generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: Any string encryption methods out there?

Previous Thread :: Next Thread 
Void_Optics is not online. Void_Optics
Joined: 21 Mar 2016
Total Posts: 286
12 Jan 2017 04:51 PM
Since I'm using FE in all of my projects at this point, RemoteEvents and RemoteFunctions are super important to anything I make. But, it seems really insecure to send a string "GiveMoney" and an attached value to the server, because then it barely even takes intelligence to exploit. Instead of using "GiveMoney" as my passing argument between the server and the client, how can I encrypt the string so it's far less obvious? Thanks! :^)
Report Abuse
Intended_Pun is not online. Intended_Pun
Joined: 10 Aug 2016
Total Posts: 4384
12 Jan 2017 04:53 PM
Don't name it "GiveMoney".
Report Abuse
TaaRt is online. TaaRt
Joined: 26 Apr 2009
Total Posts: 5039
12 Jan 2017 04:53 PM
BASE64 is inexpensive and would outsmarten your average skid by far
Report Abuse
Void_Optics is not online. Void_Optics
Joined: 21 Mar 2016
Total Posts: 286
12 Jan 2017 04:54 PM
@Intended

You're right... I'll name it "DontGiveMoney"


these nerds won't know what hit them >:^)
Report Abuse
Intended_Pun is not online. Intended_Pun
Joined: 10 Aug 2016
Total Posts: 4384
12 Jan 2017 04:59 PM
If you're that concerned, here's a random naming function I wrote that's not really "encryption" (Because you can't decrypt) but it will hide your stuff.
It's probably inefficient too, as somebody will say:

function generatesafename()
local letters = {"A", "B", "C", "D", "E", "F", "G", "H###################L", "M", "N", "O", "P", "Q", "R", "S,", "T", "U", "V", "W", "X", "Y", "Z"}
local specialchars = {"!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "-", "_", "+", "=", "[", "]", "|", "~", "`", "{", "}", "[", "]", "/", "?", ":", ";", ",", "."}
local numbers = {0,1,2,3,4,5,6,7,8,9}
local string1 = ""
for i = 1, math.random(1, 100) do
local x = math.random(1, 3)
local rl = letters[math.random(1, #letters)]
local sc = specialchars[math.random(1, #specialchars)]
local n = numbers[math.random(1, #numbers)]
if x == 1 then
string1 = string1..rl
string1 = string1..sc
string1 = string1..n
elseif x == 2 then
string1 = string1..sc
string1 = string1..n
elseif x == 3 then
string1 = string1..rl
string1 = string1..n
end
end
return string1
end
Report Abuse
Intended_Pun is not online. Intended_Pun
Joined: 10 Aug 2016
Total Posts: 4384
12 Jan 2017 05:00 PM
Exceptional. Now they're censoring the alphabet.
Report Abuse
noliCAIKS is not online. noliCAIKS
Joined: 08 Mar 2010
Total Posts: 917
12 Jan 2017 05:00 PM
You could try using this:
http://wiki.roblox.com/index.php?title=User:NoliCAIKS/Code/Encryption

It works by using the same key during both the encryption and decryption. I don't think it's possible to decrypt without knowing the key. A key can be any string but try not to make it too long or it might slow things down, but try to make it as random as possible so people can't guess it.
Report Abuse
Real_Spooky is not online. Real_Spooky
Joined: 23 Oct 2013
Total Posts: 3149
12 Jan 2017 05:03 PM
I had no idea you were still around, Noli. :v

You're the reason I now understand metatables.
Report Abuse
Intended_Pun is not online. Intended_Pun
Joined: 10 Aug 2016
Total Posts: 4384
12 Jan 2017 05:04 PM
Ooh, noli, that's cool!
I'm totally going to use that
Report Abuse
noliCAIKS is not online. noliCAIKS
Joined: 08 Mar 2010
Total Posts: 917
12 Jan 2017 05:07 PM
I forgot to mention, but using this you can use a different key for every client as well. Just let the LocalScript generate a key using math.random(255) combined with string.char, then send that to the server once and keep it stored in a table to memorize it.

For generating the key you could do something like this:

local length = 8
local t = {}
for i = 1, length do
t[i] = string.char(math.random(255))
end
local key = table.concat(t)

Then pass that key to the server with a RemoteEvent or RemoteFunction, and store it in a lookup table:
keys[player] = key
Report Abuse
Bobby_Darin is not online. Bobby_Darin
Joined: 05 Jan 2013
Total Posts: 5587
12 Jan 2017 05:11 PM
Your network model sucks. You're better off disabling FE than creating a remote event which allows the client to give themselves currency lol

handle that stuff on the server
Report Abuse
noliCAIKS is not online. noliCAIKS
Joined: 08 Mar 2010
Total Posts: 917
12 Jan 2017 05:11 PM
One more thing, I'm not sure if this is necessary but just to be safe it's best to enable weak table keys for the encryption keys table. This ensures that memory leaks don't occur when players leave the game.

keys = setmetatable({}, {__mode = "k"})
Report Abuse
Void_Optics is not online. Void_Optics
Joined: 21 Mar 2016
Total Posts: 286
12 Jan 2017 05:15 PM
Sounds good, but doesn't sending the key through the server defeat the whole purpose? Since potential exploiters will be monitoring the remote events...


