Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I paid an untrusted developer for a script. And as I thought he scammed me. He did send me code, but he obfuscated the script. It is for a game called "Roblox" that uses Lua, the code will be down below. As from I can tell by running it, it might work. But I would need to change the script for it to work. Does anyone know to to decode the obfuscation?
https://pastebin.com/B8SZmZGE
local ilIillllII1i1lliliI = assert local II1ll1iliIIIIillIli = select local lIlillIlIi11I1lIIi11I = tonumber local i1li1IIIII1IIilIil1 = unpack local iIl1IIlI11i1il1ilII = pcall local lIlI1IiiIlIl1i11ll1Il = setfenv local iIIlilIlllIliiIili1 = setmetatable local ii1Iiill11ii1IIIill = type local lIll1I1ll1lliilII1Il1 = getfenv local IiIi1llliiIIllllI1i = tostring local Ii1IIill1ilI1lilIiI = error local iilli1lIi11lllIli1l = string.sub local lIlI1li1ll1lliliIlI = string.byte local lIli1Ill1liIlilIIIiiI = string.char local I1ii1iIIl1lI1Iii1iI = string.rep local iiiIiI11IIllIiliI1I = string.gsub local illlIIIllliill1l1ll = string.match local iIi1l1liili1I11l1II = 1 local function lIll1iillI1ll1iiIiIll(IIiiiIiiIllIl1i1i1I, iIililIlliIII11illi) local i1iiI1I1iII1iiIiil1 IIiiiIiiIllIl1i1i1I = iiiIiI11IIllIiliI1I(iilli1lIi11lllIli1l(IIiiiIiiIllIl1i1i1I, 5), "..", function(llii1Ii11lI1llilill) if lIlI1li1ll1lliliIlI(llii1Ii11lI1llilill, 2) == 71 then i1iiI1I1iII1iiIiil1 = lIlillIlIi11I1lIIi11I(iilli1lIi11lllIli1l(llii1Ii11lI1llilill, 1, 1)) return
Ok so I am turtsis and I see that people have been stealing my answer and posting it on v3rmillion as there own. So I will post another answer but this time a better one on how to actually get contents of it. So basically if you didn’t read my other answer then don’t and just read this one:
Luraph is a custom lbi which is a lua bytecode interpreter. If you do string.dump(function) you will get luaQ as the output. That is why people use unluaC or luadec to get the source to these dumps. This is called bytecode which is different then string:byte() as it is a non readable lua format in lua 5.1 and up. To be able to use these encoded strings/functions you will need a lbi. What a lbi does is it interpreted the bits and deserialzes them. Here is a example of a commonly used lbi https://github.com/JustAPerson/lbi/blob/master/src/lbi.lua
Ok so now to the part where you get contents of it.
In lua (and other coding languages) there is things called opcodes. Opcodes control the base of lua and there is quite a few of them. Some of the most commonly known and most useful ones are these:
LOADK - loads a constant to the register
LOADBOOL - loads a bool to the register
LOADNIL - loads a nil to the register
JMP - jump
ADD - Adds a new thing to the register
SUB - Subtracts something from the register
There is many more but those are the main ones we will be focusing on.
Ok so to get those normally you would need a external program called unluac or luadec but for this we will be doing it in base lua. I recommend using repl.it to run the code.
So the main thing we will need is LOADK as it loads a constant
A constant is a variable or anything really that doesn’t change ex: local value = 1
Now what isn’t a constant is something that changes.
Now you probaly have heard of iron brew and synapse xen both are very known lua obfuscators created by 3ds and Defcon42
Iron brew and xen have something in common (well the base) they aren’t lbis so you don’t usually get the opcodes from them. But they have a table that has all the constants in them (xen is encrypted) to get these tables there is a whole process with table.concat and global but that’s not luraph that’s other obfuscators. Luraph is different Though because it is a lbi so there is no need for a table with all the constants in it. Instead to get the constants we need a way to get the instructions from a script. Opcodes are instructions. They are instructions because opcodes tell lua what to do with code. Ok so how do we get these instructions?
