Anaminus
commented
2 years ago The above interpretation is incorrect. the SIGN chunk is mostly independent from the 0x1D type.
- The 0x1D type refers to compiled Luau bytecode (called "Bytecode").
- The SIGN chunk is indeed used to validate the content of the file.
Because arbitrary Bytecode is unsafe to execute, files are validated using the SIGN chunk to ensure that the bytecode comes from a trustworthy source. This is how the two concepts are related.
Present in several Roblox-sourced binary models are structures related to content validation. There appear to be two separate implementations:
Encryption-basedScript Source properties are encoded with type 0x1D instead of the usual string type. The remaining content appears to be encrypted.A SIGN chunk is present, which presumably contains a signature used to decrypt the encrypted-string type.Appears to be no longer used, likely in favor of the more-robust signature-based method.Signature-basedScript Source properties are encoded as usual.A SIGN chunk is present, which presumably contains a signature. This is possibly used to validate the content of previous chunks.Resources