View previous topic :: View next topic |
Author |
Message |
exohaxor Expert Cheater Reputation: 1
Joined: 02 Sep 2018 Posts: 101
|
Posted: Tue Apr 30, 2019 2:40 pm Post subject: lua overriding functions |
|
|
i asked this before but i didnt get the answer i wanted (if there is)
so for example i made a simple obfuscation by scrambling letters and used
Code: | assert(loadstring(script))() |
to call function from string but they can override by this
Code: |
function loadstring(a)
print(a)
end
|
they said me to override print but they can output it by other ways showmessage etc
what i can use to make secure obfuscation
_________________
hi |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Wed May 01, 2019 9:18 pm Post subject: |
|
|
You are never going to fully prevent people from getting your code while using CE's stuff / Lua engine. There are always ways to get things back to the real Lua code, even if you byte code compile it.
Regardless if you block/kill the global functions people can always restore them.
While CE offers some things to try and help deter/prevent it, there is not a way to 100% prevent it.
Simply put, you are fighting a losing battle you won't win.
_________________
- Retired. |
|
Back to top |
|
|
exohaxor Expert Cheater Reputation: 1
Joined: 02 Sep 2018 Posts: 101
|
Posted: Thu May 02, 2019 10:01 am Post subject: |
|
|
i need to make it safest possible cuz people try steal my code usually what do you recommend me to do to prevent most of the people from stealing my code
_________________
hi |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
|
Back to top |
|
|
Corroder Grandmaster Cheater Supreme Reputation: 75
Joined: 10 Apr 2015 Posts: 1667
|
Posted: Thu May 02, 2019 12:03 pm Post subject: |
|
|
What atom0s said is right. For myself, if not want someone to use my code then never share it.
Look, why Cheat Engine source code not to be obfuscated?. Ask DB!
Anyway, this is just a sample to override the Lua function.
Code: | local exo = print
print = function(...)
exo(...)
end
local selfie = showMessage
showMessage = function(...)
selfie(...)
end
-- then you can use :
exo("Hey don't steal my code")
selfie("I did obfuscate my code but useless") |
Note: use these by your own risk
_________________
Stealing Code From Stolen Code...
And Admit It.. Hmmm....Typically LOL |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Thu May 02, 2019 7:58 pm Post subject: |
|
|
exohaxor wrote: | i need to make it safest possible cuz people try steal my code usually what do you recommend me to do to prevent most of the people from stealing my code |
Like I said before, you are losing a battle you will never win. No one has or will. Not even triple-A game companies or protection-specific software companies like Denuvo are able to protect things entirely. With how computers work, it'll never happen as long as the targets are ran on the local machine of the user.
There are a dozen weak points to using Cheat Engine's trainer maker. This is not to use it isn't a useful tool at all, it is just to say don't expect it to give you security.
- The trainers can be decompiled back to their original cheat table form.
- The trainers cheat-table can be dumped from memory after its loaded.
- The Lua scripts can be fully decompiled back to original scripts.
- The Lua DRM additions that CE offers can be all bypassed/disabled.
- The Lua encode suggestions can be decompiled back to real code.
- Trainers can have their memory edits (read/write) dumped live as it is being used with other tools.
And so on. The trainer maker tool of CE is there for convenience and nothing more. Dark Byte added a few features to assist with code theft, but they are not meant to be an end-all solution. They are just deterrents for lower-skilled users that make use of one of the more simple ways to dump information.
Even if you write a trainer in a different language, you are still susceptible to most of these attacks. Regardless of how the trainer is made. External writing to another processes memory can be viewed by various tools. Injected DLLs that write caves and jumps into itself can be compared against original memory dumps to find edits being made.
Something I recommend people to think about is that you are trying to do the same thing game companies do with anti-cheat systems. You are attempting to protect your own code, while still affecting someone elses. You are fighting a battle you wont win because you are literally fighting against the same people doing the same thing you do, hack games. The most you can do is add various layers to make reversing your stuff annoying. I recommend avoiding external trainers altogether at this point because it is too simple for people to dump the reads/writes your file does.
Always go for injected when possible. Avoid caves if possible. Learn how to abuse debugging and threading if you want to throw people off or avoid simple memory compares.
You can always make things more annoying but you'll never fully prevent people from figuring your stuff out one way or another.
