Página 1 de 2

SDSdec: SDStudio alpha code dumper

Publicado: 19 Jul 2018 21:38
por Pabloko
Imagen

SDSdec is a tool for dumping lua logic of SDStudio 1.0 apps. Just place the dll files alongside the executable and execute the file, it will open a window with codes instead normal app.

Also use this thread for further research on this software.

Dowload
HIDE: ON
Hidebb Message Hidden Description

Re: SDSdec: SDStudio alpha code dumper

Publicado: 19 Jul 2018 23:04
por abood1987
this is very good Pablo .... by this The program died before he was born :) ;) :friends:

Re: SDSdec: SDStudio alpha code dumper

Publicado: 19 Jul 2018 23:13
por usamakey
:lol:
pobre turco
no ha terminado la fase beta y ya ha descifrado el soft :closed:

Re: SDSdec: SDStudio alpha code dumper

Publicado: 20 Jul 2018 03:19
por Chilepunk20182018
:orly-1414025090: omg!

Re: SDSdec: SDStudio alpha code dumper

Publicado: 20 Jul 2018 22:20
por Pabloko
Imagen

Re: SDSdec: SDStudio alpha code dumper

Publicado: 20 Jul 2018 22:56
por dripro
todo software tem sua fragilidade, mais cedo ou mais tarde alguém vai fuçar

Re: SDSdec: SDStudio alpha code dumper

Publicado: 20 Jul 2018 23:58
por Pabloko
At least talking about lua, its certainly impossible to prevent code or bytecode exfiltration and very difficult preventing payload injection.

Its a common problem of all metalanguages based on fifo/lifo stacks, lua just makes this task even simpler, by given simplicity of its core.

Most successful approaches triying to secure lua had been made by game industry, ive seen a lot of weird obscure shit applied to lua for example opcode remmaping, automated xor'ing of stored values, weird sizes of lua_number, always compiling scripts against luac, ofcourse, and also removing the lua parser... it does the hacking work harder but left for them a huge task to recompile all the needed libraries again for that specific lua engine.

Others, for example, didnt care about code being exfiltrated, but wanted to prevent execution of arbitrary code, the example could be MTA (multi theft auto mod for gta:sa) that decrypts bytecode against a public key, and they have a cloud code signing platform to validate scripts and sign with private key.

Different software has different requirements, thats the problem if you use a framework-for-all model

Re: SDSdec: SDStudio alpha code dumper

Publicado: 22 Jul 2018 14:48
por abood1987
Pablo ..... then The lua codes can not be protected in any way?

Re: SDSdec: SDStudio alpha code dumper

Publicado: 23 Jul 2018 12:33
por Pabloko
abood1987 escribió:
22 Jul 2018 14:48
Pablo ..... then The lua codes can not be protected in any way?
in short, no. you could apply various obscure techniques and rewrite stuff on lua core but anyone is still able to create subsequent luadec adapted to your mods, hook into your api and exfiltrate code... unless you do a shitton of rewrite but that involves a huge knoweledge of lua internals and even that can be turned back by skilled hacker.

Ill even go on describing various techniques ive seen or implemented.

1- Internal value encryption. Theres a set of macros on lobject.h that are used to get/set all kind of lua fields

Código: Seleccionar todo

/* Macros to access values */
...
#define pvalue(o)	check_exp(ttislightuserdata(o), (o)->value.p)
#define nvalue(o)	check_exp(ttisnumber(o), (o)->value.n)
#define rawtsvalue(o)	check_exp(ttisstring(o), &(o)->value.gc->ts)
....
/* Macros to set values */
#define setnilvalue(obj) ((obj)->tt=LUA_TNIL)

#define setnvalue(obj,x) \
  { TValue *i_o=(obj); i_o->value.n=(x); i_o->tt=LUA_TNUMBER; }

...
#define setsvalue(L,obj,x) \
  { TValue *i_o=(obj); \
    i_o->value.gc=cast(GCObject *, (x)); i_o->tt=LUA_TSTRING; \
    checkliveness(G(L),i_o); }
You can here perform a crypt/decrypt of internal values, this will render string values/field names and numbers unreadable from ram pages, return a ciphered bytecode by luac much more harder to revert.

