Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I de-obfuscate a Lua script?

Tags:

obfuscation

deobfuscation

lua

I have some Lua code that I suspect is obfuscated. How do I go about de-obfuscating it?

I believe the code is obfuscated because it looks very different from normal Lua code, but I know it is valid Lua code because the Lua interpreter will still compile and run the code.

I have a legitimate interest in de-obfuscating the code and do not intend to distribute it against the authors will or modify it to circumvent any DRM-mechanism.

like image 972
DarkWiiPlayer Avatar asked Feb 09 '21 14:02

DarkWiiPlayer

People also ask

How do you Unobfuscate a script?

To obfuscate a script simply use the command /obfuscate <script name> (/scramble is an alias for this command too) and the permission for it is skrambler. obfuscate. The obfuscated script will be saved in the same folder as the original script file and will have the same name except with a .

Can you obfuscate obfuscated code?

Obfuscation means to make something difficult to understand. Programming code is often obfuscated to protect intellectual property or trade secrets, and to prevent an attacker from reverse engineering a proprietary software program. Encrypting some or all of a program's code is one obfuscation method.

1 Answers

There are generally two ways to obfuscate Lua source code:

  1. Obfuscate the code directly, mostly by renaming variables, introducing istraction and restructuring code to be harder to follow

  2. Encode the source code and embed it as a string in a Lua file that only decodes, loads and runs the encoded real program.

In reality, a combination of both is often used: Programs are obfuscated, then encoded and wrapped in a string. Finally, the code that loads and runs the string is often obfuscated again.

Typical mechanisms used for making Lua code harder to follow include:

  1. Renaming standard functions such as string.gsub, table.concat, etc.
  2. Renaming variables to nonsense
  3. Replacing dot- and colon-notation for table-indices with bracket-notation
  4. Using hexadecimal notation for literal strings (often in combination with 3.)

Generally speaking, the steps to de-obfuscate such code by hand are often very similar: reformatting the code to make is easier to follow the control-flow, then figuring out what each variable represents and renaming them. For this it is often necessary to have a good understanding of the Language, as one needs to be aware of all the rules that the obfuscation takes advantage of to make the code harder to understand. A few such rules to be aware of:

  1. Local variable shadowing: two different variables can have the same name in different scopes (or even in the same scope).
  2. Syntactic sugar such as dot- and colon-notation
  3. Function environments and getfenv and setfenv
  4. Metatables and that all Strings share one metatable with __index set to string
  5. Whitespace is often insignificant in Lua and only necessary to separate statements in some cases, which can also be done with ;.

For more in-detail help with de-obfuscating a specific snippet of Lua code, you could ask in the following other online communities:

  • The Lua subreddit
  • The Lua Scripters Discord Server
  • The Lua Forum

But remember: Don't ask to ask, just ask

Note that these are not official communities. For more options, see the Community page on the official Lua website.

like image 81
3 revs, 2 users 99% Avatar answered Sep 22 '22 01:09

3 revs, 2 users 99%

Sign in to Comment

Related questions

Safely reading string from Lua stack
Registering a C++ class for use in Lua 5.2
Whats the usage of metatables without metamethods?
How does `table.insert` work with custom tables in Lua
I need clarification on Metatable.__index
String Manipulation in Lua: Make the odd char uppercase
is there a way to get path and name of the interpreter that is running current script?
How to translate this PAWN example to LUA?
Lua require relative path
Lua trouble: attempt to call global 'unpack' (a nil value)
Optional Group Capture with Lua Pattern Matching
How to split a Lua table containing sub-tables
Lua: String.match vs String.gmatch?
Why type(nil)==nil is false?
Lua - Perlin Noise Generation - Getting bars rather than squares
Lua syntax highlighting latex for arXiv
Lua - Local variable scope in function
Lua cannot find installed luarocks on Ubuntu
Love2D: what is the difference between creating variables inside love.load instead of at the top of the main.lua file?
Caching expensive table calculation on strings between separate function calls in Lua

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!