_________________
- Retired. |
|
Back to top |
|
|
exohaxor Expert Cheater Reputation: 1
Joined: 02 Sep 2018 Posts: 101
|
|
Back to top |
|
|
Lynxz Gaming Expert Cheater Reputation: 4
Joined: 01 Jul 2017 Posts: 208 Location: help
|
Posted: Tue May 07, 2019 11:10 am Post subject: |
|
|
it's a lua vm
it's interpreting custom lua bytecode
_________________
my english is bad
discord : rynx#9828 |
|
Back to top |
|
|
Corroder Grandmaster Cheater Supreme Reputation: 75
Joined: 10 Apr 2015 Posts: 1667
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Tue May 07, 2019 3:21 pm Post subject: |
|
|
It's a form of obfuscation. Similar to how JavaScript obfuscators/minify tools work.
Given how Lua works it's not that effective as you can just run allow the code to run then dump the Lua state to get all their stuff out of it. It just deters people from simple copy-pasting.
_________________
- Retired. |
|
Back to top |
|
|
Lapada How do I cheat? Reputation: 0
Joined: 16 May 2018 Posts: 4
|
Posted: Wed May 08, 2019 2:23 am Post subject: |
|
|
atom0s wrote: |
It's a form of obfuscation. Similar to how JavaScript obfuscators/minify tools work.
Given how Lua works it's not that effective as you can just run allow the code to run then dump the Lua state to get all their stuff out of it. It just deters people from simple copy-pasting. |
This is a Lua VM that is interpreting a custom format Lua bytecode. You can't dump the Lua state and get all of the stuff. It's also nowhere near similar to a JavaScript minifier or obfuscator as they work completely differently.
You can however, dump the constants from it, but actually getting the original Lua bytecode back from it would be very time consuming.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Wed May 08, 2019 12:57 pm Post subject: |
|
|
Lapada wrote: | atom0s wrote: |
It's a form of obfuscation. Similar to how JavaScript obfuscators/minify tools work.
Given how Lua works it's not that effective as you can just run allow the code to run then dump the Lua state to get all their stuff out of it. It just deters people from simple copy-pasting. |
This is a Lua VM that is interpreting a custom format Lua bytecode. You can't dump the Lua state and get all of the stuff. It's also nowhere near similar to a JavaScript minifier or obfuscator as they work completely differently.
You can however, dump the constants from it, but actually getting the original Lua bytecode back from it would be very time consuming. |
Seems I struck a nerve lol..
Not sure if you even really read my post or just got annoyed I pointed out the truth and want to defend it for whatever reason, yet you confirmed what I said.
This is a form of obfuscation. And very similar to a ugly/minify type tool that is setup to do the same thing. You are still running ontop of Lua's code/engine, using their calls/byte code in the end. Adding another layer on top of that does little but deter copy pasters, like I said, and you confirmed by saying 'it would be very time consuming' to get the original. Doesn't mean it's impossible and doesn't invalidate what I said.
As for those wondering what that script does, a few moments of time can get it back to a readable form to see what it's doing. It's mainly editing the systems host file to alter the default growtopia IP to point to their private server (vortex private server). Has a few other basic UI related things to greet you and say good bye (sad to see you go) etc.
But yes, you can dump it, and you can get the original byte code.
_________________
- Retired. |
|
Back to top |
|
|
Lapada How do I cheat? Reputation: 0
Joined: 16 May 2018 Posts: 4
|
Posted: Wed May 08, 2019 2:31 pm Post subject: |
|
|
atom0s wrote: |
Seems I struck a nerve lol..
Not sure if you even really read my post or just got annoyed I pointed out the truth and want to defend it for whatever reason, yet you confirmed what I said.
This is a form of obfuscation. And very similar to a ugly/minify type tool that is setup to do the same thing. You are still running ontop of Lua's code/engine, using their calls/byte code in the end. Adding another layer on top of that does little but deter copy pasters, like I said, and you confirmed by saying 'it would be very time consuming' to get the original. Doesn't mean it's impossible and doesn't invalidate what I said.
As for those wondering what that script does, a few moments of time can get it back to a readable form to see what it's doing. It's mainly editing the systems host file to alter the default growtopia IP to point to their private server (vortex private server). Has a few other basic UI related things to greet you and say good bye (sad to see you go) etc.
But yes, you can dump it, and you can get the original byte code. |
It's not hard to figure out what it does, however, as I've stated before, it is very time consuming to get the bytecode and I stand by that. However, if you are able to get back the full original Lua bytecode within a short period of time, feel free to prove me wrong.
Also, I still wouldn't say it's similar to a minifier, because while the VM itself is minified, it contains no original code whatsoever, so prettifying it wouldn't really give you a better understanding of the original code.
|
|
Back to top |
|
|
|