What is the issue?
Hello I am a beginner roblox scripter and want to make Roblox more awesome! During game development I found exploiters ruining my game with certain scripts. To find the vulnerability of my code I collected one script to check what’s inside. But it had some weird strings. Later I found out the script was obfuscated so developers can’t read it. The script I have, has been obfuscated with psu obfucator.
What are you trying to achieve?
I searched many forums and youtube videos about it but didn’t find a helpful solution. Most of the people said it’s hard and time consuming work. But I wanna learn how these things work and how to deal with these. Thanks in advance!
It is indeed not easy to deobfuscate these sorts of things.
These obfuscators use something called “virtualization”, which is basically compiling the script into bytecode, mixing it up, and running it though a Lua-in-Lua VM.
If you don’t know what I’m talking about, this is a good place to start: https://devforum.roblox.com/t/lua-virtual-machines-and-obfuscation/114418
The easiest thing you can usually do with these obfuscated scripts is to put them through a “beautifier” to format it, and then find where constants are being deserialized, and print what is deserialized midway.
Yeah, don’t bother unless you actually want to spend 10x the time it’d take to just rewrite the scripts from scratch w/ no knowledge of the original code. Or 100x the time it’d take to find a non-obfuscated, non-malware version in the Toolbox, since it’s most likely not someone developing a thing that’s actually useful and then adding malware, it’s more likely just someone copying existing things from the Toolbox and adding malware to it. Way less effort, and can be done to many more Toolbox items to infect many more games.
No, but if you can run the code in a local script wouldn’t you be able to get the original code by deobfuscating (if you ask an exploiter to see the code). As Roblox will decode everything for you.???