generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: How To Secure Remote Events/Functions

Previous Thread :: Next Thread 
ScripterTutorials is not online. ScripterTutorials
Joined: 01 Sep 2013
Total Posts: 284
09 Jul 2017 09:50 PM
I have a lot of information accessible to the server only, such as weapons, points, etc. Because of this, I have to use RemoteFunctions/Events for the client to be able to read/change this information for exploiters to have a harder time. But then I noticed they could just invoke/fire these and give themselves items this way. Is there a way to secure them?


-- roblox chat syst##
Report Abuse
BoredLord101 is not online. BoredLord101
Joined: 28 May 2016
Total Posts: 180
09 Jul 2017 09:52 PM
################ could generate a random key every time on the sender side and make sure the key is the same on the reciever side
Report Abuse
ScripterTutorials is not online. ScripterTutorials
Joined: 01 Sep 2013
Total Posts: 284
09 Jul 2017 09:54 PM
The key would have to be accessible to both clients and the server, so exploiters could easily just read the key.


-- roblox chat syst##
Report Abuse
ScripterTutorials is not online. ScripterTutorials
Joined: 01 Sep 2013
Total Posts: 284
09 Jul 2017 09:55 PM
crump
Report Abuse
BoredLord101 is not online. BoredLord101
Joined: 28 May 2016
Total Posts: 180
09 Jul 2017 09:55 PM
hmmm, generate random decrypted code and have the decryption done on the other side so the player doesn't find out how to decrypt the code?
Report Abuse
ScripterTutorials is not online. ScripterTutorials
Joined: 01 Sep 2013
Total Posts: 284
09 Jul 2017 09:57 PM
I'll think about it.


-- roblox chat syst##
Report Abuse
framed is online. framed
Joined: 10 Oct 2008
Total Posts: 147
09 Jul 2017 10:00 PM
Most basic way is expecting a ######## Param server side
Report Abuse
framed is online. framed
Joined: 10 Oct 2008
Total Posts: 147
09 Jul 2017 10:00 PM
Passyword


Report Abuse
ScripterTutorials is not online. ScripterTutorials
Joined: 01 Sep 2013
Total Posts: 284
09 Jul 2017 10:03 PM
Thank you.


-- roblox chat syst##
Report Abuse
framed is online. framed
Joined: 10 Oct 2008
Total Posts: 147
09 Jul 2017 10:07 PM
You can get quite creative with that one basic method of protection, you can generate a new ######## for every server, or even every player and you can also encrypt it. The possibilities are essentially endless, you can also time the intervals of how often a Function or event is being firing and kick them or ban them if its at unhuman speeds or speeds higher than you were expecting. Ok im going to stop 'cause Im just gonna start rambling at some point.
Report Abuse
framed is online. framed
Joined: 10 Oct 2008
Total Posts: 147
09 Jul 2017 10:07 PM
Passyword*


Report Abuse
BaiYuni is not online. BaiYuni
Joined: 09 Oct 2009
Total Posts: 2861
09 Jul 2017 10:10 PM
No, please continue. I'd like to know other ways of how to secure Remote Events and Functions. Those that you've described are some interesting concepts.
Report Abuse
vivivio is online. vivivio
Joined: 23 Jan 2012
Total Posts: 707
09 Jul 2017 10:10 PM
non-readable tables using metatables and proxies
Report Abuse
vivivio is online. vivivio
Joined: 23 Jan 2012
Total Posts: 707
09 Jul 2017 10:15 PM
like

local wordpass = {'abc'}

function hidetable(thing)
return setmetatable({},{__index = function(_,val)
if val == 'the passyword' then
return thing
else return 1337
end
end}

wordpass = nil
Report Abuse
framed is online. framed
Joined: 10 Oct 2008
Total Posts: 147
09 Jul 2017 10:15 PM
Creating dummy Events and Functions
(will protect you from some attempts, not really the best way but hey might as well use it),

renaming the events and functions (either manually daily or weekly OR using a script to rename them to a random string)


Report Abuse
framed is online. framed
Joined: 10 Oct 2008
Total Posts: 147
09 Jul 2017 10:18 PM
Another good way is to have the server check the conditions of the player when the event was fired.


Report Abuse
vivivio is online. vivivio
Joined: 23 Jan 2012
Total Posts: 707
09 Jul 2017 10:21 PM
--fixed

local wordpass = {'abc'}

function hidetable(thing)
return setmetatable({},{__index = function(_,val)
if val == 'the passyword' then
return thing
else return 1337
end
end}

wordpass = hidetable(wordpass)

Report Abuse
ScripterTutorials is not online. ScripterTutorials
Joined: 01 Sep 2013
Total Posts: 284
09 Jul 2017 10:21 PM
I already check information as it has become a habit for me to do.
I'm gonna try to implement these ideas that you have gave me, thank you for your help.


-- roblox chat syst##
Report Abuse
framed is online. framed
Joined: 10 Oct 2008
Total Posts: 147
09 Jul 2017 10:23 PM
@ScripterTutorials No problem, i'm glad I could help.


Report Abuse
FumeiSencho is not online. FumeiSencho
Joined: 07 Apr 2013
Total Posts: 452
09 Jul 2017 10:42 PM
One warning about using ########## it doesn't necessarily matter at all because people can still figure out your RemoteEvents using an argument finder. An argument finder lets an exploiter read anything and everything you send to remote events. The safe way to call a remote event that avoids being detected by an argument finder: fireserver = Instance.new("RemoteEvent").FireServer; fireserver(remoteEvent, arguments) This avoids detection because you are not directly indexing the instance anymore when you call fireserver (argument finders take advantage of the __namecall metamethod).
Report Abuse
FumeiSencho is not online. FumeiSencho
Joined: 07 Apr 2013
Total Posts: 452
09 Jul 2017 10:43 PM
roblox ruined my post ^^

One warning about using passcodes, it doesn't necessarily help at all because people can still figure out your RemoteEvents using an argument finder. An argument finder lets an exploiter read anything and everything you send to remote events. The safe way to call a remote event that avoids being detected by an argument finder:

fireserver = Instance.new("RemoteEvent").FireServer;
fireserver(remoteEvent, arguments)

This avoids detection because you are not directly indexing the instance anymore when you call fireserver (argument finders take advantage of the __namecall metamethod).


Report Abuse
ChaoticRequiem is not online. ChaoticRequiem
Joined: 09 Dec 2011
Total Posts: 678
09 Jul 2017 10:52 PM
the whole ######## idea doesn't work, although since most exploiters would be too dumb to know how to modify their script to find the amount of spaces/length in/of a string you could do something like this 'a m q d z'
Report Abuse
Cuyler is not online. Cuyler
Joined: 27 Feb 2006
Total Posts: 3784
09 Jul 2017 10:57 PM
The most secure way to prevent the client from changing them is don't give them access to. If it can be done without client input, then don't add it. If you still need to secure your Remote objects, sending the data along with a randomized encrypted key would be the best way. You could do it by manipulating the current tick in a specific way as an example. Just remember, anyone can figure it out with enough effort if it's on the client.


Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image