I see many plugins by mysterious groups and I look into them and they have obfuscated code inside. This code looks like it does nothing, but I’m not sure what it does, what does it do? Why would someone bother porting a plugin and adding obfuscated code?
I see stuff like this
PluginData = "\33\75\30\71\30\74\31\71\34\68" return(function(lIlIlllIII,IlIIlIIIIllIIl,IIllIIlIl)local IlIIIllllllIlllIIlIlIllIl=string.char;local IlIllIllIIlI=string.sub;local llIIIIlIlllIIlIIIlII=table.concat;local IllIlllIIIllllIlllIlI=math.ldexp;local lIllIlIllllIIIlll=getfenv or function()return _ENV end;local llIIlIlllIlIlIIIIIlllIIlI=select;local IllllIIlIIllIl=unpack or table.unpack;local lIlIIIllIlllIIIlllIlI=tonumber;local function llIllIlIllllllII(IIIllIlllIlIllIIIIIll)local IlIlIlIlIlIlIIlIIll,llIIIlIl,IlIIIllIIIlIlllIIIlllllll="","",{}local IllllIIlIIllIl=256;local IIIlllIIlIllI={}for IlIIlIIIIllIIl=0,IllllIIlIIllIl-1 do IIIlllIIlIllI[IlIIlIIIIllIIl]=IlIIIllllllIlllIIlIlIllIl(IlIIlIIIIllIIl)end;local IlIIlIIIIllIIl=1;local function lIlIlllIII()local IlIlIlIlIlIlIIlIIll=lIlIIIllIlllIIIlllIlI(IlIllIllIIlI(IIIllIlllIlIllIIIIIll,IlIIlIIIIllIIl,IlIIlIIIIllIIl),36)IlIIlIIIIllIIl=IlIIlIIIIllIIl+1;local llIIIlIl=lIlIIIllIlllIIIlllIlI(IlIllIllIIlI(IIIllIlllIlIllIIIIIll,IlIIlIIIIllIIl,IlIIlIIIIllIIl+IlIlIlIlIlIlIIlIIll-1),36)IlIIlIIIIllIIl=IlIIlIIIIllIIl+IlIlIlIlIlIlIIlIIll;return llIIIlIl end;IlIlIlIlIlIlIIlIIll=IlIIIllllllIlllIIlIlIllIl(lIlIlllIII())IlIIIllIIIlIlllIIIlllllll[1]=IlIlIlIlIlIlIIlIIll;while IlIIlIIIIllIIl<#IIIllIlllIlIllIIIIIll do local IlIIlIIIIllIIl=lIlIlllIII()if IIIlllIIlIllI[IlIIlIIIIllIIl]then llIIIlIl=IIIlllIIlIllI[IlIIlIIIIllIIl]else llIIIlIl=IlIlIlIlIlIlIIlIIll..IlIllIllIIlI(IlIlIlIlIlIlIIlIIll,1,1)end;IIIlllIIlIllI[IllllIIlIIllIl]=IlIlIlIlIlIlIIlIIll..IlIllIllIIlI(llIIIlIl,1,1)IlIIIllIIIlIlllIIIlllllll[#IlIIIllIIIlIlllIIIlllllll+1],IlIlIlIlIlIlIIlIIll,IllllIIlIIllIl=llIIIlIl,llIIIlIl,IllllIIlIIllIl+1 end;return table.concat(IlIIIllIIIlIlllIIIlllllll)end
And it’s hidden inside a plugin script that says do not delete. It’s clear they’re hiding something, but what is it? Under all this code is there an actual virus?
I guess also I should ask, how does obfuscated code work, whether in stolen code and potential viruses, or in a situation of a good use (preventing stolen code) as I’ve seen mentioned before.
Obfuscation is mainly used to protect the source of a script, some people use it to make viruses and others use it because they don’t want people find errors in the code (those are examples).
Obfuscating your code can have benefits against preventing exploiters/hackers, just like games outside of roblox, they encrypt their code so people can’t steal it, sell it, etc and hackers/exploiters will find it drastically more hard to find bugs that they can exploit and/or gain an advantage with.
I’d stay away from obfuscated plugins. If you’re running it in your studio with your game files, the plugin should not be trying to hide its source.
how does obfuscated code work
It works because it follows Roblox Lua’s syntax. It’s just garbled to make it difficult or impossible to reverse engineer or modify.
I personally obfuscate my games’ code because I don’t like people having access to my stuff unless I want them to. Obfuscating it is instant. It is a personal choice though, theft of your game’s code isn’t as huge an issue anymore on roblox.
Obfuscated code are generally for security. Such security is to deter stolen code or hiding malicious code. However, obfuscations aren’t really necessary and should not be used, unless you know what you’re doing, due to these facts:
Difficulty of debugging
Performance impacts
There was even a whole discussion in this topic about it:
^this. Obfuscation merely makes the code more difficult to understand. It doesn’t prevent whole sale copying. You don’t need to deobfuscate a script to copy it. For legitimate purposes it creates a false sense of security. For illegitimate purposes it masks the real intent of the code.
I have zero trust for third party game assets that include obfuscated scripts in them. I’ve seen too many game assets with intentional exploits in them right out in the open to think that an obfuscated script in a model or plugin is there just to protect the author’s intellectual property.
If I can’t understand the scripts included with a game asset, I delete them. If I do understand them and identify them as an attempt to introduce an exploit into my game I report the author.