Here is a article on opcodes and instructions:
http://luaforge.net/docman/83/98/ANoFrillsIntroToLua51VMInstructions.pdf
So they all have signatures:
"sBx"
"A"
"A", "B"
"A", "Bx"
"A", "C"
"A", "sBx"
"A", "B", "C”
You get opcodes args from these instructions.
Now different obfuscators have different opcodes instructions so for luraph you will have to find them. Ok so use a dissembler or make Your own but here is a disassembler made by my friend:
https://github.com/op0x59/reddisassembler
You will need to go onto repl.it and make a repo then add the code and format it etc with the settings. Where in the settings it has opcodes you will need to manually get these from luraph.
So there you go that’s how you can do it. If you need more help dm me on discord:
turtsis#6969
Or
turtsis#2785
ALSO WHOEVER IS STEALING MY ANSWERS ON HERE AND POSTING THEM ON V3RMILLION WITH OUT CREDITING ME PLEASE STOP OR GIVE ME CREDIT.
Basically it uses bytecode (\144\22\99\88) but it has a custom interpreter and a custom bytecode vm to make it have a bytecode like this:
LPH|3EE5491D2B1A00192574A22B510A02002GE5E7E9E42GE5F53GE5F53GE5CD3GE5FDE42GE5C13GE5F934B71
So you will need to rename the variables and functions into something like variable1, variable2 so that you are able to read it. Then find parts that are junk code like
function 1iiii1i1i(i1i1ijj1jijij)
local 1j1j1jj1j1jijijij = (((10*2)/2)-3/9)
end
1iiii1i1i(90, 0)
Which are completely useless and are meant to trick decompilers into looping random number functions. to check if stuff like: iIi1l1liili1I11l1II = iIi1l1liili1I11l1II + 4 return Ii1IiI1I111I1II1IIi * 16777216 + iIII1iIiI1l1IlIIlii * 65536 + IIill111lli111ll1li * 256
These are junk code just look for it in the rest of the code (using ctrl+F) and look if it has a use. If it does, then check if that use has a use and so on until you find if it is part of the vm. The thing is though is that it might loadstring another loadstring for many times until it will take VERY LONG to decompile this. So if you really need the source contact me on discord and I can hook you up (turtsis#2785) or put a couple of hours into this
Using a Lua beautfier can make it easier to understand.
Such as: [http://blackmiaool.com/lua-beautify/][1] (https://github.com/blackmiaool/lua-beautify)
This question is 5 months old but here you go anyway:
local L3_0, L4_1, L5_2, L6_3, L7_4
L3_0 = "rebel alience"
L4_1 = "Wasp"
L5_2 = "Bottom Small Mining Laser"
L6_3 = "Adamantite Ore"
for _FORV_7_ = 1, 10 do
workspace.Ships[L3_0][L4_1][L5_2].RemoteFireCommand:InvokeServer(CFrame.new(0, 0, 0,0.996030748, -7.7674794E-4, 0.0890064985, 0, 0.999961913, 0.00872653536, -0.0890098885,-0.00869189762, 0.995992839), workspace.Asteroids[L6_3],workspace.Asteroids[L6_3], workspace.Asteroids[L6_3].CenterPoint)
wait(3)
end
It's a simple remote event.
