Introducing Asset Escrow for your resources

Over the past few years, we’ve seen resource authors go to great lengths to use obfuscation, IP locking, remote code loading and other methods in an attempt to protect source code. Unfortunately these methods each come with a plethora of issues that many are all too familiar with. Not only do most of these tools significantly slow down the performance of your code, they also impose a wide variety of security concerns. As a result, we do not condone such content on our platform as outlined in our releases rules.

We are great advocates of open source, and encourage the community to share their research and resources so that everyone can collaborate and build off each other. A community functions best when working together. At the same time we understand that some resource developers would like to keep their code and their assets under their control. If you are one of those people, this is for you.

The Asset Escrow system, developed in partnership with Tebex, provides a reasonable alternative to obfuscation and IP locking. By ensuring purchase ownership, your content will, and can only run on the servers of your customers, nowhere else. On top of that, your resources will be encrypted to prevent your work from being leaked.

What is currently supported?

In this initial version we focused on support for Lua 5.4, YFT and YDR files. If you use Lua scripts, make sure to enable lua54 'yes' in your fxmanifest.lua. Support for the JavaScript and C# runtimes, and other file types is coming very soon!

Note that you need server version 5181 or above to run resources using this feature.

How does it work?

On your keymaster dashboard, you will notice a new tab named ‘Upload assets’. From there, select the ‘Create New Asset’ button and upload your zipped resource. Once uploaded, your resource will be processed to be encrypted. You can also download your resource from here for your own use.

After you have uploaded your resource, navigate to your Tebex dashboard and create a new package. You’ll find that you can now link your FiveM Asset to Tebex instead of external downloads:


Once someone purchases your content, they will automatically receive an email with a download link. They can also download their package later from their own keymaster dashboard.

image

FAQ

Can I use this even when I’m not selling my content?

By default, your content is enabled to work on your own server, and will benefit from the full protection.

Is it possible to use this functionality with another store than Tebex?

No. Tebex is our exclusive monetization partner, and this feature has been designed to work with their platform.

Am I allowed to obfuscate code or roll my own licensing system?

No. Obfuscating or remotely loading/checking code was already not permitted per our releases rules. Thanks to the asset escrow & encryption system, you won’t have to worry about obfuscation or licensing anymore; we got you covered.

Will subscription based packages work with this?

Subscription based packages work as intended: once a subscription expired, access will be revoked.

How do I update a resource?

You can publish updates to your resource by selecting the reupload function on existing assets.

What happens if an unauthorized server tries to run my content?

The resource will simply not start, and show a ‘You lack the required entitlement’ error in the server console. The owner must purchase your content to be eligible to run your resource.

I bought the content for someone else. Can I transfer my purchase to another account?

You can transfer ownership of assets once by navigating to ‘Purchased assets’ on keymaster. From there you can select the ‘Transfer to another account’ option and enter the account name of the person you want to transfer the content to.

Is NUI supported in this system?

At this moment NUI is not supported. You should treat NUI as any web browser; websites that you visit also don’t protect their frontend code (nor do they typically try to). Treat your code as such as well.

How can I select which files should be protected by the escrow system?

It’s possible you want to leave a few files fully accessible, such as configuration. You can tell the escrow system to ignore certain files by using the escrow_ignore directive in your fxmanifest.lua like so:

escrow_ignore {
  'script/code.lua',  -- Only ignore one file
  'stream/tuner.ydr', -- Works for any file, stream or code
  'stream/*.yft',     -- Ignore all .yft files in that folder
  'stream/**/*.yft'   -- Ignore all .yft files in any subfolder
}

Migrating your existing content

External downloads are now considered legacy by Tebex. Remove the external download link from your Tebex package and add your new FiveM Asset instead

Common Errors

Error parsing script / Failed to load script

Your server artifacts are likely outdated. Update your server to version 5181 or above.

You lack the required entitlement to use <resource>

Try restarting your server and make sure your server license key is correct. If you bought the resource on the wrong account, you can transfer it to another account on keymaster.

Failed to verify protected resource

Files were possibly corrupted during transfer. Ensure hidden files are copied; the .fxap file in a protected resource must be included. Some FTP programs skip these files.

194 Likes

Great work! This should hopefully bring an end to the leaking community :smiley:

32 Likes

What an amazing milestone, well done guys! :fire: :clinking_glasses: The system works great and we are honored that we received the opportunity to test it prior to release. This new system will most certainly improve the awareness, as well as protect content creators.

You may all be very proud! Keep up the good work :ok_hand:t3::partying_face:

16 Likes

I was waiting for this for so long

Thank you !

I appreciate your work

5 Likes

The fight against leakers starts now! :heart:

21 Likes

Awesome!

4 Likes

I keep reading ‘encryption’, but no technical details. How is this achieved?
Is it asymmetrical or symmetrical? What is the passphrase? Where is it stored, how is it processed and passed on to “buyers”?
Which entity controls decryption?
Is it a “roll your own crypto” kind of deal, or does it use tried and tested standards?

These details are rather important to give people the trust needed to upload their hard work.

14 Likes

The announce of the year.
Real creator thanks you !!!

YEEEES!!! F**k you leakers.

8 Likes

Loved testing this and seeing it grow. What an amazing accomplishment.

3 Likes

I see this as an absolute win :partying_face:

2 Likes

Amazing!

1 Like

Guess this means I need to create more resources :smile:

This is a great addition, thank you for working on this!

7 Likes

Waiting for this for a long time, lets go! <3

6 Likes

Good system in theory, but seems to looks like it will be bypassed easily.

6 Likes

good in theory and good in practice

4 Likes

Finally, been waiting for something like this.

1 Like

Will there ever be a way to encrypt models?

2 Likes

I’m speaking .ydd

4 Likes

Thank you for the hardwork cfx team.

3 Likes