ROBLOX-Reverse-Engineering/RRE-Site
ROBLOX-Reverse-Engineering
/
RRE-Site
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Projects Releases Wiki Activity
RRE-Site/docs/Client Security/Signatures.md

1.6 KiB
Raw Blame History

What are signatures?

Introduction

Signatures are another means of security ROBLOX uses to prevent any unauthorized tampering with external requests from ROBLOX Servers.

Traditionally, signatures are, as the name suggests, a method to determine the actual author/sender of an article.

In today's world, digitial signatures are analogous (to traditional signatures) — They utilize mathematical algorithms to validate the authenticity of such data.1

This abstract graph demonstrates the signing process:2

flowchart LR
    id1[(Data)]-->id2[Sign]---id3>Private Key]
    id2-->id7[(Signed Data)]-->id5
    id6>Public Key]---id5[Verify]-->id4[(Data)]

Client Signatures

ROBLOX uses (and used) signatures for a multitude of things including but not limited to:

  • [JoinScripts](/Client Security/JoinScripts)
  • Online CoreScripts (2010-2014)[Citation needed]

Specification

ROBLOX uses the RSA algorithm (1024-bits) with X509 and PKCS7 encoding.

Signature wrappers have differed between the years but here are the primary forms:

  • %DATA% (2010-2013)
  • --rbxsig%DATA% (2013-2020)
  • --rbxsig2%DATA% (Since 2018)
  • --rbxsig4%DATA% (Since 2020)

(DATA refers to the actual signature)

See Also:

- [Generating a public/private key](/Extras/KeyGeneration) - [JoinScripts](/Client Security/JoinScripts)

  1. More Information: https://www.cisa.gov/uscert/ncas/tips/ST04-018 ↩︎

  2. The server is the signer, the client is the verifier ↩︎