BastionBastion/docs
HomeDiscord

Documentation

Bastion v1 — Lua script protection platform

Getting Started

1. Create a Project

Go to your dashboard and click "Create Project". Give it a name that represents your script.

2. Add Your Script

Upload your Lua script. Bastion will obfuscate it with Luraph. Configure:

  • Free For All — no key required
  • Silent Mode — suppress loader output
  • Game ID — lock to a specific game

3. Generate Keys

Generate authentication keys for your users. Set expiration times and attach notes.

4. Distribute Loader

Copy the loader script from your dashboard and distribute it to your users.

Loader Script

Users execute this in their executor to authenticate and load your protected script:

lua
key = "USER_KEY_HERE"
loadstring(game:HttpGet("YOUR_LOADER_URL"))()

The loader handles HWID binding, kernel authentication, and script decryption automatically. For free-for-all scripts, the key line can be omitted.

Runtime Variables

These globals are injected into your script after successful authentication:

VariableTypeDescription
BST_IsUserPremiumbooleantrue if user has a valid key
BST_LinkedDiscordIDstring | nilLinked Discord ID
BST_ScriptNamestringName of the script
BST_TotalExecutionsnumberTotal executions by this user
BST_SecondsLeftnumberSeconds until key expiry (math.huge if never)
BST_UserNotestringNote attached to the key
BST_ScriptVersionstringScript version string

Example usage:

lua
if BST_IsUserPremium then
    print("Welcome premium user!")
else
    print("Free tier")
end

if BST_SecondsLeft < 86400 then
    warn("Key expires in " .. math.floor(BST_SecondsLeft / 3600) .. " hours!")
end

Luraph Macros

Use these macros in your scripts to control obfuscation behavior. They are processed during obfuscation.

LPH_ENCSTRString Encryption
lua
local secret = LPH_ENCSTR("This string will be encrypted")
LPH_ENCNUMNumber Encryption
lua
local value = LPH_ENCNUM(12345)
LPH_CRASHAnti-Tamper
lua
if tampered then
    LPH_CRASH()
end
LPH_NO_VIRTUALIZESkip Virtualization

Use on hot-path functions (render loops, Heartbeat) to avoid performance issues:

lua
LPH_NO_VIRTUALIZE(function()
    -- Performance-critical code
    -- Not virtualized, still obfuscated
end)()
LPH_JITJIT Hint
lua
local fast = LPH_JIT(function(x)
    return x * x
end)
LPH_JIT_MAXAggressive JIT
lua
local superFast = LPH_JIT_MAX(function()
    -- Maximum performance code
end)

Webhooks

Configure Discord webhooks in your project settings for real-time notifications.

Alert Webhook

Security events: invalid keys, HWID mismatches, expired keys, blacklisted attempts, game ID mismatches.

Logs Webhook

Execution logs: script name, version, Discord ID, executor, HWID, IP, execution count.

Discord Bot

Manage your project directly from Discord with slash commands.

CommandDescription
/loginAuthenticate with your Bastion API key
/logoutClear stored API key and panel config
/setpanelSet up the script panel in a channel
/whitelistCreate a key and whitelist a user
/unwhitelistRemove a user from the whitelist
/blacklistBlacklist a user
/keyinfoLook up information about a key
/userinfoLook up information about a user
/compensateAdd days to user subscriptions
/force-resethwidForce reset HWID (bypasses cooldown)
/statsView project statistics

Panel buttons available to users:

Redeem Key
Get Script
Get Stats
Reset HWID

Bot Hosting

1. Create an Account

Sign up at bot-hosting.net and create a new Node.js bot instance.

2. Configure Environment

Set these environment variables:

env
DISCORD_BOT_TOKEN=your_bot_token
DISCORD_CLIENT_ID=your_client_id
BASTION_API_URL=https://your-domain.vercel.app

3. Deploy

Upload the bot files and start the instance. Run register-commands.ts once to register slash commands.

Need help?

Join the Discord for support and updates.

Join Discord

© 2026 Bastion. All rights reserved.