If you just started using Luarmor, you should read this quick start guide. It will take you only 10 minutes to understand how Luarmor works.
1οΈβ£ Create an account:
In order to use Luarmor, you need to create an account. And for that, you need an "invite code". Invite codes can be purchased here --> https://luarmor.net#prices
Alternatively, you can use an invite code to extend your membership for +30 extra days here --> https://luarmor.net/profile
Step 7 - Enter script details. Detailed descriptions can be found below
Step 8 - Download the loader file. Keep in mind that loader does not change, so you don't have to re-download it every time you update your script.
3οΈβ£ Whitelist users:
If you are migrating from another whitelist service, or your own, you can easily import your users with 2 clicks. Skip to this part for mass whitelisting details.
There are 2 ways to whitelist someone:
Generate an empty key at https://luarmor.net/usersand give it to user. Alternatively, you can mass-generate keys and put them to your sellix / shoppy as "serials" for automated purchases.
Or run /whitelist command via discord bot and user will be able to click on "get script" button on control panel
( Bot invite will be DM'ed upon purchasing a Luarmor invite code. Join our discord server to buy an invite code: https://discord.gg/luarmor)
Once the user is whitelisted, they can execute the script by adding script_key = "KEY HERE"; on top of the script. Note that keys are linked to user's HWID and sharing the key with someone else won't work because they will have a different HWID.
Tada! authenticated in 0.7 seconds ;D
You will get this notification to your webhook.
script_key must be added on top of the script (except for FFA mode)
4οΈβ£ Reset HWID:
In some cases, user's HWID might change on its own, when that happens, they must run /resethwidvia discord bot and re-execute the script. It will automatically assign the new HWID upon execution.
You can reset HWID like this. Users can reset their own HWIDs as well if you have the setting enabled.
If you think someone might be sharing their key and using /resethwid for others, simply compare action fingerprint in the resethwid notification
Reset HWID notification action fingerprints. If they're *mostly* similar, it's legit. If they're fully different, there's a high chance that user is sharing his key to someone else and /resethwid'ing on their behalf.
β‘Runtime Variablesβ‘
Luarmor has runtime variables that allows you to access to user details such as discord id, total executions, script name, premium, user note etc..
They can be used for a lot of things. Check out this example:
A script that utilizes runtime assigned variables.
You can see a full list of runtime variables here:
LRM_IsUserPremium : if user is whitelisted or not. useful for FFA scripts, ('freemium')
LRM_LinkedDiscordID : linked discord id
LRM_ScriptName : name of the current script.
LRM_TotalExecutions : total executions of the user. it will be 0 by default.
LRM_SecondsLeft : seconds left until expiry. it will be math.huge if auth_expire isn't set
LRM_UserNote : user note ('Not specified' by default)
LRM_ScriptVersion : version of the script. Looks like "0.0.0.3" and is a string.
βοΈ Discord Bot Configuration βοΈ
This documentation shows the setup for OLD BOT!. New bot looks different than this. It doesn't require a documentation to use the new bot.
You can automate everything using this discord bot. Or you can write your own bot using our API documentation.
If you're a Luarmor buyer, discord bot invite will be sent to you via DM. After inviting the bot, run /login command and link the server.
Step 1 - Run /login [api key] command
Step 2 - Set a manager role. People with manager role can run basic management commands like /whitelist, /force-resethwid
Step 3 - Select a project. Once you do this, all management commands will be
applied to this project.
Step 4 - Set a buyer role. This role will be automatically
assigned when a manager runs /whitelist [user]
or when a user runs /redeem [code] or /getrole
Step 5 - Set the script to DM to users when they run /script or a manager runs /whitelist
This is what the file should be like.
π Mass Whitelist - Import Users π
If you already have users with a specific role, you can easily mass whitelist every single one of them with one command.
Your already existing users
Command syntax
Successfully imported users
"Total failed" means their discord IDs are already registered, so in order to avoid duplicated entries, it will skip them.
Alternatively, you can import them as a JSON file.
Step 2 - Upload your JSON file and confirm. That's it.
Once users are imported, all they need to do is to click on the "Get Script" button and the bot will respond to them with the script + key appended on top.
π LRM_INIT_SCRIPT macro
This macro can be used to run a function before the obfuscated code. It can be useful for displaying a "Enter a key" GUI or running AC bypasses, or anything that must be executed before authentication.
Function passed into this macro will not be obfuscated, and people can view it as if it is raw. So don't pass critical code here.
Example usage:
To display an async key UI, execution must be blocked via a loop at the end of the INIT script otherwise it will continue running and kick the user with a "no key found".
To run a "bypass" or any code that doesn't require async execution, just add your code directly, without having to block the execution.
LIMITATIONS:
You can't reference upvalues inside an INIT script, because it will get extracted out of the obfuscated code, and there will be no upvalues there. So assume that it is a completely separate context, and put every helper function / variable inside, which will be used by the init script.
There can be only one init script per script, you can't use this macro more than once in a single script.
Whatever function you pass, must be a constant. Do not pass a variable e.g LRM_INIT_SCRIPT(handlerFn)
This works best when combined with the key check API below.
