SHProtect
Anti-cheat, script protection, and secure product loader for the Sorrel Hub ecosystem. One system, full coverage.
What SHProtect does
Three pillars of protection under one system.
Anti-Cheat
Server-side detection and client watchdog for Roblox games. Catches exploits, speed hacks, teleports, and injection before they take effect.
Script Protection
Protects Luau scripts from deobfuscation, dumping, and reverse engineering. Keeps your code safe on the client side.
Product Loader
Secure loader for Sorrel Hub products: SRX injector, WinWare, LoveyWare, TargetWare, and more. Auth, HWID binding, key validation.
Under the hood
What runs behind every protected game and loaded product.
Server-Side Validation
Zero client trust. Every action validated on the server before it takes effect. No single point of bypass.
Script Obfuscation
Multi-layer obfuscation pipeline for Luau. Protects game scripts and product payloads from decompilation.
Exploit Detection
Detects known executor patterns, hookchain modifications, environment tampering, and unauthorized module loading.
Secure Loader Auth
HWID-bound key system, encrypted payloads, session tokens, and anti-replay for all loaded products.
Layered Defense
Client watchdog, server checks, and loader validation work together. Bypassing one layer doesn't bypass the rest.
Auto-Ban Pipeline
Configurable severity thresholds. Warnings, kicks, temp bans, permanent bans. Game devs control the escalation.
Products on SHProtect
Loaded and authenticated through the SHProtect pipeline.
Zero trust architecture
SHProtect assumes the client is compromised. Anti-cheat checks run server-side. Script protection wraps payloads before they reach the client. The loader authenticates every session before delivering anything.
Even if the client watchdog is fully bypassed, server-side validation still catches invalid state. Even if a script is dumped, obfuscation layers make reconstruction impractical. Each layer operates independently.
Product payloads are never exposed through static endpoints. Every load request is authenticated with HWID binding, key validation, and session tokens. Replay attacks are blocked by design.
Integration
For game developers: drop the anti-cheat module into ServerScriptService. For product users: the loader handles everything automatically.
ServerScriptService / AntiCheat
local SHProtect = require(script.SHProtect)
SHProtect.init({
strictMode = true,
autoBan = true,
logLevel = "warn",
})