2.- Opcode remapping

Código: Seleccionar todo

typedef enum {
/*----------------------------------------------------------------------
name		args	description
------------------------------------------------------------------------*/
OP_MOVE,/*	A B	R(A) := R(B)					*/
OP_LOADK,/*	A Bx	R(A) := Kst(Bx)					*/
OP_LOADBOOL,/*	A B C	R(A) := (Bool)B; if (C) pc++			*/
OP_LOADNIL,/*	A B	R(A) := ... := R(B) := nil			*/
OP_GETUPVAL,/*	A B	R(A) := UpValue[B]				*/

OP_GETGLOBAL,/*	A Bx	R(A) := Gbl[Kst(Bx)]				*/
OP_GETTABLE,/*	A B C	R(A) := R(B)[RK(C)]				*/
...
in lopcode.h you can reorder this enum and even the internal value set, this will produce a lua engine with different opcode ids, luadec not compiled with this source wont be able to dump the pseudocode.

3- Remove parser

Código: Seleccionar todo

Proto *luaY_parser(lua_State *L, ZIO *z) {
Remove usual parser by replacing some methods as described here https://www.lua.org/notes/ltn002.html
While now only bytecode/luac'ed source can be used, code injection by simple lua syntax is prevented.

Any of this tricks will render all dlls/modules unusable and you will need to recompile them against your lua modded lib, but the combo of these will prevent most common script kiddie attacks, like using luadec with your bytecodes, dumping ram pages, altering values on cheatengine or calling furtive calls to luaL_dostring and similar.

Re: SDSdec: SDStudio alpha code dumper

Publicado: 23 Jul 2018 13:18
por er_manue
vaya y eso que parecia interesante... :(

Re: SDSdec: SDStudio alpha code dumper

Publicado: 26 Jul 2018 03:23
por sendai
hahha great pabloko

Re: SDSdec: SDStudio alpha code dumper

Publicado: 26 Jul 2018 12:40
por patch
RIP SDS and interesting post Pabloko

Re: SDSdec: SDStudio alpha code dumper

Publicado: 26 Jul 2018 12:40
por patch
For some reason it dual posted :feelsgoodman-1417755815:

Re: SDSdec: SDStudio alpha code dumper

Publicado: 26 Jul 2018 14:35
por wandersonnegocios
gracias

Re: SDSdec: SDStudio alpha code dumper

Publicado: 28 Jul 2018 18:54
por Louise
:feelsgoodman-1417755815:

Re: SDSdec: SDStudio alpha code dumper

Publicado: 07 Ago 2018 02:11
por electrobyte
impresionante

Re: SDSdec: SDStudio alpha code dumper

Publicado: 08 Ago 2018 19:09
por aeeder6
thnkssssssssssssssssssssssssssssssss

Re: SDSdec: SDStudio alpha code dumper

Publicado: 09 Sep 2018 13:03
por RolandoLT
:friends: :friends:

Re: SDSdec: SDStudio alpha code dumper

Publicado: 20 Nov 2018 12:02
por geneus
let us try !!

Re: SDSdec: SDStudio alpha code dumper

Publicado: 02 Dic 2018 04:19
por gonpublic2k
Hola a todos, disculpen por postear en este tema pero hace tiempo me registre y todavia no me han habilitado la cuenta. No puedo ver ninguno de los enlaces protegidos y necesito informacion en como hacer una base de datos con SQLite usando el GRID. Douglas Castillo ya ha resuelto ese problema pero no puedo ver su solucion ya que el enlace me aparece protegido con "BBHide" y no me deja verlo. A los Administradores les pido que por favor activen mi cuenta para que yo pueda acceder.

Mi correo con el que hice la cuenta es: [email protected]

Usuario: gonpublic2k


Gracias!! y de nuevo, disculpen.