# Luarmor User Manual & F.A.Q {% hint style="success" %} You can also use this documentation below, maintained by Stefanuk. :arrow\_down\_small: :point\_up: {% endhint %} ## ✅Quickstart Guide✅ If you just started using Luarmor, you should read this quick start guide. It will take you only 10 minutes to understand how Luarmor works. ### 1️⃣ Create an account: * In order to use Luarmor, you need to create an account. And for that, you need an "invite code". Invite codes can be purchased here --> [**https://luarmor.net#prices** ](https://luarmor.net/#prices) * Alternatively, you can use an invite code to extend your membership for +30 extra days here --> [**https://luarmor.net/profile**](https://luarmor.net/profile)

Step 1 - Sign Up at https://luarmor.net/signup

Step 2 - Receive your login credential ('API Key')

Step 3 - Log in and access the dashboard at https://luarmor.net/login

### 2️⃣ Upload your script: {% hint style="info" %} Luarmor has a feature called **project folders.** They can contain multiple scripts, allowing you to have a **script hub** with multiple games in it. {% endhint %}

Step 4 - Create a project at https://luarmor.net/projects

Step 6 - Upload your script to the project

Step 7 - Enter script details. Detailed descriptions can be found below

Step 8 - Download the loader file. Keep in mind that loader does not change, so you don't have to re-download it every time you update your script.

### 3️⃣ Whitelist users: **If you are migrating** from another whitelist service, or your own, you can easily import your users with 2 clicks. Skip to [**this part**](#mass-whitelist-import-users) for mass whitelisting details. {% hint style="info" %} There are **2 ways** to whitelist someone: * Generate an empty key at [**https://luarmor.net/users**](https://luarmor.net/users) and give it to user. Alternatively, you can mass-generate keys and put them to your sellix / shoppy as "**serials"** for automated purchases.

![Sellix / Shoppy integration](https://3136584356-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwOpQH2LpMjsOwgeFM5gE%2Fuploads%2Fen0BQfj4Tsvn9wNRoKqB%2Fchrome_l0Mon3N9Xa.gif?alt=media\&token=2d0ad816-92e0-4c38-9326-f3c1cf07f8a0) * Or run `/whitelist` command via discord bot and user will be able to click on "get script" button on control panel ![](https://3136584356-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwOpQH2LpMjsOwgeFM5gE%2Fuploads%2FrfybAm8PmZ6bGkYWlO6F%2Fimage.png?alt=media\&token=43a7ec5d-b0a0-487f-8bd4-9a7e0ae0ed91)![](https://3136584356-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwOpQH2LpMjsOwgeFM5gE%2Fuploads%2Fl84R12IWP5xl36ajc6xH%2Fimage.png?alt=media\&token=51f31d14-ad61-4625-b5f8-6f8e9a863001) ( Bot invite will be DM'ed upon purchasing a Luarmor invite code. Join our discord server to buy an invite code: [**https://discord.gg/luarmor**](https://discord.gg/luarmor) ) {% endhint %} Once the user is whitelisted, they can execute the script by adding **`script_key = "KEY HERE";`** on top of the script. Note that keys are **linked to user's HWID** and sharing the key with someone else won't work because they will have a different HWID.

You will get this notification to your webhook.

script_key must be added on top of the script (except for FFA mode)

### 4️⃣ Reset HWID: In some cases, user's HWID might change on its own, when that happens, they must run **`/resethwid`** via discord bot and re-execute the script. It will automatically assign the new HWID upon execution.

You can reset HWID like this. Users can reset their own HWIDs as well if you have the setting enabled.

If you think someone might be sharing their key and using **`/resethwid`** for others, simply compare action fingerprint in the resethwid notification

Reset HWID notification action fingerprints. If they're *mostly* similar, it's legit. If they're fully different, there's a high chance that user is sharing his key to someone else and /resethwid'ing on their behalf.

## ⚡Runtime Variables⚡ Luarmor has runtime variables that allows you to access to user details such as discord id, total executions, script name, premium, user note etc.. They can be used for a lot of things. Check out this example:

A script that utilizes runtime assigned variables.