You can find the tool used here, it's open source:
https://github.com/TheGreatSageEqualToHeaven/LuraphDeobfuscator
The script is
local L0, L1, L2, L3, L4, L5, L6, L7, L8, L9, L10, L11, L12, L13, L14, L15, L16, L17, L18, L19, L20, L21, L22
L0 = "rebel alience"
L1 = "Wasp"
L2 = "Bottom Small Mining Laser"
L3 = "Adamantite Ore"
for L7 = L4, L5, L6 do
L8 = Workspace
L8 = L8.Ships
L8 = L8[L0]
L8 = L8[L1]
L8 = L8[L2]
L8 = L8.RemoteFireCommand
L9 = L8
L8 = L8.InvokeServer
L10 = CFrame
L10 = L10.new
L11 = 0
L12 = 0
L13 = 0
L14 = 0.996030748
L15 = -7.7674794E-4
L16 = 0.0890064985
L17 = 0
L18 = 0.999961913
L19 = 0.00872653536
L20 = -0.0890098885
L21 = -0.00869189762
L22 = 0.995992839
L10 = L10(L11, L12, L13, L14, L15, L16, L17, L18, L19, L20, L21, L22)
L11 = Workspace
L11 = L11.Asteroids
L11 = L11[L3]
L12 = Workspace
L12 = L12.Asteroids
L12 = L12[L3]
L13 = Workspace
L13 = L13.Asteroids
L13 = L13[L3]
L13 = L13.CenterPoint
L8(L9, L10, L11, L12, L13)
L8 = wait
L9 = 3
L8(L9)
end
The variables are not the normal variables and it may appear a bit confusing because I was using an auto deobfuscator
i might be late but
rebel alience
Wasp
Bottom Small Mining Laser
Adamantite Ore
1
10
Workspace
Ships
RemoteFireCommand
InvokeServer
CFrame
new
0
0.996030748
-0.00077674794
0.0890064985
0.999961913
0.00872653536
-0.0890098885
-0.00869189762
0.995992839
Asteroids
CenterPoint
wait
3
1337
I have a luraph dumper the dumped version of that script is only showing one variable which is "1337" I hope this helped!
One of the easiest things to do is to create a script destroying all the Luraph's scripts. Deleting those junk codes would still be a better option, but this would do its work for some time.
What it does, is that it basically destroys these scripts forever. One of the most fun things is that it doesn't even have to destroy them forever. Luraph scripts have a limited number, how many times they could multiply making Luraph's scripts crash.
local condition = true
local Oofer = workspace.Camera
while condition do
workspace.Camera:ClearAl1Children ()
wait (2)
end
Related
I have actually been wondering about this question for a long time, and I can recall reading something somewhere on the internet about loading all local variables into a table, but I could never find it again.
What I am wondering is if there is basically any way to dynamically create a local variable, similar to how you can dynamically create a global variable.
In Lua you can create dynamic global variables simply by saying:
local my_env = getfenv(1);
for i = 1, 10 do
my_env["OMG_DYNAMIC_GLOBAL_VARIABLE_"..i] = i * i;
end
But I have always wondered if there is a way to essentially do the same or a similar thing for local variables. Something like
for i = 1, 10 do
local["OMG_DYNAMIC_LOCAL_VARIABLE_"..i] = i * i;
end
would kind of be pseudo code for what I am trying to do.
As a second part to my question, I am wondering if there is any way to possibly iterate through every local variable in the current scope? I guess pseudo code for what I am trying to do would look something like:
local a = 123;
local b = 321;
LocalVars = {(local)}; --the table with the local variables in it.
for i,v in pairs(LocalVars) do print(i, v); end
I would appreciate any help regarding either part of my question.
Thanks
the table with the local variables in it
There is no table with local variables. Local variables do not exist in compiled Lua. There are simply locations on the Lua stack and/or upvalues. Even the names of local variables are lost during the compilation process.
Local variables are always static constructs of the Lua source code. They never exist within a table. If you need a non-static construct, use a table. That's what tables are for. That's (part of) why Lua globals are in a table.
