Best way to deobfuscate a script

So I have the code for one of my plugins as I think it is inserting things into my games. I got the code but it is obfuscated. I would love to know if there was a way to deobfuscate a script so I can check what it is doing. I have searched a lot but can’t find anything.

The code for the plugins should be in lua, so you should be able to decode it. If it has any links to external sites, it’s definetly a virus.

It is lua but it’s been obfuscated so I can’t figure it out.

This is just a small portion of the script:
then if(I1l_d==0)then return I1l_a*0;else I1l_b=1;I1l_e=0;

also, if you copy and paste the script into a custom plugin, you should be able to edit it, because roblox now assumes it is your code.
If you can figure out what I1l stands for, you only need to know what the variations of them do.
The first return will always give 0. the second one sets the variables I1l_b and I1l_e.

Deobfuscation can be done through constant dumpers. Some obfuscators are good enough to cause the dumpers an error. Assume any script that is obfuscated as malicious code until proven otherwise.

3 Likes

luaforge.net/docman/83/98/ANoFrillsIntroToLua51VMInstructions.pdf

1 Like

I mean Lua technically allows you to just put everything on one line. So if you’re worried about someone reading scripts just do that Xd. If you had like 1k lines of code I would doubt anyone would be that willing to go fix each individual line lol

code beautifiers exist? and if you’re doing that to prevent deobfuscation of your code then realize that whitespace is not compiled with the code so any decompiler that wants to decompile your code will usually beautify the result.

There will never be an obfuscator that is impossible to constant dump. All obfuscators are actually fairly easy to constant dump if you have experience.

Deobfuscating is not the same as constant dumping. Deobfuscating gives you the whole script, meanwhile, constant dumping gives you only the constants which give you an overall idea of what the script is doing.

Some written constant dumpers are outdated and that caused a few errors and was unable to beautify it because it couldn’t recognize the new API for some reason.

Beautifiers are what keeps the code written up, the constant dumper just gives you readable variables. Usually constant dumpers are able to be used to identify what is going on in the script, if you think it is suspicious.

1 Like