I’m trying to de-obfuscate a script but there is a very long byte-code (or whatever it is) after loadstring, however. I don’t know a lot of these. I have been searching for the entire devforum and google but nothing useful like the table to decrypt it.
What could I use to deobfuscate the loadstring?
What’s your use case for this? If the code is obfuscated then it’s probably malicious, so it’s easier to just delete the script.
My point is that I’m trying to deobfuscate the script, not removing it. I just need a way to deobfuscate bytecode and I can find what does the script uses as loadstring (there are like 500 digits)
Plus it’s Synapse Xen and I thought that I could find out if there’s a webhook or something because in many topics people that exploit always notice somehow about the game. Also I already got half of the script source code, I just need the bytecode.
You’ll need knowledge on reverse engineering, Lua internals, and a decompiler. The obfuscation completely depends on the obfuscator, but Xen as far as I know does transformations on the bytecode which mean you can’t just plop it into a decompiler and have it work.
You’ll need to figure out how the bytecode maps to vanilla Lua’s format or write a translator for it, and then run a vanilla decompiler on it.
Alternatively, you can always look into sandboxing to get an idea of what the code is doing without getting the source.
6 Likes
Adding on to what Autterfly said, you can hook some parts of the interpreter. Scripts that are obfuscated include the interpreter within the script (otherwise the script wouldn’t be able to run). The only problem is that the interpreter looks like a mess. However, this does mean that you could spend some time altering things and working things around to a point at which you are happy with the output. With that said, you will never get the true script’s source. Obfuscators (as far as I have seen) will either strip comments manually (–no-comments arg) or convert the script to an AST (Abstract Syntax Tree) which will remove the comments as they are deemed unimportant. Good luck with whatever you’re doing.
Small question: do you know what obfuscator has been used?