Anubhav Posted August 8, 2014 Share Posted August 8, 2014 (edited) Today while I was thinking of a security. Some people compile thier scripts but the server gets hacked and they steal the server side. So why not make a script which WON'T WORK ON THE SERVER AT ALL? That would protect your scripts and prevent being leaked! Some functions you can use: local serverName = getServerName() function blablabla() if serverName == "Your server name here" then -- your script starts! end end Make sure to compile it. See? Whenever blablablaba function starts you should make this check. You can even use setElementData! Something like this would work: First script: local sec = false function enableAccount(source) if getAccountName(getPlayerAccount(source)) == "adminAccName" then -- to check if the acc name is of admin then only! Keep your acc name! setElementData( root, "serverProtected", true ) sec = true end end addCommandHandler("enableSecurity", enableAcconut) function join() if sec == true then setElementData( root, "serverProtected", true ) end end addEventHandler("onPlayerLogin", root, join) And in your another script you can use getElementData( root, "serverProtected") Like this: function one() if getElementData( root, "serverProtected" ) == true then end end Please remember to compile them. This will make your security system more better. Please tell some scripters who din't visit this page to do. It can help them to. I'll be finding more things to improve MTA SA security. Edited August 8, 2014 by Guest Link to comment
xTravax Posted August 8, 2014 Share Posted August 8, 2014 1. What's point of this? Un-encrypting and decompiling the scripts is pretty easy if you know how to do it, and hacking a server is much harder. So if someone succeeds to hack whole server, he surely knows how to decompile/unencrypt the scripts, so it's kinda useless.There aren't really much people who would just hack into server and run compiled/encrypted scripts. 2. Your element data would fail after some time. You put element data to everyone that server is "protected" and after someone else joins who previously hasn't, he won't have that element data.Same thing if some player reconnects. And the result would be that server is unprotected and script(s) would fail to load. Link to comment
Anubhav Posted August 8, 2014 Author Share Posted August 8, 2014 1. What's point of this? Un-encrypting and decompiling the scripts is pretty easy if you know how to do it, and hacking a server is much harder. So if someone succeeds to hack whole server, he surely knows how to decompile/unencrypt the scripts, so it's kinda useless.There aren't really much people who would just hack into server and run compiled/encrypted scripts.2. Your element data would fail after some time. You put element data to everyone that server is "protected" and after someone else joins who previously hasn't, he won't have that element data.Same thing if some player reconnects. And the result would be that server is unprotected and script(s) would fail to load. 1. Decompiling is not possible if you tick the Encrypt button and Anti-Decompile. 2. Thanks for telling, I din't noticed that! Link to comment
xTravax Posted August 8, 2014 Share Posted August 8, 2014 1. Decompiling is not possible if you tick the Encrypt button and Anti-Decompile. it is possible. your sentence is basically same as like saying facebook can't be hacked. And every few months few million million accounts get leaked by hackers Link to comment
Anubhav Posted August 8, 2014 Author Share Posted August 8, 2014 Facebook came here? Seriously lel.. MTA SA and Facebook have a big difference. And it can't be de-compiled at all if you click on anti-decompile! Link to comment
Saml1er Posted August 8, 2014 Share Posted August 8, 2014 Just like myonlake said that if someone is ready to run a million of queries on a computer ( not a big deal) then yes it is possible to decompile the script. ^ Link to comment
vx89 Posted August 8, 2014 Share Posted August 8, 2014 Umm.. if it's encrypted - then how it gets unencrypted on the server again? there needs to be a secure phase somewhere kept, and if someone hacks the server then... Link to comment
DakiLLa Posted August 8, 2014 Share Posted August 8, 2014 And it can't be de-compiled at all if you click on anti-decompile! Don't be so naive, read this topic please. The guy has explained there how he did decompile compiled and encrypted script. Link to comment
Anubhav Posted August 9, 2014 Author Share Posted August 9, 2014 I never saw that topic. Maybe one day it would be hard. If the guy isn't a scripter, he won't understand anything (lol)> Link to comment
xTravax Posted August 9, 2014 Share Posted August 9, 2014 if he just hacks into whole (FTP?) Server which is very hard, you think he won't know how to decompile the serverside scripts? lol. Link to comment
Anubhav Posted August 9, 2014 Author Share Posted August 9, 2014 Its maybe true. I am just trying to help... Link to comment
qaisjp Posted August 20, 2014 Share Posted August 20, 2014 Writing wrapper functions make this method useless. Link to comment
Anubhav Posted August 20, 2014 Author Share Posted August 20, 2014 Wrapper functions? What are they? Link to comment
qaisjp Posted August 21, 2014 Share Posted August 21, 2014 function getServerName() return "LOOL antisteal server name" end Link to comment
Anubhav Posted August 21, 2014 Author Share Posted August 21, 2014 Thanks for telling me got it. Link to comment
xXMADEXx Posted May 29, 2015 Share Posted May 29, 2015 I liked your attempt but this type of security doesn't work very well. If someone who knew basic scripting got a hold of these, they could simply create a new file and override the getServerName function. Something like this would work: function getServerName ( ) return "The the required name"; end Link to comment
Om. Posted November 28, 2015 Share Posted November 28, 2015 There are lots of php scripts that can decrypt lua files. Compiling dosn't makes your script more safer.. Link to comment
Recommended Posts