toxicsmoke11 Posted March 5, 2015 Share Posted March 5, 2015 hey guys i wanted to ask something i am trying to explore methods of protecting my scripts and i thought of sending script's code from server to client and then executing it clientsidedly though im probably using loadstring for what its not used or something... -- client addEvent("onClientCodeRequest",true) function loadCode(code) loadstring(code) () -- sorry () was missed end addEventHandler("onClientCodeRequest",root,loadCode) -- server local theCode = 'outputChatBox("loaded")' triggerClientEvent("onClientCodeRequest",getRandomPlayer(),theCode) edit: i discovered i had to add () near loadstring, though how could i send really long code from server to client without conflicts? Link to comment
toxicsmoke11 Posted March 5, 2015 Author Share Posted March 5, 2015 ohhh how about this? -- client file which loads code -- server file 1 containing client code -- server file 2 reading file 1 and sending the content to client file is this good? well it works for me, but asking is it good as security measure? Link to comment
WhoAmI Posted March 5, 2015 Share Posted March 5, 2015 You can compile a file. It's the safest way. https://luac.multitheftauto.com/ Link to comment
toxicsmoke11 Posted March 5, 2015 Author Share Posted March 5, 2015 You can compile a file. It's the safest way.https://luac.multitheftauto.com/ That is not enough Link to comment
MisterQuestions Posted March 5, 2015 Share Posted March 5, 2015 I prefer use loadstring sending code at server side more "secure" Link to comment
toxicsmoke11 Posted March 6, 2015 Author Share Posted March 6, 2015 I prefer use loadstring sending code at server side more "secure" you mean you are sending code from client side to server side? if that's what you meant, a stealer could read the code from client side however if you send code with triggerClientEvent its also encrypted and works perfectly(server files can only be stolen if server is hacked, which is much much harder) i am just not sure if this is actually a good method for security Link to comment
MisterQuestions Posted March 6, 2015 Share Posted March 6, 2015 No im refering you where right Server To Client, just a simple code like... code = [[ variable = "this is a variable" outputChatBox(variable) ]] and then send that trough an event. Maybe you can encrypt code too with: base64Encode or teaEncode And send that as cache Link to comment
Enargy, Posted March 6, 2015 Share Posted March 6, 2015 local theCode = 'outputChatBox("loaded")' what's this? what did you mean with this? Link to comment
toxicsmoke11 Posted March 6, 2015 Author Share Posted March 6, 2015 Yea xerox, im using fileRead to get script content though Neargreen thats simple variable containing 1 line of code Executing code from variable in that case Link to comment
arezu Posted March 6, 2015 Share Posted March 6, 2015 You can compile a file. It's the safest way.https://luac.multitheftauto.com/ That is not enough luac.multitheftauto.com encrypts your file the same way packets are encrypted when you are sending data from server to client (triggerClientEvent). The other option is to add cache="false" in meta for script file, and it will send the file to client encrypted (just like triggerClientEvent) and load it but not save it on the clients harddrive, the exact same thing you are trying to do with triggerClientEvent + loadstring. Link to comment
toxicsmoke11 Posted March 6, 2015 Author Share Posted March 6, 2015 yeah i am already using cache to false(every client script i got) soo this is it? only way scripts could get stolen now as far as i see is to hack the server itself? Link to comment
Gallardo9944 Posted March 6, 2015 Share Posted March 6, 2015 yeah i am already using cache to false(every client script i got)soo this is it? only way scripts could get stolen now as far as i see is to hack the server itself? Don't forget that using cache="false" will change your script load order in some situations. So keep that in mind. Link to comment
arezu Posted March 7, 2015 Share Posted March 7, 2015 yeah i am already using cache to false(every client script i got)soo this is it? only way scripts could get stolen now as far as i see is to hack the server itself? No, you can use packet sniffing tools to read received packet data, but nobody who has the knowledge to do that would bother doing that and trying to deduce which encrypted strings that are received that are part of the script, and the scripts are sent in several packets so they would need to find them all and put them together. It would be much easier and less troublesome for them if they made the lua scripts themselves instead. As long as scripts are sent to client, they can always be stolen. Don't forget that using cache="false" will change your script load order in some situations. So keep that in mind. I think that was fixed. Link to comment
Addlibs Posted March 7, 2015 Share Posted March 7, 2015 I believe it is also possible (but quite hard) to read what was sent to cache through memory dumps. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now