π Key Check Library
In most cases, you don't need to check the key yourself because Luarmor protected scripts already come with the whitelist built inside them, which will kick them if a key is invalid.
But in certain cases where you want to check a key in advance (before whitelist), so the user doesn't get kicked if it is an invalid key, you can use our key checking library.
Ideally, you would want to run this library before the obfuscated code (luarmor loadstring) runs. So you can implement your custom logic to handle invalid / expired keys by displaying the error message to the user without kicking or crashing the client.
Here's how to import it:
Possible status codes:
"code" <string>
"message" <string>
Meaning:
KEY_VALID
The provided key is valid.
Key has no hwid assigned to it (reset state) or the assigned hwid matches client's hwid, and the key is not expired.
KEY_EXPIRED
The provided key has expired.
Key is valid, hwid matches, but it has expired and can not be used.
KEY_BANNED
The provided key is blacklisted.
Key is valid, hwid matches but it is blacklisted and can not be used. Blacklist reason is not exposed to the user via this library.
KEY_HWID_LOCKED
The provided key has been locked to a different HWID. Reset your HWID to access it.
Key is valid, hwid does not match and needs to be reset via bot panel or ad page.
KEY_INCORRECT
The provided key is incorrect / it does not exist.
Key seems valid, but does not exist in the database. Could be deleted, or never generated.
KEY_INVALID
The provided key is in an invalid format.
Key is empty / too long / too short.
SCRIPT_ID_INCORRECT
The provided script ID is incorrect / it does not exist.
Script ID does not exist or has been deleted later.
SCRIPT_ID_INVALID
The provided script ID is in an invalid format.
Script ID is too short / too long / contains non-hexadecimal characters.
INVALID_EXECUTOR
HWID header contains invalid data. Executor might not be supported.
Executor not supported.
SECURITY_ERROR
Request can not be validated by cloudflare
Signature does not match.
TIME_ERROR
Client time is invalid.
Request took too long to complete or os.time() is broken.
UNKNOWN_ERROR
Unknown server error - contact gg/luarmor
Upstream closed connection (outage or an API restart)
Response body will always be a JSON. In case of KEY_VALID, an additional "data" field will be included in the table, with these fields:
KEY_VALID "data" fields:
Field Name
Type
Value
auth_expire
number (32bit timestamp)
Expiry date of the key, could be -1 or 0 for lifetime keys.
note
string
Note, can be accessed in the obfuscated script via LRM_UserNote too. (Refer to runtime variables)
total_executions
number
Total executions made by this key. Could be any number.
Library Methods
You can see a full list of functions that are provided by the library.
method:
usage:
Meaning
<new index> script_id
lib.script_id = "PASTE ID"
You have to assign your script ID to the table that library returns in order to check keys. Always do this first.
check_key(<string>)
lib.check_key("JnX84B...Q1")
Make a call to fetch key data.
load_script()
lib.load_script();
Loadstrings the script ID that was previously assigned above. You can just use the default loadstring too. YOU MUST set the script_key global before loadstringing or using this.
purge_cache()
lib.purge_cache();
Tries to delete the cached file in workspace folder that holds the last known obfuscated version of the script. You can force a purge with this.
LRM_INIT_SCRIPT(function()
local UI_lib = loadstring(.....)()
local Completed = false;
local enteredKey;
UI_lib:AddTab({
Title = "Enter a key",
Type = "InputBox",
OnClick = function(key)
enteredKey = key;
Completed = true; -- Let it go
end
});
UI_lib:Show()
-- Pend / Block execution until key is entered.
while not Completed do wait() end
script_key = enteredKey
end)
local api = loadstring(game:HttpGet("https://sdkapi-public.luarmor.net/library.lua"))()
--> Returns a table with methods that you can use.
-- You must initialize it with the script ID first.
-- Put your own script ID Below:
-- You can find it in your loadstring URL or projects tab.
api.script_id = "f42f3746fb3eb60f837d3673581c14a6"
-- make the API request:
local status = api.check_key(script_key or textLabel1.Text); -- pass 32-char user key here
print(status) --> table {code:<string>, message:<string>, data?:<table>}
-- custom logic below:
if (status.code == "KEY_VALID") then
-- fetch basic info about the key (only if KEY_VALID)
ui:SetBanner("Welcome. Seconds left: " .. (status.data.auth_expire - os.time()))
ui:UpdateTitle("Total executions: ", status.data.total_executions)
print("Is key from ad system? " .. status.data.note == "Ad Reward" and "YES" or "NO")
script_key = script_key or textLabel1.Text; -- SET THE KEY BEFORE LOADSTRINGING.
api.load_script(); -- Executes the script, based on the script_id you put above.
-- Alternatively, you can just put the loadstring you got from luarmor website.
-- You must specify the script_key global either way.
return
elseif (status.code == "KEY_HWID_LOCKED") then
ui:Notify("Key linked to a different HWID. Please reset it using our bot")
return
elseif (status.code == "KEY_INCORRECT") then
ui:Notify("Key is wrong or deleted!")
return
else
-- fallback to anything else e.g blacklisted, key empty/too short:
player:Kick("Key check failed:" .. status.message .. " Code: " .. status.code)
end
-- You can see a full list of possible status codes and status messages below.
