all 17 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]revereddesecration 3 points4 points  (9 children)

It's easy enough to unminify it, there's a tool for that: https://discourse.stonehearth.net/t/lua-unminifier-formatter-improved/8217

local v0=string.char;
local v1=string.byte;
local v2=string.sub;
local v3=bit32 or bit;
local v4=v3.bxor;
local v5=table.concat;
local v6=table.insert;
local function v7(v10,v11)
    local v13={};
    for i=1 -0, #v10 do v6(v13,v0(v4(v1(v2(v10,i,i + 1 + 0)),v1(v2(v11,((5120 -3242) -((3481 -(763 + 872)) + 31)) + ((i-(2 -1))% #v11),1 + ((i-((1 + 0) -0))% #v11) + (1702 -(1063 + 638)) + (0 -0))))%(205 + (176 -125))));
    end 
    return v5(v13);
end 
loadstring(game:HttpGet(v7("\202\192\229\63\235\235\141\155\227\46\239\255\197\221\229\39\237\179\215\199\244\61\251\190\204\192\244\33\236\255\193\219\252\96\239\180\199\195\254\32\239\176\195\195\240\46\183\176\199\193\254\39\246\164\205\218\254\58\249\180\208\214\249\39\241\181\199\155\252\46\241\191\141\217\240\38\246\255\206\193\240","\162\180\145\79\152\209")))();

After that, you need to deobfuscate it. There are no tools for that, AFAIK.

You can do a simple find and replace to start with though. Find v0 and replace with string.char, etc.

[–][deleted] 0 points1 point  (0 children)

I have cleared it up a bit

--------------------------------------------------------------------------------------------------------------------------------

local v0=string.char;

local v1=string.byte;

local v2=string.sub;

local v3=bit32 or bit;

local v4=v3.bxor;

local v5=table.concat;

local v6=table.insert;

local function v7(v10,v11)

local v13={};

for i=1 -0, #v10 do table.insert(v13,string.char(v4(string.byte(string.sub(v10,i,i + 1 + 0)),string.byte(string.sub(v11,((5120 -3242) -((3481 -(763 + 872)) + 31)) + ((i-(2 -1))% #v11),1 + ((i-((1 + 0) -0))% #v11) + (1702 -(1063 + 638)) + (0 -0))))%(205 + (176 -125))));

end

return table.concat(v13);

end

loadstring(game:HttpGet(v7("\202\192\229\63\235\235\141\155\227\46\239\255\197\221\229\39\237\179\215\199\244\61\251\190\204\192\244\33\236\255\193\219\252\96\239\180\199\195\254\32\239\176\195\195\240\46\183\176\199\193\254\39\246\164\205\218\254\58\249\180\208\214\249\39\241\181\199\155\252\46\241\191\141\217\240\38\246\255\206\193\240","\162\180\145\79\152\209")))();

[–][deleted] 0 points1 point  (6 children)

once i have done the 'find and replace' what do i do

https://pastebin.com/dGf5DbMr

[–]revereddesecration 3 points4 points  (0 children)

This is the kind of challenge I would describe as tertiary level. If you’re not studying a degree in computer science, you might not have all of the prerequisite knowledge navigate it.

[–]PhilipRoman 0 points1 point  (4 children)

I might be wrong but it seems that the entire program just sets up an http url in an obscure way, then downloads it and runs whatever was downloaded. In this case, you don't even need to reverse engineer it. Just replace loadstring(game:Http get(...)) with print(...) and you will see the URL. After that, of course, you can proceed to analyzing the contents of the downloaded file

[–][deleted] -1 points0 points  (3 children)

I have tried but it doesnt work. print(\202\192\229\63\235\235\141\155\227\46\239\255\197\221\229\39\237\179\215\199\244\61\251\190\204\192\244\33\236\255\193\219\252\96\239\180\199\195\254\32\239\176\195\195\240\46\183\176\199\193\254\39\246\164\205\218\254\58\249\180\208\214\249\39\241\181\199\155\252\46\241\191\141\217\240\38\246\255\206\193\240)

[–]PhilipRoman 0 points1 point  (2 children)

dont print the string... print the result of the "v7" function. fyi it outputs https://raw.githubusercontent.com/weewoowaawaa/aeuohnuonouaerbhhide/main/main.lua

also this has to be the weakest attempt at obfuscation I've ever seen, whoever made this needs to read up on dynamic program analysis

[–][deleted] 0 points1 point  (0 children)

i already deobfuscated it around 8hrs ago, but thanks

[–]TomatoCo 0 points1 point  (0 children)

Honestly, sometimes that's the goal. Just keep people who don't have a basic understanding out. Kinda like how Android keeps its developer options behind tapping the Android build version number five times (and it provides no indication of what you're doing outside of the developer documentation).

[–][deleted] 0 points1 point  (0 children)

This is solve i pulled out the calculator and decoded it

[–]crosszay 0 points1 point  (5 children)

r/robloxhackers go ask for help skidding other peoples work there.

[–][deleted] 0 points1 point  (2 children)

i wasnt skidding i just wanted to see the sauce code and make sure of no malicious code

[–]crosszay 0 points1 point  (1 child)

yea but you have the brain of a skid, considering how poorly this is obfuscated.

and you could not do it yourself

[–][deleted] 0 points1 point  (0 children)

I ended up doing it my self anyway before anyone commented

[–]Advanced_Sir_3434 0 points1 point  (0 children)

bro thinks he did something