I paid an untrusted developer for a script. And as I thought he scammed me. He did send me code, but he obfuscated the script.
https://paste bin.com/Y9rn2Gdr
Asked
Active
Viewed 2,059 times
-4
-
Please use search at StackOverflow prior asking new questions - [here is an identical question](https://stackoverflow.com/questions/59121543/i-need-anyone-that-can-decode-luraph-obfuscator) – Maxim Sagaydachny Aug 18 '20 at 03:38
-
2@MaximSagaydachny Interesting, a lot of the wording seems to be identical. – flarn2006 Aug 18 '20 at 03:58
-
I'm curious, how is the scam supposed to work? He still has to write the script either way. – flarn2006 Aug 18 '20 at 04:29
-
Your Question has to be self-contained. Meaning all the information needs to be within this Question itself. A link is not sufficient. However the content of the pastebin seems to quite large as in an entire program, and it doesn't look like this Question is a specific programming problem. – Scratte Aug 18 '20 at 05:40
1 Answers
3
Every instruction is separated in functions, therefore the code cant be directly deobfuscated without specific details about its functionality.
This code consists of:
- A string that contains the source of the script
- Some bytes of the string represents an offset of that character in the ASCII table, while others represent functions and loop-paradigms like
forandwhile(note that these are separated in different functions within the interpreter) - An iterator function (interpreter) that goes through every character in the string and calls for other functions in order to find the accurate action to perform based in the character.
The code that is outside the string is an interpreter, for deobfuscating the interpreter I suggest the following:
- Take care of variable names, every variable in the interpreter has to be defined before, therefore you can tell by context what's the usage of that variable
- Solve the
#{4093, 2039, 2140, 1294}tables by simply calculating the length (just like # operator does), that is, the result for that last table is4 - You need a pretty printer that will apply indentation and format to the code, making it more readable
A pseudocode of the reader looks like this (I assume this is also nested within other functions of the interpreter):
-- ReadBytes is the main function that holds the interpreter and other functions
local function ReadBytes(currentCharacter)
local repeatOffset
currentCharacter =
string_gsub(
string_sub(currentCharacter, 5),
"..",
function(digit)
if string.sub(digit, 2) == 'H' then
repeatOffset = tonumber(string_sub(digit, 1, 1))
return ""
else
local char = string_char(tonumber(digit, 16))
if repeatOffset then
local repeatOutput = string_rep(char, repeatOffset)
repeatOffset = nil
return repeatOutput
else
return char
end
end
end
)
. . . -- Other nested functions
end
I have trouble understanding the functionality of the encoded string, however, from this question, this seems to be a ROBLOX script, is that correct?
If that's the case, I recommend you debugging the code within ROBLOX environment to understand the core functionality of the code and rewrite a readable alternative that works just like the original.
You can also deobfuscate the interpreter to understand how it works, then capture the interpreter actions in order to see the workflow of it, then write a Lua script that works exactly like the original and does not require the interpreter.
Coal
- 346
- 3
- 9
-
Thank you very much for your suggestions, but I still don’t know what to do. – sky Aug 18 '20 at 12:33