ZenHAX

Hey guys I have a luac file and I will to decode for example it looks like this:

MvbRláC–Uˈ*5½Iû§ÖD“‹I·®"E^ˆÛ¹rM–Ð0ždC×´e*s‰Å.‡Íh>úYG
ù±ýxŸF_;ú1Úh0Š$¦|M™ZZ†7ŠÖ‡À4K(7í P›)
C!Ãc¨í{í•Œ?J¹}äQ&‚:0TRôô'¯-e:ÅUìùª¶Š¥Ñ¨Úè¿’_¿!žgܦËd+k›ð,˜ÚDêW~wOFP¦ºhÑìõZ|¤HL¢@’€óŠºÉUC Î…‘õÊÄ•
óõ?¡à /Ê_b‡'NÙVØ¢“†Ô’vIð¡Ufç1<§brfzóç~w\Ùâø¨…€}4×W@U—šó
o¾kE8±Vm¥Qn943â\Yh¾¡±óùÃJKmU/]CfcX¶¦JÒ …j¦Ãàˆ°Pí=ö@¾½æÚñø
>XgöOòÒ¯öP­¶ÚOå6¨¨dv
&+WÒ‘¼š7w$ÕŒDïç¿ch±o~Ð0-âk¬'Üdò%¾ü‘U€)ˆ÷ÑdăJ_´DòóÑÛÌrÓ²H’é/ OfÑ<ÄÂñˆU!9eU3 ûxj덙)×ó`ãÛL<Э‰Ã5Îs²àéBr—zí×VÿƒBZ·ó(Žg™æŠVËI7¥À5(tYõký«+¨ýÿ¤`%eéù@PßÍu*ëuñ%p6<ãÏ}¿WÔƒ?˜ÿ4:DT|™ƒoýy(ë

Game:MTA(Multi Theft Auto GTA:SA)
Filename:sourceC.luac

I'm not aware of compile lua files that start with those bytes.
You forgot two mandatory things when opening a topic here: name of the game and sample file.

*edit*
Final script working with all the versions of netc.dll (1.5.4 and 1.5.7, both win7 and xp versions):
http://aluigi.org/bms/luac_mtasa.bms
*edit*

You can use this script for quickbms to decrypt any script built with both the "some" and "more" obfuscation provided on http://luac.mtasa.com
No reverse engineering, just simple calling of the same DeobfuscateScript function used by the software to do the same job:

quickbmsver "0.8.0"
set MEMORY_FILE10 string "
void memcpy(unsigned char *out, unsigned char *in, int size) {
    for(int i = 0; i < size; i++) out[i] = in[i];
}"
#calldll "netc.dll" "InitNetInterface" "__stdcall" CNET   # useless and quickbms can't do "[CNET]+0xa0"
get NAME filename
get SIZE asize
log MEMORY_FILE 0 SIZE
math RET_BUFF = 0
math RET_SIZE = 0
# static functions offsets for mtasa 1.5.4: 0x1a6a0 and 0x1ac20 (xp)
# netc.dll 1.5.4 and pthread.dll must reside in the same folder of quickbms.exe
calldll "netc.dll" 0x1a6a0 "__stdcall" RET MEMORY_FILE SIZE &RET_BUFF &RET_SIZE NAME
math RET & 0xff
if RET == 0
    print "Error: DeobfuscateScript failed"
    cleanexit
endif
log MEMORY_FILE 0 0
putvarchr MEMORY_FILE RET_SIZE 0
calldll MEMORY_FILE10 "memcpy" "tcc" "" MEMORY_FILE RET_BUFF RET_SIZE
get NAME basename
get EXT extension
string NAME + "_decrypt."
string NAME + EXT
log NAME 0 RET_SIZE MEMORY_FILE

Notes: netc.dll 1.5.4 and pthread.dll must reside in the same folder of quickbms.exe

A bit off topic, but related to LUA, is there any reliable way to decompile 5.0.1? Luadec and unluac.jar don't handle it. I can provide a sample.

Sorry for such a stupid question, but i was using the code posted above, and got an error. So, what is that error means and is there a way to fix it?



sample file: FILE

Probably you are using a version of netc.dll which is not the current 1.5.4.
It's clearly written in the notes.

It has been successfully tested with both the normal and xp dll (on both winxp and win 7, 8, 10).

Eh, i'm sure that i'm using the latest versions of those dll's, directly from MTA:SA 1.5.4 Client ( also tryed both: XP/Vista and Win7/8/10 versions)

0b76a660f284a581de528366914b6ef4 netc.dll
a28a94b7977afa95aff32e043efa1add netc.dll (XP)

Ok I found what's the problem, we are both right
The issue is a micro update of mtasa, my version was 1.5.4.11664 while now it's 1.5.4.11668

*edit* in the meantime I have attached the original netc.dll (Win7 version)

Thank you very much. It works now for me

In case someone doesn't want to use that dll, you can use this simple script to get the address to use in the script at the place of 0x1a6a0:

findloc OFFSET binary "\x10\x31\x00\x00\x00"
math OFFSET + 5
math OFFSET + 0xa0
goto OFFSET
get DeobfuscateScript long
math DeobfuscateScript - 0x10000000
print "DeobfuscateScript %DeobfuscateScript|x%"

Just run quickbms, select the script and select your netc.dll, it will display something like:
DeobfuscateScript 0x0001abb0

Thx for the tip. But now there is another problem. I thought I would be able to decrypt the resulting file by the old methods (luadec and unluac), but they are not able to perform this task even after deobfuscation. Got to find something that may help me doing this.

Hello, i found a code on this forum to encode luac scripts from MTA but this is only working with old files. Is there any way to make this program working for new luac files.

I think they added a new feature on the compiler system, but im not sure.

Here is the link to the compiler:
https://luac.mtasa.com

Here is the link to the old post:
viewtopic.php?t=4777

Merged the post in the previous topic.

So do you mean there is a new encryption method or something similar?
Have you used the dlls from version 1.5.4? It was confirmed to work correctly.
luac.mtasa.com mentions version 1.5.2 as the older covering the latest type of encryption so 1.5.4 was ok

I have tried to decode luac files from 1.4 and it was working. Then i tried to decode luac files from mta 1.5.4 with the 1.5.4 dll’s. it removed the extra obfuscation from the file but when i try to uncompile it with another program named ‘unluac’, im getting a empty file.

Maybe unluac got a problem or mta made something new in the compiler.

Yeah it's perfectly possible.
At least decryption is excluded

Can somehow decompile this code? I used the script for MTA (result - client_core_decrypt.luac), but it did not change much. Unluac cant help.

Post moved in the original topic.
Check the topic in case there are some useful information.

I think that this is still possible. The script from the archive is partially decompiled, maybe this will somehow help.

Thank You Man!