My idea is to use a function that uses their username (which can be understood by both the client and server) and have the same function on both sides that makes the encryption/decryption key (with the contents of their username).

This way, both the server and the client will know the key without it ever being passed, which makes it very unlikely that it can be monitored.
Report Abuse
foreverpower is not online. foreverpower
Joined: 05 Feb 2011
Total Posts: 5578
12 Jan 2017 05:15 PM
If you have a RemoteEvent that allows the client to give themselves money, you are doing it all wrong and need to learn how to do networking properly.


Report Abuse
Bobby_Darin is not online. Bobby_Darin
Joined: 05 Jan 2013
Total Posts: 5587
12 Jan 2017 05:16 PM
You wouldn't have to worry about encryption in the first place if you just handled important values on the server
Report Abuse
Void_Optics is not online. Void_Optics
Joined: 21 Mar 2016
Total Posts: 286
12 Jan 2017 05:17 PM
Also... guys...

What I said in OP was an exaggeration. Clearly I could make things more complicated with varied names, using multiple events, etc, to confuse whoever is exploiting. My point is that if I wanted to send a message that is supposed to be hidden from the server to the client, it would be easier (and more ba imo) to encrypt it.
Report Abuse
noliCAIKS is not online. noliCAIKS
Joined: 08 Mar 2010
Total Posts: 917
12 Jan 2017 05:21 PM
@Void_Optics That should work as long as people don't figure out their username is being used as the key. However, yes, it is indeed an option to literally use the username as the key. Alternatively you could convert the UserId to a string using string.format("%08x", player.UserId). Perhaps you could even do something like string.format("%08x", (player.UserId * player.AccountAge + MAGIC_NUMBER) % ############ where you replace MAGIC_NUMBER by a secret number of your liking between 0 and ########### as long as you don't reveal the number you chose on the forums, people won't be able to use this thread to hack your game either.
Report Abuse
Bobby_Darin is not online. Bobby_Darin
Joined: 05 Jan 2013
Total Posts: 5587
12 Jan 2017 05:22 PM
Your network model still sucks if there's any way to meaningfully exploit through your game's remotes
Report Abuse
noliCAIKS is not online. noliCAIKS
Joined: 08 Mar 2010
Total Posts: 917
12 Jan 2017 05:22 PM
The thing that got censored in my previous message was the decimal notation of 2^32. Just wanted to clear that up.
Report Abuse
Void_Optics is not online. Void_Optics
Joined: 21 Mar 2016
Total Posts: 286
12 Jan 2017 05:22 PM
Thanks, you've been very helpful :^)
Report Abuse
Void_Optics is not online. Void_Optics
Joined: 21 Mar 2016
Total Posts: 286
12 Jan 2017 05:24 PM
###### I'm not sure what you mean... At some point along the line (in this HYPOTHETICAL situation) the client will have to tell the server to reward the client.
Report Abuse
Void_Optics is not online. Void_Optics
Joined: 21 Mar 2016
Total Posts: 286
12 Jan 2017 05:25 PM
It actually just censored the name bob by. This is ridiculous. (remove space between bob and by SHHH DONT TELL ANYONE I TYPED THAT)
Report Abuse
Bobby_Darin is not online. Bobby_Darin
Joined: 05 Jan 2013
Total Posts: 5587
12 Jan 2017 05:26 PM
Then you're doing it wrong. The server should decide to reward the client and let the client know they've been rewarded.

You should only be handling interfaces, input and stuff like client-side animations and physics on the client, not sensitive data.
Report Abuse
TimeTicks is not online. TimeTicks
Joined: 27 Apr 2011
Total Posts: 27115
12 Jan 2017 05:27 PM
String Encryption is stupip and a waste of time. If you are seriously paranoid just setup a key database for each player who joins the game. If their 'hash' key is different from the one received, then kick them.

Besides, proper server verification is literally all you need anyways. So many people are paranoid its ridiculous.


Report Abuse
foreverpower is not online. foreverpower
Joined: 05 Feb 2011
Total Posts: 5578
12 Jan 2017 05:27 PM
"At some point along the line (in this HYPOTHETICAL situation) the client will have to tell the server to reward the client."

Nope


Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image