SDSdec: SDStudio alpha code dumper

Aquí podrás hablar de cualquier tema que no tenga un sección específica.

SDSdec is a tool for dumping lua logic of SDStudio 1.0 apps. Just place the dll files alongside the executable and execute the file, it will open a window with codes instead normal app.

Also use this thread for further research on this software.

Hidebb Message Hidden Description
this is very good Pablo .... by this The program died before he was born :) ;) :friends:
pobre turco
no ha terminado la fase beta y ya ha descifrado el soft :closed:
:orly-1414025090: omg!
todo software tem sua fragilidade, mais cedo ou mais tarde alguém vai fuçar
At least talking about lua, its certainly impossible to prevent code or bytecode exfiltration and very difficult preventing payload injection.

Its a common problem of all metalanguages based on fifo/lifo stacks, lua just makes this task even simpler, by given simplicity of its core.

Most successful approaches triying to secure lua had been made by game industry, ive seen a lot of weird obscure shit applied to lua for example opcode remmaping, automated xor'ing of stored values, weird sizes of lua_number, always compiling scripts against luac, ofcourse, and also removing the lua parser... it does the hacking work harder but left for them a huge task to recompile all the needed libraries again for that specific lua engine.

Others, for example, didnt care about code being exfiltrated, but wanted to prevent execution of arbitrary code, the example could be MTA (multi theft auto mod for gta:sa) that decrypts bytecode against a public key, and they have a cloud code signing platform to validate scripts and sign with private key.

Different software has different requirements, thats the problem if you use a framework-for-all model
Pablo ..... then The lua codes can not be protected in any way?
abood1987 escribió:
22 Jul 2018 14:48
Pablo ..... then The lua codes can not be protected in any way?
in short, no. you could apply various obscure techniques and rewrite stuff on lua core but anyone is still able to create subsequent luadec adapted to your mods, hook into your api and exfiltrate code... unless you do a shitton of rewrite but that involves a huge knoweledge of lua internals and even that can be turned back by skilled hacker.

Ill even go on describing various techniques ive seen or implemented.

1- Internal value encryption. Theres a set of macros on lobject.h that are used to get/set all kind of lua fields

Código: Seleccionar todo

/* Macros to access values */
#define pvalue(o)	check_exp(ttislightuserdata(o), (o)->value.p)
#define nvalue(o)	check_exp(ttisnumber(o), (o)->value.n)
#define rawtsvalue(o)	check_exp(ttisstring(o), &(o)->value.gc->ts)
/* Macros to set values */
#define setnilvalue(obj) ((obj)->tt=LUA_TNIL)

#define setnvalue(obj,x) \
  { TValue *i_o=(obj); i_o->value.n=(x); i_o->tt=LUA_TNUMBER; }

#define setsvalue(L,obj,x) \
  { TValue *i_o=(obj); \
    i_o->value.gc=cast(GCObject *, (x)); i_o->tt=LUA_TSTRING; \
    checkliveness(G(L),i_o); }
You can here perform a crypt/decrypt of internal values, this will render string values/field names and numbers unreadable from ram pages, return a ciphered bytecode by luac much more harder to revert.

2.- Opcode remapping

Código: Seleccionar todo

typedef enum {
name		args	description
OP_MOVE,/*	A B	R(A) := R(B)					*/
OP_LOADK,/*	A Bx	R(A) := Kst(Bx)					*/
OP_LOADBOOL,/*	A B C	R(A) := (Bool)B; if (C) pc++			*/
OP_LOADNIL,/*	A B	R(A) := ... := R(B) := nil			*/
OP_GETUPVAL,/*	A B	R(A) := UpValue[B]				*/

OP_GETGLOBAL,/*	A Bx	R(A) := Gbl[Kst(Bx)]				*/
OP_GETTABLE,/*	A B C	R(A) := R(B)[RK(C)]				*/
in lopcode.h you can reorder this enum and even the internal value set, this will produce a lua engine with different opcode ids, luadec not compiled with this source wont be able to dump the pseudocode.

3- Remove parser

Código: Seleccionar todo

Proto *luaY_parser(lua_State *L, ZIO *z) {
Remove usual parser by replacing some methods as described here
While now only bytecode/luac'ed source can be used, code injection by simple lua syntax is prevented.

Any of this tricks will render all dlls/modules unusable and you will need to recompile them against your lua modded lib, but the combo of these will prevent most common script kiddie attacks, like using luadec with your bytecodes, dumping ram pages, altering values on cheatengine or calling furtive calls to luaL_dostring and similar.
vaya y eso que parecia interesante... :(
hahha great pabloko
RIP SDS and interesting post Pabloko
For some reason it dual posted :feelsgoodman-1417755815: