How To Constant Dump PSU + Ironbrew

Resources Community Tutorials
,
#1

Hello !
My English is kinda bad so bare with me
Well You Know exploiters using obfuscation to hide their code in some forums
we can at least constant dump it to get some info what are they doing and hopefully you can patch stuff
i will use Repl.it for this tutorial
let’s say we have a sample of ironbrew which is print(“Hello”)

sample2
sample21027×173 3.83 KB

Now i am gonna go to repl.it an put a table.concat which will take arrays and concatenate them put it above the code

local oldtable = table.concat
table.concat = function(a)
    print(oldtable(a))
    return oldtable(a)
end

sample3
sample3692×731 22.3 KB

result :
sample4
sample41005×666 32.6 KB

for psu we can use a Lua Beautifier tool
after you beauty it just go and put it in repl.it and jump to break number 5
you see that l[t] = o
we will print o which is the constants which will give us some info [ note that will change ] because it’s random but i got that l[t] = o
after we put a print(o) which is in our example is o it might be a b or c in ur side
it should be like this in my example which is o

sample6
sample6533×672 21.8 KB

after that we run it
result :
sample7
sample71073×684 26.9 KB

hopefully that help and sorry for my english not my main
keep in mind i didn’t make the method i just transferred knowledge here i just explained how to do it

34 Likes
Decoding somebodies exploit script
Found a random script in one of my models and not sure if it is a virus or not
#2

There are other methods like searching for if statements, it would look something like

if RQ[E[1]]==RQ[F[2]] then
--Whatever
end

So all you would have to is print it like this

print(RQ[E[1]],RQ[F[2]])
-- The if statement

The if statements most likely to have some useful information are

==

and

~=

EDIT: Of course I recommend you first unminify the script using https://unminify.com/

#3

You didn’t make this tho. It was made a long time ago by someone on the famous forum v3rmillion.

1 Like
#4

i didn’t say i made it also i don’t know the person who made i just transfer the knowledge for people

#5

I get your point, but even if he/she didn’t make this thread it’s good that she/he brought it to the DevForum as most developers don’t use v3rmillion as it’s known for it’s exploiters

#6

This is actually just a string dump, not a constant dump.

Edit: for ironbrew at least. i havent toyed around with psu

#8

In Lua bytecode there’s nil, bool, string, and number constants, the one shown here only dumps strings/string constants. Print shows because IB VM does

Stack[A] = getfenv()[Constants[Bx]]```
1 Like
#9

Hi I originally made this code make sure to credit me

2 Likes
#16

can you make a updated version

#17

What can I do with constants? I am trying to crack a Iron Brew script.