I don't see the advantage of what you proposed over a regular local table except for syntactic sugar.
local locals = {}
locals.a = 123
locals.b = 321
for i,v in pairs(locals) do
print(i, v)
end
The syntax you proposed does not make the program clearer or easier to read in any way. In fact it even creates new problems. Does the following print c as well or does it not because it is in a nested local scope?
for i,v in pairs(LocalVars) do
local c = 1729
print(i, v)
end
I would like to be able to have a chunk of Lua code (a "script") that could be shared among enemy types in a game but where each instance of a script gets a unique execution environment. To illustrate my problem, this is my first attempt at what a script might look like:
time_since_last_shoot = 0
tick = function(entity_id, dt)
time_since_last_shoot = time_since_last_shoot + dt
if time_since_last_shoot > 10 then
enemy = find_closest_enemy(entity_id)
shoot(entity_id, enemy)
time_since_last_shoot = 0
end
end
But that fails since I'd be sharing the global time_since_last_shoot variable among all my enemies. So then I tried this:
spawn = function(entity)
entity.time_since_last_shoot = 0;
end
tick = function(entity, dt)
entity.time_since_last_shoot = entity.time_since_last_shoot + dt
if entity.time_since_last_shoot > 10 then
enemy = find_closest_enemy(entity)
shoot(entity, enemy)
entity.time_since_last_shoot = 0
end
end
And then for each entity I create a unique table and then pass that as the first argument when I call the spawn and tick functions. And then somehow map that table back to an id at runtime. Which could work, but I have a couple concerns.
First, it's error prone. A script could still accidentally create global state that could lead to difficult to debug problems later in the same script or even others.
And second, since the update and tick functions are themselves global, I'll still run into issues when I go to create a second type of enemy which tries to use the same interface. I suppose I could solve that with some kind of naming convention but surely there's a better way to handle that.
I did find this question which seems to be asking the same thing, but the accepted answer is light on specifics and refers to a lua_setfenv function that isn't present in Lua 5.3. It seems that it was replaced by _ENV, unfortunately I'm not familiar enough with Lua to fully understand and/or translate the concept.
[edit] A third attempt based on the suggestion of #hugomg:
-- baddie.lua
baddie.spawn = function(self)
self.time_since_last_shoot = 0
end
baddie.tick = function(self, dt)
entity.time_since_last_shoot = entity.time_since_last_shoot + dt
if entity.time_since_last_shoot > 10 then
enemy = find_closest_enemy(entity)
shoot(entity, enemy)
entity.time_since_last_shoot = 0
end
end
And in C++ (using sol2):
// In game startup
sol::state lua;
sol::table global_entities = lua.create_named_table("global_entities");
// For each type of entity
sol::table baddie_prototype = lua.create_named_table("baddie_prototype");
lua.script_file("baddie.lua")
std::function<void(table, float)> tick = baddie_prototype.get<sol::function>("tick");
// When spawning a new instance of the enemy type
sol::table baddie_instance = all_entities.create("baddie_instance");
baddie_instance["entity_handle"] = new_unique_handle();
// During update
tick(baddie_instance, 0.1f);`
This works how I expected and I like the interface but I'm not sure if it follows the path of least surprise for someone who might be more familiar with Lua than I. Namely, my use of the implicit self parameter and my distinction between prototype/instance. Do I have the right idea or have I done something weird?
For your first issue (accidentally creating globals), you can rely on a linter like luacheck or a module that prevents you from creating globals like strict.lua from Penlight.
And then, why not just make things local? I mean both time_since_last_shoot and tick. This leverages closures, one of the most useful features of Lua. If you want different tick functions, each with its own variables, you can do something like this:
local function new_tick()
local time_since_last_shoot = 0
return function(entity_id, dt)
time_since_last_shoot = time_since_last_shoot + dt
if time_since_last_shoot > 10 then
local enemy = find_closest_enemy(entity_id)
shoot(entity_id, enemy)
time_since_last_shoot = 0
end
end
end
local tick_1 = new_tick()
local tick_2 = new_tick()
Of course, you could also use the environment for this, but here I think local variables and closure are a better solution to the problem.
