Technology
A proprietary detection engine compiled from Rust to WebAssembly. Four independent fingerprint layers. Continuous catalog monitoring. Every decision explained.
The Problem
Traditional file hashes (MD5, SHA-256) change completely if a single byte differs. Re-uploading a mesh through Roblox's pipeline produces a different binary — even for the same model. File hashing detects nothing.
Manually checking the catalog is impossible. Thousands of new items appear daily. By the time you spot a clone, it's already capturing your sales. You need automated, continuous monitoring.
Any single detection method has blind spots. Image hashing misses geometry-only theft. Shape analysis misses texture swaps. Shield uses four independent layers specifically because no single approach catches everything.
Roblox's AI moderation misses real clones while simultaneously flagging original items as stolen — applying permanent account strikes to legitimate creators. Shield solves both directions.
Regular file hashes change completely if you alter one pixel. Perceptual hashes are designed to remain similar for visually similar images — even across color shifts, resizing, and compression artifacts.
Shield computes both pHash (DCT-based, captures broad frequency patterns) and dHash (gradient-based, captures directional changes) for every catalog thumbnail. Each produces a compact 64-bit integer.
Comparison is instant: XOR the two integers, count the differing bits (Hamming distance). Zero means identical. Under 5 means near-certain match. Under 10 means likely match. This runs in nanoseconds.
The same approach powers YouTube Content ID, Microsoft PhotoDNA, and Facebook's PDQ system — proven on billions of images.
Process
Catches
Re-colored copies, resized thumbnails, JPEG compression artifacts, brightness/contrast changes
Shield parses the raw Roblox FileMesh binary format (versions 2 through 5) and extracts structural properties that define the mesh's geometry. This isn't a visual comparison — it's reading the actual 3D data.
Extracted properties include vertex count, triangle count, normalized bounding box ratios, and surface area. A direct mesh rip will have identical values across all of these. Even minor modifications rarely change all properties simultaneously.
This layer acts as a fast pre-filter. If vertex and triangle counts are within ±10 of a registered item, the candidate is escalated to the more computationally expensive shape analysis. Exact matches on all geometric properties are an extreme red flag.
Extracted Data
Catches
Direct mesh rips, unmodified geometry, re-textured copies with identical structure
The most mathematically robust layer. Based on the Osada et al. (2002) D2 descriptor — a technique from academic 3D shape retrieval research. It captures the fundamental shape of a mesh, invariant to rotation, translation, and uniform scaling.
The algorithm samples 10,000 random pairs of points on the mesh surface, measures the Euclidean distance between each pair, and builds a 128-bin histogram of those distances. The histogram is RMS-normalized so scale doesn't matter. Two objects with the same shape produce the same distribution, regardless of how they're oriented in space.
These 128-dimensional vectors are stored in a pgvector database with an HNSW index. Similarity search using cosine distance returns matches in milliseconds — even across hundreds of thousands of fingerprints.
This layer carries the highest weight (35%) in Shield's composite scoring formula because it's the hardest to fool. Rotating, mirroring, or uniformly scaling a stolen mesh won't change its D2 distribution.
Algorithm
Catches
Rotated, scaled, mirrored, or repositioned meshes — any transformation that preserves shape
The final layer targets the UV texture map — the 2D image that wraps around the 3D mesh. Shield downloads the texture through Roblox's authenticated Asset Delivery API and applies the same perceptual hashing pipeline used for thumbnails.
This catches a specific class of theft: same mesh, different thumbnail. A cloner might change the catalog preview image but leave the actual texture unchanged (or vice versa). By fingerprinting both independently, Shield detects either scenario.
Since April 2025, the Asset Delivery API requires authentication. Shield maintains authenticated access with proper rate limiting — a non-trivial barrier that most community tools haven't crossed.
Process
Catches
Texture theft, material swaps with original UV layout, clones with modified thumbnails but identical textures
Composite Scoring
When a potential match is found, all four layers produce individual similarity scores. These are combined into a single composite score using weighted coefficients tuned for the specific characteristics of Roblox UGC theft.
20%
Thumbnail
25%
Geometry
35%
Shape (D2)
20%
Texture
Near-certain clone. Act immediately.
Likely clone. Manual review recommended.
Possible match. Worth investigating.
Raw similarity scores are never exposed. Shield returns confidence tiers — clear threat levels you can act on without interpreting numbers. This also prevents competitors from reverse-engineering detection thresholds.
The Engine
The entire fingerprinting pipeline runs as a Rust binary compiled to WebAssembly. This isn't a JavaScript library with readable source code — it's a compiled binary that executes on Cloudflare's global network in 300+ cities.
Compiled with opt-level="z", LTO, and symbol stripping. The binary contains no variable names, no comments, no readable source. Even knowing the general approach, no one can extract Shield's specific parameters or scoring weights.
Runs on Cloudflare Workers — serverless compute in 300+ cities worldwide. When a creator in Tokyo scans an item, the fingerprinting engine executes at the nearest edge node. Sub-50ms cold start. No server to manage.
Custom Rust parser for Roblox's proprietary FileMesh binary format (versions 2 through 5). Extracts vertex positions and face indices directly from the binary — no third-party mesh libraries, no format conversion.
The D2 shape distribution uses a fixed random seed (not crypto-random). This means the same mesh always produces the exact same fingerprint — critical for consistent matching across the entire database.
Infrastructure
Vercel hosts the website. Cloudflare runs the brain. Supabase stores the data. Each does what it's best at. You manage nothing.
Compute
WASM fingerprinting engine, Roblox API integration, catalog crawler (cron every 15 minutes), authenticated asset delivery
Storage & Auth
PostgreSQL with pgvector, HNSW similarity index, real-time alert subscriptions, shared authentication with the Titanite ecosystem
Frontend
Next.js application, dashboard interface, server-side rendering, edge-optimized static assets, global CDN delivery
Register your first item. Watch the fingerprint pipeline run. Free tier protects 50 items.