Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
823 views
in Technique[技术] by (71.8m points)

obfuscation - How do I de-obfuscate a Lua script?

I have some Lua code that I suspect is obfuscated. How do I go about de-obfuscating it?

I believe the code is obfuscated because it looks very different from normal Lua code, but I know it is valid Lua code because the Lua interpreter will still compile and run the code.

I have a legitimate interest in de-obfuscating the code and do not intend to distribute it against the authors will or modify it to circumvent any DRM-mechanism.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

There are generally two ways to obfuscate Lua source code:

  1. Obfuscate the code directly, mostly by renaming variables, introducing istraction and restructuring code to be harder to follow

  2. Encode the source code and embed it as a string in a Lua file that only decodes, loads and runs the encoded real program.

In reality, a combination of both is often used: Programs are obfuscated, then encoded and wrapped in a string. Finally, the code that loads and runs the string is often obfuscated again.


Typical mechanisms used for making Lua code harder to follow include:

  1. Renaming standard functions such as string.gsub, table.concat, etc.
  2. Renaming variables to nonsense
  3. Replacing dot- and colon-notation for table-indices with bracket-notation
  4. Using hexadecimal notation for literal strings (often in combination with 3.)

Generally speaking, the steps to de-obfuscate such code by hand are often very similar: reformatting the code to make is easier to follow the control-flow, then figuring out what each variable represents and renaming them. For this it is often necessary to have a good understanding of the Language, as one needs to be aware of all the rules that the obfuscation takes advantage of to make the code harder to understand. A few such rules to be aware of:

  1. Local variable shadowing: two different variables can have the same name in different scopes (or even in the same scope).
  2. Syntactic sugar such as dot- and colon-notation
  3. Function environments and getfenv and setfenv
  4. Metatables and that all Strings share one metatable with __index set to string
  5. Whitespace is often insignificant in Lua and only necessary to separate statements in some cases, which can also be done with ;.

For more in-detail help with de-obfuscating a specific snippet of Lua code, you could ask in the following other online communities:

But remember: Don't ask to ask, just ask

Note that these are not official communities. For more options, see the Community page on the official Lua website.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...