HomeDocsTeam PricingNotice DiscordDashboard
Documentation

Docs

Everything you need to protect, deliver, and manage your Lua scripts with Sudo.

Section 01

Overview

Sudo is a loadstring-based script protection system for Lua. It protects your scripts with multiple security layers and serves them through single-use URLs.

  • Custom virtual machine — no standard deobfuscation tools work
  • Per-request obfuscation — every output is unique
  • Multi-layer encryption on all constants and strings
  • Single-use payload URLs — no sharing, no replay
  • Intrusion detection and HWID banning
Section 02

Quick Start

  1. Get a key: Free key (4 days) or purchase a longer key
  2. Register an account at the Dashboard using your key
  3. Upload your script through the dashboard
  4. Copy the generated loadstring and use it in your executor
-- paste this into your executor loadstring(game:HttpGet("https://sudo.lol/obf/your-script-id"))()
Section 03

Key System

Free keys require completing 3 checkpoints. Each checkpoint opens a new tab — complete the page and return to the key system. After all 3 checkpoints, click "Claim Your Key" to generate your key.

Key types

  • Free (4 days) — 3 checkpoints, HWID-bound
  • Premium ($5/mo) — No checkpoints, 30-day validity
  • Lifetime ($35) — No checkpoints, never expires

Keys are bound to one HWID. If you need a reset, contact us on Discord.

Section 04

Dashboard

The dashboard lets you manage your scripts and account:

  • Upload / Edit scripts — paste or drag-drop .lua files. Editing re-protects under the same URL.
  • Copy loadstring — one-click copy of your loadstring or direct URL
  • Messages — direct communication with the site owner
  • Intrusion log — (owner only) view tamper attempts and ban HWIDs
Section 05

Loadstring Format

Each loadstring URL serves a unique obfuscated script per request. The URL looks like:

https://sudo.lol/obf/<script-id>

When an executor requests this URL, it receives a freshly protected version of your script. Every request produces unique output with different structure and variable names.

Browser requests are redirected to the homepage — scripts are only served to valid executors. Payload URLs are single-use and expire quickly.

Section 06

Security

Sudo uses multiple layers of protection to keep your scripts secure. Each layer is designed so that bypassing one does not expose the others.

  • Custom virtual machine with per-build randomization
  • Multi-layer encryption — no readable strings in output
  • Every request generates unique output — no two are the same
  • Single-use delivery URLs that expire immediately after fetch
  • Intrusion detection with automatic HWID banning

Standard deobfuscation tools do not work on Sudo output, and the pipeline is continuously hardened against reversing.

Section 07

API Reference

GET /obf/:scriptId — Returns the protected script. Executor requests get the obfuscated Lua; browser requests get redirected to the homepage.

POST /api/keysystem — Key system endpoints for checkpoint completion and key generation. Used internally by the key system pages.

POST /api/auth — Authentication endpoints for login, registration, and session management.

POST /api/scripts — Script management: upload, edit, delete, list. Requires authentication.

Section 08

FAQ

Can I change my HWID?
Contact us on Discord for a HWID reset.

Why does my key say expired?
Free keys last 4 days. Get a new one or upgrade to Premium/Lifetime.

Can someone deobfuscate my script?
Standard deobfuscation tools do not work on Sudo output, and the custom VM is continuously hardened.

How do I report a bug?
Join the Discord server and post in general chat.