{% hint style="success" %} You can see a full list of runtime variables here: * **`LRM_IsUserPremium`** : if user is whitelisted or not. useful for FFA scripts, ('freemium') * **`LRM_LinkedDiscordID`** : linked discord id * **`LRM_ScriptName`** : name of the current script. * **`LRM_TotalExecutions`** : total executions of the user. it will be 0 by default. * **`LRM_SecondsLeft`** : seconds left until expiry. it will be math.huge if auth\_expire isn't set * **`LRM_UserNote`** : user note ('Not specified' by default) * **LRM\_ScriptVersion** : version of the script. Looks like "0.0.0.3" and is a string. {% endhint %} ## ⚙️ Discord Bot Configuration ⚙️ {% hint style="danger" %} This documentation shows the setup for OLD BOT!. New bot looks different than this. It doesn't require a documentation to use the new bot. {% endhint %} You can automate everything using this discord bot. Or you can write your own bot using our [API documentation.](https://docs.luarmor.net/docs/luarmor-api-documentation) If you're a Luarmor buyer, **discord bot invite will be sent to you via DM**. After inviting the bot, run **`/login`** command and link the server.

Step 2 - Set a manager role. People with manager role can run basic management commands like /whitelist, /force-resethwid

Step 3 - Select a project. Once you do this, all management commands will be
applied to this project.

Step 4 - Set a buyer role. This role will be automatically
assigned when a manager runs /whitelist [user]
or when a user runs /redeem [code] or /getrole

Step 5 - Set the script to DM to users when they run /script or a manager runs /whitelist

## 👑 Mass Whitelist - Import Users 👑 If you already have users with a specific role, you can easily mass whitelist every single one of them with one command.

{% hint style="warning" %} "Total failed" means their discord IDs are already registered, so in order to avoid duplicated entries, it will skip them. {% endhint %} **Alternatively**, you can import them as a JSON file.

Step 1 - Go to https://luarmor.net/users and click on gear icon

Step 2 - Upload your JSON file and confirm. That's it.

