Any way to secure files from Lua Extractors?

Shiroyo · October 14, 2019, 9:14pm

Hello. Is there any way to prevent hackers from hijacking client side files by using lua extractor softwares? I hope putting some code to secure the script, so the less clever people won’t make any use for that is not the only way?

TheIndra · October 14, 2019, 9:18pm

You can never be 100% sure that people won’t get your files as it will still always be send to the client, do you just want people to not steal your scripts or something else?

Shiroyo · October 14, 2019, 9:36pm

Yeah, I just want to avoid code stealing.

Julien_Johnson · October 14, 2019, 9:36pm

@Shiroyo it’s true I have a guy who admitted to me poking scripts with this link, it becomes annoying!
I’m also looking for a way …

Elio · October 14, 2019, 9:36pm

The only way you can prevent hackers to take benefit of the client scripts is by adding securities to your server events.

EDIT : just saw the code stealing thing so I’m a bit off-topic.

Shiroyo · October 14, 2019, 9:39pm

I know how to block money cheats etc. if this is what you are talking about.

Rubylium · October 14, 2019, 9:46pm

Obfuscating your code can be a solution, but not perfect anyway.
There is ( At least as I know) no way to prevent people from getting your client side files.

ChieF-TroN · October 15, 2019, 12:41am

There is no way of 100% securing it and FiveM prohibits that you encrypt your resources so you will have to just deal with it unfortunately.

ChristopherM · October 15, 2019, 12:54am

Best you can do, to my knowledge, is just handle as much as you can on the server script/s; take advantage of being able to register command on the server script, etc. that way if the client script/s are taken, it would be too difficult to reconstruct the server script.

ChieF-TroN · October 15, 2019, 1:14am

This is exactly what I’ve been doing lately, making as much stuff server side as possible and just send the data to the client as needed. And also have checks between client/server for data integrity, so people are not manipulating the code without being identified and banned.

vanadium · October 15, 2019, 6:39am

… what? You can ‘encrypt’ your resources just fine, hell there’s even support for custom encryption hooks for the stream/ directory and nothing is preventing you from writing any custom Lua/JS/C# obfuscation or using off-the-shelf ones that work within the constraints of the client scripting environments.

Also mind you that any ‘encryption’ can be ‘decrypted’ as well, and the definition of client scripts/stream assets is that they exist on the client and the client can control everything that’s on their end by definition of ‘client’.

pa3ck · December 14, 2019, 12:51am

Hey, can you please elaborate on “custom encryption hooks” or can you please point me to the right documentation on that? Thanks.