I have been working on a collaboration project with @Jibberjay to improve Vault. Using one of Owokoyo's methods we were able to make a new, improved security library that can block both Game Lab and App Lab, called Radon.

Install Radon on a new game or app with the library ID: mILMRqN5JUzprsVSeETMmG-flKCQrwD1xnNqpBp5oE4

New Features

  • Full support for blocking the debug console in Game Lab and App Lab. Using a project in any way other than presentation mode will cause it to crash.
  • Improved remix protection now allows you to disable startWebRequest() in App Lab. There's also a new option for crashing remixes.
  • New views counter (this was Jibberjay's idea) evades the "this project stores data" warning, so you can track views on a project secretly.
  • Game Lab projects automatically have data browser protection added. App Lab doesn't support it yet due to issues with the built-in browser.

    everybody making these elaborate security systems just for me to download your app and edit your code directly on my computer 😭

    gZany in the to-do list it says to create a block against data-browser so im sure they're working on that

        Letti42 to my knowledge i have my own which fixes databrowsers issues along with allowing multiple connections to multiple tables through simple API requests, though that'll probably stay between the people i trust to use it

        not to mention that you can stop a gamelab or applab instance from running and rewrite modified code for it to execute in the following project, if your plan is to improve upon vault or add more features to such a project then go right ahead but know that your project will always be vulnerable with enough knowledge you can make what i did

          lol i had an idea
          what if u just mak a bajillion useless keyvalues
          var chars = 'abcdefghijklmnopqrstuvwxyz1234567890QWERTYUIOPASDFGHJKLZXCVBNM';
          var c = '';
          var r = '';
          for(var i = 0; i < random(6,6); i++){
          c+=chars[floor(random(0,chars.length-1))];
          }
          for(var j = 0; j < random(5,5); j++){
          for(var i = 0; i < random(5,5); i++){
          r+=chars[floor(random(0,chars.length-1))];
          }
          r+=r+' ';
          }
          if(random(0,1)>0.5){
          setKeyValue(r,random(0,1000000000));
          }else{
          setKeyValue(r,r+c);
          }
          ugliest code i have ever written but i threw it together in about 10 minutes
          run this in ur draw function for about a minute and the data browser users will never be annoyed

          Awards

          • Ⓒ 1 from Varrience
            Comment: when clear all exists

          gZany So in every project there are three main vulnerabilities: the debug console, the data browser, and the inspect console. The debug console is how most hackers on CDO do their thing. By using the built-in debugging tools in Game Lab, or manipulating the URL, you can change variables and even edit the source code locally (which makes the if (window.getURLPath()[3] == "view") code basically useless). Vault and Xenon both are designed to block this kind of hacking.

          The data browser can be blocked easily, but (as far as I know) not through code. So at the moment, Xenon is vulnerable to data browser attacks. As @Letti42 pointed out I am working to try to fix this, but I'm not sure if it's possible.

          Then there's the inspect console, which is a debugging tool built into your web browser. It has supreme power and is basically unstoppable.

              Binary_Coder it's not possible to block data browser with code.org because trying to set hte column makes it named column1 because of the way proto works

                  because proto doesnt count as a string but its an object property which disapears when set

                  redacted Interesting, that's what kept happening when I tried to make a new table. Thanks for confirming that.

                    Binary_Coder New views counter (this was Jibberjay's idea) evades the "this project stores data" warning, so you can track views on a project secretly.

                    Actually, very useful! Whenever the warning pops up it's not even a warning. Code.org might as well change the warning to say 'Please hack all of this project's data using this URL: data-browser.vercel.app'

                        gZany Exactly! The warning is just begging for hackers to come by and wipe your data, so a hidden views counter can be very useful. It also only logs the number of views to the console if you’re in the editor, so no one else can see it besides you.

                        MonsterYT_DaGamer It’s a neat trick Owokoyo came up with. The warning shows up only if it detects setKeyValue() in your code, so if you write the function name as a string and break it up as ”setKey” + “Value”, you can trick the program into thinking that setKeyValue() is never called. @Jibberjay realized this would be very handy for an “invisible” views counter and wrote most of the code for it. If this is something people are interested in, I could add functions to Xenon to get and set hidden key values.

                              Binary_Coder actually i had already implemented this in an older library i have to, thing is CDO uses regex on the project to figure out if setKeyValue or getKeyValue exists, by simply referencing the instance window with the array property manager you can reference any function without having to use the full property value thus allowing the bypass to work

                                Ok so I got some important news about the security library
                                The name has officially been change to Radon
                                Don't bother asking why

                                  8 days later

                                  Radon is finished! Here's the library ID: mILMRqN5JUzprsVSeETMmG-flKCQrwD1xnNqpBp5oE4. The library has been updated again to fix some minor issues and add data browser protection in Game Lab.

                                  Radon.remix("id"); - Add in the channel id of your project, and anyone running a remix will be notified and given the original link.
                                  Radon.remix("id", true, false); - All functions for using cloud data will be disabled on remixes.
                                  Radon.remix("id", true, true); - All remixes will crash instantly.
                                  Radon.log(); - Tracks the views on a project without launching a "this projects stores data" warning.
                                  Radon.log(42) - If the counter is hacked, it can be reset to remember the last number of views.

                                  Chat