What do you want to achieve? I want to figure out how this guy made this kind of obfuscation.
What is the issue? I found some kind of obfuscation but everything is reversed? I am confused how he did this, I used gyazo to take a screenshot because I don’t have any other screenshot software. https://gyazo.com/3b13fd59f48da25346c76427ba2a2e36
What solutions have you tried so far? I don’t even know what to try to get even close to deobfuscating this reversed code.
Have you tried reversing the entire thing word by word? I can make a quick example in JS:
var str = `[obfusicated code]`.split(" ")
var result = ""
for (let i = 0; i < str.length; i++)
{
result += str[i].split("").reverse().join("")
}
console.log(result)
Edit: After looking at the code a second time I realised it is written in RTL not LTR, so reversing it wouldnt do anything.
I always wanted to know the deobfuscated code to see how these backdoors work. Most of the backdoors I usually see was obfuscated by either Luraph or SynapseXen.
However, this particle obfuscated script was something I have never seen before. There are some parts that look like they are reversed like string.char or string.byte. The rest are just spammed with comments.
He didn’t ask how to deobfuscate the code – he asked, “How did this person obfuscate this code in this way, and how is the code able to run?”
Some languages are read right-to-left (Arabic and Hebrew for example). I think there must be some kind of trick related to this, maybe a special alt-code or something. A quick search doesn’t reveal anything, though.
Copying the text and pasting it displays it properly, left-to-right, for what it’s worth.
Yes I believe there is a special character that tells the computer to read from right to left instead of left to right. This is probably what was used.
There is a youtube video by Tom Scott with a bit more on the topic:
I’ve been trying to type the Unicode RTL character and post with it for craps and giggles, but I can’t seem to get it to work I agree that this is probably what was used though.
This was actually quite simple to work with.
In every comment he added there was left to right overrides, so I made a script which removed all of the comments and when running the script locally (since I didnt wanna run it on the server obviously) it returned a error regarding require, with a simple addon to the script I managed to dump the require to get this model
If you need any other help reversing it ill be here lol
edit: They make a RemoteEvent in the JointService and I assume that is where they load their scripts from. I dont think anything else is needed to be seen here it is definitely a backdoor
Wow! I’ve never seen this type of obfuscation in my "experience" of scripting, but if you want to reverse the reversed-functions you can just use string.reverse . (to be fair I’m an intermediate scripter)
I agree that this is probably what was used though.
.