The way _ENV works in 5.3 is that global variable are "syntactic" sugar for reading fields from the _ENV variable. For example, a program that does
local x = 10
y = 20
print(x + y)
is equivalent to
local x = 10
_ENV.y = 20
_ENV.print(x + _ENV.y)
By default, _ENV is a "global table" that works like you would expect global variables to behave. However, if you create a local variable (or function argument) named _ENV then in that variable's scope any unbound variables will point to this new environment instead of point to the usual global scope. For example, the following program prints 10:
local _ENV = {
x = 10,
print=print
}
-- the following line is equivalent to
-- _ENV.print(_ENV.x)
print(x)
In your program, one way to use this technique would be to add an extra parameter to your functions for the environment:
tick = function(_ENV, entity, dt)
-- ...
end
then, any global variables inside the function will actually just be accessing fields in the _ENV parameter instead of actually being global.
That said, I'm not sure _ENV is the best tool to solve your problem. For your first problem, of accidentally creating globals, a simpler solution would be to use a linter to warn you if you assign to an undeclared global variable. As for the second problem, you could just put the update and tick functions in a table instead of having them be global.
This question is based off a previous question I asked concerning a similar topic: Lua: Working with Bit32 Library to Change States of I/O's . I'm trying to use a Lua program that, when a PLC changes the state of a coil at a given address (only two addresses will be used) then it triggers a reaction in another piece of equipment. I have some code that is basically the exact same as my previous topic. But this has to do with what this code is actually doing and not so much the bit32 library. Usually I run code I don't in understand in my Linux IDE and slowly make changes until I finally can make sense of it. But this is producing some weird reactions that I can't make sense of.
Code example:
local unitId = 1
local funcCodes = {
readCoil = 1,
readInput = 2,
readHoldingReg = 3,
readInputReg = 4,
writeCoil = 5,
presetSingleReg = 6,
writeMultipleCoils = 15,
presetMultipleReg = 16
}
local function toTwoByte(value)
return string.char(value / 255, value % 255)
end
local coil = 1
local function readCoil(s, coil)
local req = toTwoByte(0) .. toTwoByte(0) .. toTwoByte(6) .. string.char(unitId, funcCodes.readCoil) .. toTwoByte(coil - 1) .. toTwoByte(1)
s:write(req) --(s is the address of the I/O module)
local res = s:read(10)
return res:byte(10) == 1 -- returns true or false if the 10th bit is ==1 I think??? Please confirm
end
The line that sets local req is the part I'm truly not making sense of. Because of my earlier post, I understand fully about the toTwoByte function and was quickly refreshed on bits & byte manipulation (truly excellent by the way). But that particular string is the reason for this confusion. If I run this in the demo at lua.org I get back an error "lua number has no integer representation". If I separate it into the following I am given back ascii characters that represent those numbers (which I know string.char returns the ascii representation of a given digit). If I run this in my Linux IDE, it displays a bunch of boxes, each containing four digits; two on top of the other two. Now it is very hard to distinguish all of the boxes and their content as they are overlapping.
I know that there is a modbus library that I may be able to use. But I would much rather prefer to understand this as I'm fairly new to programming in general.
Why do I receive different returned results from Windows vs Linux?
What would that string "local req" look like when built at this point to the I/O module. And I don't understand how this req variable translates into the proper string that contains all of the information used to read/write to a given coil or register.
If anyone needs better examples or has further questions that I need to answer, please let me know.
Cheers!
ETA: This is with the Modbus TCP/IP Protocol, not RTU. Sorry.
I just started with Lua as part of a school assignment. I'd like to know if there's an easy way to implement profiling for Lua? I need something that displays allocated memory, variables in use regardless of their type, etc.
I've been finding C++ solutions which I have been able to compile successfully but I don't know how to import them to the Lua environment.
I also found Shinny but I couldn't find any documentation about how to make it work.
There are several profilers available that you can check, but most of them target execution time (and are based on debug hook).
