled client side script even with a false cache? You can add at the end of client side script code fileDelete("client-script-name.Lua") Edited July 7, 2019 by Sisqo0 1 Link to comment
Scripting Moderators ds1-e Posted July 7, 2019 Scripting Moderators Share Posted July 7, 2019 3 hours ago, Sisqo0 said: You can add at the end of client side script code fileDelete("client-script-name.Lua") What's the point for that? If cache="false" does same? 1 Link to comment
Jayceon Posted July 7, 2019 Share Posted July 7, 2019 fileDelete download the file and then delete (and not secure bc the file visible for 3-5 seconds while the server is still downloading), cache false not download the file but load it into the memory. 1 Link to comment
JeViCo Posted July 7, 2019 Share Posted July 7, 2019 nothing can protect your resources except for modules or some magic tricks 1 Link to comment
Moderators IIYAMA Posted July 7, 2019 Moderators Share Posted July 7, 2019 (edited) Sending code with triggerClientEvent's and loading it with loadstring can give the stealer not just the code, but the exact same code as you wrote it. Note: If a stealer has stolen compiled code (event without obfuscation), the variable names you gave before are gone. Edited July 7, 2019 by IIYAMA 2 Link to comment
Scripting Moderators ds1-e Posted July 7, 2019 Scripting Moderators Share Posted July 7, 2019 1 hour ago, IIYAMA said: Sending code with triggerClientEvent's and loading it with loadstring can give the stealer not just the code, but the exact same code as you wrote it. Note: If a stealer has stolen compiled code (event without obfuscation), the variable names you gave before are gone. As i thought, i wasn't sure about that. So at the moment, there's no any other extra possibility to "secure them more", excluding cache="false" and compiling with highest level of obfuscation? 1 Link to comment
Moderators IIYAMA Posted July 7, 2019 Moderators Share Posted July 7, 2019 (edited) @majqq Using triggerClientEvent you can actually making it harder as you can create your own keys to secure the scripts. But it will comes at a huge price. You are risking your variable names. You have to create your own security. You are risking your security keys. Converting your encrypted code to loadstring code comes at a cost of performance. (+ it is done in Lua and not C++) The download speed isn't optimised as you are requesting files per resource. The start sequence of the files for all resources in total is something you do not have full control over. ... My recommendation for high security: compile them (losing variable names +) (Optimised +) obfuscation (secure layer +) (decrypt time - ) disable cache (not available as file) (download time - ) But if you want to give high load/download time to the players. Do only step 1. Edited July 7, 2019 by IIYAMA 1 Link to comment
Scripting Moderators ds1-e Posted July 7, 2019 Scripting Moderators Share Posted July 7, 2019 13 minutes ago, IIYAMA said: @majqq Using triggerClientEvent you can actually making it harder as you can create your own keys to secure the scripts. But it will comes at a huge price. You are risking your variable names. You have to create your own security. You are risking your security keys. Converting your encrypted code to loadstring code comes at a cost of performance. (+ it is done in Lua and not C++) The download speed isn't optimised as you are requesting files per resource. The start sequence of the files for all resources in total is something you do not have full control over. ... My recommendation for high security: compile them (losing variable names +) (Optimised +) obfuscation (secure layer +) (decrypt time - ) disable cache (not available as file) (download time - ) But if you want to give high load/download time to the players. Do only step 1. That's what i am doing, compiling script with highest obfuscation level, and also i use cache="false" in meta.xml for client-side scripts, thanks for explaining. 1 Link to comment
Kaarpas Posted July 8, 2019 Author Share Posted July 8, 2019 16 hours ago, IIYAMA said: @majqq Using triggerClientEvent you can actually making it harder as you can create your own keys to secure the scripts. But it will comes at a huge price. You are risking your variable names. You have to create your own security. You are risking your security keys. Converting your encrypted code to loadstring code comes at a cost of performance. (+ it is done in Lua and not C++) The download speed isn't optimised as you are requesting files per resource. The start sequence of the files for all resources in total is something you do not have full control over. ... My recommendation for high security: compile them (losing variable names +) (Optimised +) obfuscation (secure layer +) (decrypt time - ) disable cache (not available as file) (download time - ) But if you want to give high load/download time to the players. Do only step 1. Thanks for the help, it's something like @majqq I've already done in my scripts! 1 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now