|
| 09 Jul 2017 09:50 PM |
I have a lot of information accessible to the server only, such as weapons, points, etc. Because of this, I have to use RemoteFunctions/Events for the client to be able to read/change this information for exploiters to have a harder time. But then I noticed they could just invoke/fire these and give themselves items this way. Is there a way to secure them?
-- roblox chat syst## |
|
|
| Report Abuse |
|
|
|
| 09 Jul 2017 09:52 PM |
| ################ could generate a random key every time on the sender side and make sure the key is the same on the reciever side |
|
|
| Report Abuse |
|
|
|
| 09 Jul 2017 09:54 PM |
The key would have to be accessible to both clients and the server, so exploiters could easily just read the key.
-- roblox chat syst## |
|
|
| Report Abuse |
|
|
| |
|
|
| 09 Jul 2017 09:55 PM |
| hmmm, generate random decrypted code and have the decryption done on the other side so the player doesn't find out how to decrypt the code? |
|
|
| Report Abuse |
|
|
|
| 09 Jul 2017 09:57 PM |
I'll think about it.
-- roblox chat syst## |
|
|
| Report Abuse |
|
|
framed
|
  |
| Joined: 10 Oct 2008 |
| Total Posts: 147 |
|
|
| 09 Jul 2017 10:00 PM |
| Most basic way is expecting a ######## Param server side |
|
|
| Report Abuse |
|
|
framed
|
  |
| Joined: 10 Oct 2008 |
| Total Posts: 147 |
|
| |
|
|
| 09 Jul 2017 10:03 PM |
Thank you.
-- roblox chat syst## |
|
|
| Report Abuse |
|
|
framed
|
  |
| Joined: 10 Oct 2008 |
| Total Posts: 147 |
|
|
| 09 Jul 2017 10:07 PM |
| You can get quite creative with that one basic method of protection, you can generate a new ######## for every server, or even every player and you can also encrypt it. The possibilities are essentially endless, you can also time the intervals of how often a Function or event is being firing and kick them or ban them if its at unhuman speeds or speeds higher than you were expecting. Ok im going to stop 'cause Im just gonna start rambling at some point. |
|
|
| Report Abuse |
|
|
framed
|
  |
| Joined: 10 Oct 2008 |
| Total Posts: 147 |
|
| |
|
BaiYuni
|
  |
| Joined: 09 Oct 2009 |
| Total Posts: 2861 |
|
|
| 09 Jul 2017 10:10 PM |
| No, please continue. I'd like to know other ways of how to secure Remote Events and Functions. Those that you've described are some interesting concepts. |
|
|
| Report Abuse |
|
|
vivivio
|
  |
| Joined: 23 Jan 2012 |
| Total Posts: 707 |
|
|
| 09 Jul 2017 10:10 PM |
| non-readable tables using metatables and proxies |
|
|
| Report Abuse |
|
|
vivivio
|
  |
| Joined: 23 Jan 2012 |
| Total Posts: 707 |
|
|
| 09 Jul 2017 10:15 PM |
like
local wordpass = {'abc'}
function hidetable(thing) return setmetatable({},{__index = function(_,val) if val == 'the passyword' then return thing else return 1337 end end}
wordpass = nil
|
|
|
| Report Abuse |
|
|
framed
|
  |
| Joined: 10 Oct 2008 |
| Total Posts: 147 |
|
|
| 09 Jul 2017 10:15 PM |
Creating dummy Events and Functions (will protect you from some attempts, not really the best way but hey might as well use it),
renaming the events and functions (either manually daily or weekly OR using a script to rename them to a random string)
|
|
|
| Report Abuse |
|
|
framed
|
  |
| Joined: 10 Oct 2008 |
| Total Posts: 147 |
|
|
| 09 Jul 2017 10:18 PM |
Another good way is to have the server check the conditions of the player when the event was fired.
|
|
|
| Report Abuse |
|
|
vivivio
|
  |
| Joined: 23 Jan 2012 |
| Total Posts: 707 |
|
|
| 09 Jul 2017 10:21 PM |
--fixed
local wordpass = {'abc'}
function hidetable(thing) return setmetatable({},{__index = function(_,val) if val == 'the passyword' then return thing else return 1337 end end}
wordpass = hidetable(wordpass)
|
|
|
| Report Abuse |
|
|
|
| 09 Jul 2017 10:21 PM |
I already check information as it has become a habit for me to do. I'm gonna try to implement these ideas that you have gave me, thank you for your help.
-- roblox chat syst## |
|
|
| Report Abuse |
|
|
framed
|
  |
| Joined: 10 Oct 2008 |
| Total Posts: 147 |
|
|
| 09 Jul 2017 10:23 PM |
@ScripterTutorials No problem, i'm glad I could help.
|
|
|
| Report Abuse |
|
|
|
| 09 Jul 2017 10:42 PM |
| One warning about using ########## it doesn't necessarily matter at all because people can still figure out your RemoteEvents using an argument finder. An argument finder lets an exploiter read anything and everything you send to remote events. The safe way to call a remote event that avoids being detected by an argument finder: fireserver = Instance.new("RemoteEvent").FireServer; fireserver(remoteEvent, arguments) This avoids detection because you are not directly indexing the instance anymore when you call fireserver (argument finders take advantage of the __namecall metamethod). |
|
|
| Report Abuse |
|
|
|
| 09 Jul 2017 10:43 PM |
roblox ruined my post ^^
One warning about using passcodes, it doesn't necessarily help at all because people can still figure out your RemoteEvents using an argument finder. An argument finder lets an exploiter read anything and everything you send to remote events. The safe way to call a remote event that avoids being detected by an argument finder:
fireserver = Instance.new("RemoteEvent").FireServer; fireserver(remoteEvent, arguments)
This avoids detection because you are not directly indexing the instance anymore when you call fireserver (argument finders take advantage of the __namecall metamethod).
|
|
|
| Report Abuse |
|
|
|
| 09 Jul 2017 10:52 PM |
| the whole ######## idea doesn't work, although since most exploiters would be too dumb to know how to modify their script to find the amount of spaces/length in/of a string you could do something like this 'a m q d z' |
|
|
| Report Abuse |
|
|
Cuyler
|
  |
| Joined: 27 Feb 2006 |
| Total Posts: 3784 |
|
|
| 09 Jul 2017 10:57 PM |
The most secure way to prevent the client from changing them is don't give them access to. If it can be done without client input, then don't add it. If you still need to secure your Remote objects, sending the data along with a randomized encrypted key would be the best way. You could do it by manipulating the current tick in a specific way as an example. Just remember, anyone can figure it out with enough effort if it's on the client.
|
|
|
| Report Abuse |
|
|