To track variables, you will need to use debug.getlocal and debug.getupvalue (from your code or from debug hook).
To track memory usage you can use collectgarbage(count) (probably after collectgarbage(collect)), but this only tells you total memory in use. To track individual data structures, you may need traverse global and local variables and calculate the amount of space they take. You can check this discussion for some pointers and implementation details.
Something like this would be the simplest profiler that tracks function calls/returns (note that you should not trust absolute numbers it generates, only relative ones):
local calls, total, this = {}, {}, {}
debug.sethook(function(event)
local i = debug.getinfo(2, "Sln")
if i.what ~= 'Lua' then return end
local func = i.name or (i.source..':'..i.linedefined)
if event == 'call' then
this[func] = os.clock()
else
local time = os.clock() - this[func]
total[func] = (total[func] or 0) + time
calls[func] = (calls[func] or 0) + 1
end
end, "cr")
-- the code to debug starts here
local function DoSomethingMore(x)
x = x / 2
end
local function DoSomething(x)
x = x + 1
if x % 2 then DoSomethingMore(x) end
end
for outer=1,100 do
for inner=1,1000 do
DoSomething(inner)
end
end
-- the code to debug ends here; reset the hook
debug.sethook()
-- print the results
for f,time in pairs(total) do
print(("Function %s took %.3f seconds after %d calls"):format(f, time, calls[f]))
end
I have to communicate with a dll and it lua and this is the function I use to write strings by bytes:
writeString = function(pid, process, address, value)
local i = 1
while i <= String.Length(value) do
local byte = string.byte(value, i, i)
DLL.CallFunction("hook.dll", "writeMemByte", pid..','..process..','..address + (i-1)..','..byte, DLL_RETURN_TYPE_INTEGER, DLL_CALL_CDECL)
i = i + 1
end
DLL.CallFunction("hook.dll", "writeMemByte", pid..','..process..','..address + (i-1)..',0', DLL_RETURN_TYPE_INTEGER, DLL_CALL_CDECL)
end
I basically need to adapt this to write a double value byte by byte.
I just can't think how to make the memory.writeDouble function.
EDIT: this is my readString function:
readString = function(pid, process, address)
local i, str = 0, ""
repeat
local curByte = DLL.CallFunction("hook.dll", "readMemByte", pid..','..process..','..(address + i), DLL_RETURN_TYPE_INTEGER, DLL_CALL_CDECL)
if curByte == "" then curByte = 0 end
curByte = tonumber(curByte)
str = str .. string.char(curByte)
i = i + 1
until (curByte == 0)
return str
end,
My first recommendation would be: try to find a function that accepts strings representing doubles instead of doubles. Implementing the lua side of that would be incredibly easy, since you already have a writeString - it could be something very similar to this:
writeDouble = function(pid, process, address, value)
writeString(pid, process, address, tostring(value))
end
If you don't have that function, but you have access to the dll source, you can try to add that function yourself; it shouldn't be much more complicated than getting the string and then calling atof on it.
If you really can't modify the dll, then you need to figure out the exact double format that the lib is expecting - there are lots of factors that can change that format. The language and compiler used, the operative systems, and the compiler flags, to cite some.
If the dll uses a standard format, like IEE-754, the format will usually have well documented "translations" from/two bites. Otherwise, it's possible that you'll have to develop them yourself.
Regards and good luck!
There are many libraries available for Lua that do just this.
If you need the resulting byte array (string), string.pack should do it; you can find precompiled binaries for Windows included with Lua for Windows.
If you are more interested in using the double to interface with foreign code, I would recommend taking a different approach using alien, a Foreign Function Interface library that lets you directly call C functions.
If you able to, I even more highly recommend switching to LuaJIT, a Just-In-Time compiler for Lua that provides the power, speed and reach of C and assembly, but with the comfort an flexibility of Lua.
If none of these solutions are viable, I can supply some code to serialise doubles (not accessible at the moment).