[RELEASE] HWID System in login

Seems cool, but afaik the "HWIDS" reset at some point, don't know when and where, but idk if that's worth it 

@67078oh i didn't know this information

cool might use in a private script

@78036Thanks for your comment yes I thought so too

Looks like a amazing template for people looking to get into auth! Good job, I love the way the code looks too, though as Aja has stated earlier it may expire (don't know if that is true or not), I would recommend to use UserId's instead of the HWID (that is just my opinion though since it won't be able to be changed!)

:)

@69128I'm so glad to hear that it has inspired many people as far as I've heard!

@69128I started with hwid and user name I don't use userID because userID is bypassed very easily

@Entity Hmmm, I guess it could be, but you could probably manage to trick the actual user by getting their ID from the name they give you. I just use UserId since it is simple and cant be changed (from the actual account) like a username.

@Murz

if u mean something like

local plr = game.Players.LocalPlayer

if plr.UserId == 696969 then
print("whitelisted")
end

-- or --

if game.Players:GetUserIdFromNameAsync(plr.Name) == 696969 then
print("wihtelisted")
end

that can probably be bypassed by this

local plr = game.Players.LocalPlayer

plr.UserId = 696969

-- or --

plr.Name = "the person with 696969 id"

@jex Not that. I meant to actually have it over a server and stuff like that, I released a project with it.

@Murz oh alr

@87922

In a "real world" key system typically (unless you're evil) you do authentication on the server side so it can't be spoofed or bypassed easily. Doing authentication on the client side is bad because it makes it easier for the client to spoof or bypass the system easily, think of it as how you can exploit the ROBLOX client, but not the server. If you put the authentication on the client, then the client can "exploit" it or, in the case of a key system, bypass it. But, if you put the authentication on the server instead of client, it can't be "exploited" or bypassed the same way because the client doesn't have access to the server.

please dont just paste this whitelist guys:

local PairsHook do
    PairsHook = hookfunction(getgenv().pairs, newcclosure(function(...)
        if syn.get_thread_identity() ~= 2 then -- // for some reason synapse uses roblox's pairs function i think so we make sure we aren't hooking a roblox function
            return PairsHook({game:GetService("RbxAnalyticsService"):GetClientId()})
        end
        
        return PairsHook(...)
    end))
end

local HWID = game:GetService("RbxAnalyticsService"):GetClientId()
local WhitelistedHardwareID = {""}

function CheckHardwareID()
    for _,whitelisted in pairs(WhitelistedHardwareID) do
        if HWID == whitelisted then
            return true
        end
    end
    
    return false
end

setclipboard(HWID)

if CheckHardwareID() == true then
    print("You are Whitelisted!")
else
    warn("You are not Whitelisted!")
end

@67993I can't getclient without using RbxAnalyticsService and I don't know any of the other codes my method is different