Cheaters can dump my server

odiocsi · August 22, 2020, 7:14pm

Hey guys! I wonder if there is any way to block injectors from server dumping?
Can someone assist with this?

d0p3t · August 22, 2020, 9:19pm

Use resource globbing so that none of the dumpers know what your files are called and where they are.

odiocsi · August 23, 2020, 12:22pm

So if i put *.lua that after my files they can’t dump it?
Sry for beign dumb it’s just new for me.

d0p3t · August 25, 2020, 9:04pm

Not “after your files”.

Lets say you have a resource called ResourceA. in that resource you have a folder called client and server. In client you have all your client script files and in server, all server script files. These files are sake of simplicity all written in Lua.

Now in your fxmanifest.lua (or __resource.lua if you have migrated yet), for client_scripts and server_scripts you just need to put

client_scripts {
    'client/*.lua'
}

server_scripts {
    'server/*.lua'
}

Now if someone using the NUI devtools or some other stupid way (like “dumpers”), when they read the manifest file, they would have to guess what the script files are called. Quite impossible if you name it something unique

Of course you can do more tricks with it, but that’s the simplest version

Puntherline · August 30, 2020, 1:00pm

Would it help renaming the “client” and “server” folders or is that more or less useless? As an example, the folder structure:

ResourceFolder/
├── fxmanifest.lua
├── ElkQlJ9REJ/ (Client folder)
│   ├── JHJ2yReUbA.lua
│   └── im2JQwhSMk.lua
└── cJbaXhuIp1/ (Server folder)
    ├── lZjnZmMaO4.lua
    └── wBfS0OmjBn.lua

fxmanifest.lua:

client_scripts {
    "ElkQlJ9REJ/*.lua"
}

server_scripts {
    "cJbaXhuIp1/*.lua"
}

d0p3t · August 30, 2020, 7:19pm

No, there’s literally no difference between client and ElkQlJ9REJ in terms of being identifiable. You can go even further with globbing the folder itself

client -> myfolder -> myfile.lua and then:

client_scripts {
    "client/**/*.lua"
}

RobijnFox · January 4, 2021, 6:31pm

I haven’t tried it yet, but isn’t this going to fuck up things if you need to load your main file first?
Like you would normally do this, because (as example) in ‘extrathings.lua’ its gets locals or functions from ‘main.lua’:

client_scripts {
    "client/main.lua",
    "client/extrathings.lua"
}

Korioz · January 5, 2021, 3:58am

It is, if you want an alternate solution who help in case of automated dumper you can simply do like

client_scripts {
    "client/main.l*a",
    "client/extrathings.l*a"
}

RobijnFox · January 6, 2021, 11:43am

Is there an way to do it manually, and if so, is there an way to avoid this too?

Scully7402 · January 6, 2021, 12:44pm

That never worked, at least not for the commonly used cheats. 3 reliable methods would be to store as much as you can on the server, obfuscation or load the client side from the server.