{% hint style="success" %} Once users are imported, all they need to do is to click on the "Get Script" button and the bot will respond to them with the script + key appended on top. {% endhint %} ## 📜 LRM\_INIT\_SCRIPT macro This macro can be used to run a function **before** the obfuscated code. It can be useful for displaying a "Enter a key" GUI or running AC bypasses, or anything that must be executed before authentication. {% hint style="danger" %} Function passed into this macro will **not** be obfuscated, and **people can view it** as if it is raw. So don't pass critical code here. {% endhint %} **Example usage:** {% code lineNumbers="true" %} ```lua LRM_INIT_SCRIPT(function() local UI_lib = loadstring(.....)() local Completed = false; local enteredKey; UI_lib:AddTab({ Title = "Enter a key", Type = "InputBox", OnClick = function(key) enteredKey = key; Completed = true; -- Let it go end }); UI_lib:Show() -- Pend / Block execution until key is entered. while not Completed do wait() end script_key = enteredKey end) ``` {% endcode %} To display an async key UI, execution must be blocked via a loop at the end of the INIT script otherwise it will continue running and kick the user with a "no key found". To run a "bypass" or any code that doesn't require async execution, just add your code directly, without having to block the execution. {% hint style="warning" %} **LIMITATIONS:** * You can't reference upvalues inside an INIT script, because it will get extracted out of the obfuscated code, and there will be no upvalues there. So assume that it is a completely separate context, and put every helper function / variable inside, which will be used by the init script. * There can be only **one** init script per script, you can't use this macro **more than once** in a single script. * Whatever function you pass, must be a constant. Do not pass a variable e.g LRM\_INIT\_SCRIPT(handlerFn) {% endhint %} **This works best when combined with the key check API below**. ## 🔑 Key Check Library {% hint style="info" %} In most cases, you don't need to check the key yourself because Luarmor protected scripts already come with the whitelist built inside them, which will kick them if a key is invalid. But in certain cases where you want to check a key in advance (before whitelist), so the user doesn't get kicked if it is an invalid key, you can use our key checking library. {% endhint %} Ideally, you would want to run this library **before** the obfuscated code (luarmor loadstring) runs. So you can implement your custom logic to handle invalid / expired keys by displaying the error message to the user without kicking or crashing the client. Here's how to import it: ```lua local api = loadstring(game:HttpGet("https://sdkapi-public.luarmor.net/library.lua"))() --> Returns a table with methods that you can use. -- You must initialize it with the script ID first. -- Put your own script ID Below: -- You can find it in your loadstring URL or projects tab. api.script_id = "f42f3746fb3eb60f837d3673581c14a6" -- make the API request: local status = api.check_key(script_key or textLabel1.Text); -- pass 32-char user key here print(status) --> table {code:, message:, data?:} -- custom logic below: if (status.code == "KEY_VALID") then -- fetch basic info about the key (only if KEY_VALID) ui:SetBanner("Welcome. Seconds left: " .. (status.data.auth_expire - os.time())) ui:UpdateTitle("Total executions: ", status.data.total_executions) print("Is key from ad system? " .. status.data.note == "Ad Reward" and "YES" or "NO") script_key = script_key or textLabel1.Text; -- SET THE KEY BEFORE LOADSTRINGING. api.load_script(); -- Executes the script, based on the script_id you put above. -- Alternatively, you can just put the loadstring you got from luarmor website. -- You must specify the script_key global either way. return elseif (status.code == "KEY_HWID_LOCKED") then ui:Notify("Key linked to a different HWID. Please reset it using our bot") return elseif (status.code == "KEY_INCORRECT") then ui:Notify("Key is wrong or deleted!") return else -- fallback to anything else e.g blacklisted, key empty/too short: player:Kick("Key check failed:" .. status.message .. " Code: " .. status.code) end -- You can see a full list of possible status codes and status messages below. ``` ### Possible status codes: | "code" \ | "message" \ | Meaning: | | ---------------------------------------------------- | ----------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | | KEY\_VALID | The provided key is valid. | Key has no hwid assigned to it (reset state) **or** the assigned hwid matches client's hwid, and the key is not expired. | | KEY\_EXPIRED | The provided key has expired. | Key is valid, hwid matches, but it has expired and can not be used. | | KEY\_BANNED | The provided key is blacklisted. | Key is valid, hwid matches but it is blacklisted and can not be used. Blacklist reason is not exposed to the user via this library. | | KEY\_HWID\_LOCKED | The provided key has been locked to a different HWID. Reset your HWID to access it. | Key is valid, **hwid does not match** and needs to be reset via bot panel or ad page. | | KEY\_INCORRECT | The provided key is incorrect / it does not exist. | Key seems valid, but does not exist in the database. Could be deleted, or never generated. | | KEY\_INVALID | The provided key is in an invalid format. | Key is empty / too long / too short. | | SCRIPT\_ID\_INCORRECT | The provided script ID is incorrect / it does not exist. | Script ID does not exist or has been deleted later. | | SCRIPT\_ID\_INVALID | The provided script ID is in an invalid format. | Script ID is too short / too long / contains non-hexadecimal characters. | | INVALID\_EXECUTOR | HWID header contains invalid data. Executor might not be supported. | Executor not supported. | | SECURITY\_ERROR | Request can not be validated by cloudflare | Signature does not match. | | TIME\_ERROR | Client time is invalid. | Request took too long to complete or os.time() is broken. | | UNKNOWN\_ERROR | Unknown server error - contact gg/luarmor | Upstream closed connection (outage or an API restart) | Response body will always be a JSON. In case of **KEY\_VALID,** an additional "data" field will be included in the table, with these fields: KEY\_VALID "data" fields: | Field Name | Type | Value | | ----------------- | ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | | auth\_expire | number (32bit timestamp) | Expiry date of the key, could be -1 or 0 for lifetime keys. | | note | string | Note, can be accessed in the obfuscated script via LRM\_UserNote too. (Refer to [runtime ](#runtime-variables)[variables](#runtime-variables)) | | total\_executions | number | Total executions made by this key. Could be any number. | ### Library Methods You can see a full list of functions that are provided by the library. | method: | usage: | Meaning | | ----------------------- | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | \ script\_id | lib.script\_id = "PASTE ID" | You have to assign your script ID to the table that library returns in order to check keys. Always do this first. | | check\_key(\) | lib.check\_key("JnX84B...Q1") | Make a call to fetch key data. | | load\_script() | lib.load\_script(); | Loadstrings the script ID that was previously assigned above. You can just use the default loadstring too. YOU MUST set the script\_key global before loadstringing or using this. | | purge\_cache() | lib.purge\_cache(); | Tries to delete the cached file in workspace folder that holds the last known obfuscated version of the script. You can force a purge with this. | ## 🎁 Ad System (Rewards) Refer to "[Ad System (Rewards)](https://docs.luarmor.net/ad-system-rewards)" page.