Skip to content

IvanTheProtogen/xasemote

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
src
src
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
XASEMOTE.rbxmx
XASEMOTE.rbxmx
 
 

Repository files navigation

XASEMOTE

XASEMOTE is a simplicity-first security module for encrypting and compressing data passed between the client and the server.

It is designed to protect against RemoteSpy attacks, by using cryptographic functions that are mathematically impossible to break.

Thanks to @daily3014 for their cryptography module.

Warning

  • Spamming the xsm.send function can lead to the client being kicked out, so please use XASEMOTE synchronously.
  • While XASEMOTE may secure the data, it is still very important to implement server-side validation.

If you want to use XASEMOTE on events, instead of using this code:

local con = Event:Connect(function(...)
	xsm.send(...)
end)
con:Disconnect()

You should use this:

local con = task.spawn(function()
	while true do
		local args = {Event:Wait()}
		xsm.send(unpack(args))
	end
end)
task.cancel(con) -- Disconnect like this

Features

  • ChaCha20 encryption
  • Poly1305 authentication
  • MaskedX25519 key exchange
  • Ed25519 signing and verification
  • BLAKE3 key derivation
  • getfenv attack protection
  • 25 requests/sec rate limiting
  • 120-second timeout

Installation

  1. Download XASEMOTE.rbxmx from the repository code.
  2. In Roblox Studio, right-click ReplicatedFirst in the Explorer tab and select "Insert from file".
  3. Select XASEMOTE.rbxmx.

Example usage

-- SERVER

local xsm = require(game:GetService("ReplicatedFirst"):WaitForChild("XASEMOTE"))("example_topic")

function xsm.handler(player,a,b)
	return a + b
end

xsm.oninit:Connect(function(player)
	print(xsm.send(player,10,5) == 5)
end)
-- CLIENT

local xsm = require(game:GetService("ReplicatedFirst"):WaitForChild("XASEMOTE"))("example_topic")

function xsm.handler(a,b)
	return a - b
end

print(xsm.send(10,5) == 15)

API reference (Server)

xsm.send(player: Player, ...): ... (Method)

Sends data (...) to the client (player: Player) and waits for the response.

Warning

A malicious client can cut off the handler to keep the server at infinite yield. It's important to check how long the wait for response could last for.

xsm.handler(player: Player, ...): ... (Callback)

Sets up a request handler to respond to the requests. Can only be set, not retrieved.

xsm.oninit(player: Player) (Event)

The RBXScriptEvent that fires when the client (player: Player) is ready to handle the server's requests.

API reference (Client)

xsm.send(...): ... (Method)

Sends data (...) to the server and waits for the response.

xsm.handler(...): ... (Callback)

Sets up a request handler to respond to the requests. Can only be set, not retrieved.

About

Simplicity-first security module for Roblox, to protect against RemoteSpy attacks.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages