Categories > Coding > Lua >
Introducing E-LUA(Encrypted Lua)
Posted
For the last 3 - 5 months, I've been developing a new way to protect scripts from deobfuscation. Some or most people care about there own content that they put out. Some care if there scripts get leaked and get over it within a week lol. But, let me get to the point.
I'm looking for fairly small executors to test out E-Lua. E-Lua has it own format, it cannot be replicated by another software to decrypt any of the variables as everything you're about to see below, was all made by my custom semi-open source algorithm that can't be cracked(well I mean it can be cracked but you would need a quantum computer to compute all of numbers)
E-Lua works by passing the encrypted script, from the executor, to the server, then back into the executor with a decrypted script that works flawlessly. E-Lua has a built in failsafe as if the servers go down and cannot connect, it will display a message and switch to regular script execution. Wait! Before you say you can just return the decrypted source and return it back to the server and the executor you stupid little idiot...actually you can't. You need to send a post request to the server that has to accept the format, it also sends a generated code that a executor generates, you can't generate this code manually or you'll just get blocked by the server and the server will denie the decryption
This is E-Lua:
EXECUTE-ENCRYPTION:52}71<>2[39{}0819{45},>}45>0,142,}{<44{52798<<844{>5<9,7[>9,33<3
Pretty neat huh?
It may look like a key spam but all those letters, numbers, are all part of the code. There are no fillers at all
Encryption is a form of obfuscation, just harder to read and deobfuscate. Yes, you can brute force your way but honestly would be a waste of time for a lego game script
Anyways, I do have a demo of E-Lua working if you would like to see:
E-LUA Demo Test - Gyazo
If your interested, I can go into more details about E-Lua
If this takes off, script creators won't have to worry about obfuscating scripts that much. My goal is to make it where I can get this API and first ever executor with E-Lua support recognized to where all major executors will be utilizing E-Lua
While E-Lua does have it's own problems(slowness, server randomly shutting down, and cipher moudle errors), I've already identified the problems and necessary fixes are to be in placed soon.
Anyways, if this is something you would like to see happen, support would gladly be welcomed.
Thanks!
The matrix sent their agents
Replied
Sounds interesting! I wish you the best of luck in your later challenges =)
Cancel
Post
Random quote here...
Replied
@_realnickk
loadstrings im not gonna bother with, was thinking about doing something called encrypted loadstrings but eh, I gave up
BUT! You can reverse engineer the decryption algorithm if you want but you don't get far lol. You would need the secret 16 bit key. There's 2 layers of encryption and yes ik only one would be enough since 128 bit ECB is nice but I wanted a custom format. So try to reverse engineer it, it'll just be a high wall to climb over to reach the other side lol
Edit:
Encryption via loadstrings is not a good idea anyway. This would just be for full sourced scripts. I will in the future add a feature where you can use E-LUA in a loadstring. It would just have to check the loadstring first for the format before executing
Cancel
Post
Added
@_realnickk Either my brain is numb or my english is broke haha. It isn't client side completely as the encryption and decryption happens on a server and not on the client. Right now testing is happening on my own local machine cause turns out my pc is almost a super computer and can compute data faster than replit(yes im that poor atm) The concept is to pass data from the client to the server then server back to client. So the decryption won't be taking place on the client but rather on the server. I would be dumb to have client-sided decryption :skull:
Keep in mind Im keeping the source closed and while you can just get the raw data output from the server from the executor, I'm working on a way where you can't do that. Like I said, this is in testing and while has flaws, isn't perfect. I'm still patching a lot of the security risks to make it secure
Cancel
Post
The matrix sent their agents
Replied
@Flinnyd id reccomend replit :troll:
just use boosting
i know its slow but just boost the repl
Cancel
Post
Added
@Astronemi honestly this is kinda new but not really useful
we already have obfuscation but this is a coool concept with encryption
id honestly like to test it
Cancel
Post
!!!!!marcus__!!!!!#8611
https://cdn.discordapp.com/attachments/1066053366758780978/1078052772567597127/image.png
Replied
this may be the biggest waste of time ever.
and the stupidest thread I have seen simply because of this screenshot:
https://cdn.discordapp.com/attachments/1008828541850374204/1071136780507676713/image.png
encryption is a form of obfuscation, everything that attempts to make code harder to reverse engineer or read is a form of obfuscation. this is completely useless as this can easily be tampered with by simply opening httpdebugger or fiddler or wireshark and getting the deobfuscated code from there.
Cancel
Post
Added
@Astronemi not just post requests, all types of requests can be spied on. if there's traffic, you can see it.
Cancel
Post
Added
the amount of misinformation being spread on what obfuscation & encryption is LOL
no, an obfuscator doesn't necessarily mutate its output randomly if it's given the same input, encryption is a form of obfuscation where you indeed will get the same result every time you feed the same input.
Cancel
Post
https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png
Replied
@luxiferrwoo Wonderful point. Forgot to mention that I already made some fixes to where even if you spied on the post request, it'll just be stuff because I made a lovely change that scrambles the post request :)
While this is useless and is a concept, can show that script encryption is possible. And yes I know encryption is part of obfuscation I just said it wrong. Encryption is almost impossible to crack if you dont have the secret key unless you brute force your way in, but in order for that to happen, you would have to obtain the 128 bit encryption by decoding the decrypter. But thank you for your feedback
Cancel
Post
Added
@78440I encrypted post request too
This is a concept, nowhere near ready for use. I have no plans currently to release this publicly any time soon. This might be good for other things besides executors.
Cancel
Post
The matrix sent their agents
Replied
@Astronemi which is exactly what I was talking about and what I was correcting in your post, you said obfuscators never give you the same result, and I corrected you. now you're changing what you're saying in reply.
Cancel
Post
Added
@Astronemi I think you're misunderstanding what I'm saying.
You said something incorrect, I corrected you, and then you reply to me saying exactly what I said as if I'm the one who posted incorrect information / false statements.
Cancel
Post
https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post