Lua "Obfuscator" - Developers

[CODE]<?php /* Lua Mounter made for Gmod.biz by Impulsive. Version: 1.0.1 Notes: Next version will be faster. */ error_reporting(E_ALL ^ E_STRICT); class luamount { /* Generate private glabal values for access later. */ private $file; private $name; private $hash; /* Create mount function. */ public function mount ( ) { /* Scan payload for all files. */ $payload = scandir ( "payload/" ); /* Foreach files */ foreach ( $payload as $level => $file ) { /* Skip first two iterations. */ if ( @$counter++ < 2 ) continue; /* Add each file to global file. */ $this -> file = $this -> file . file_get_contents ( "payload/" . $file ); } /* Begin padding process. */ $this -> encrypt ( $this -> file ); } /* On load generate new hash. */ public function __construct ( ) { /* Padding using safe characters only http://wiki.garrysmod.com/page/Specific_Operators . */ $padding = "1 2 3 4 5 6 7 8 9 10 11 12 13 14 15"; $this -> hash = str_shuffle ( $padding ); $padding .= "$ % ^ & * _ - + = : @ ~ ; ' # < > ? , . /"; $this -> hash = str_shuffle ( $padding . $this -> hash ); $padding .= "a b c d e f g h i j k l m n o p q r s t u v w x y z"; $this -> hash = str_shuffle ( $padding . $this -> hash ); } /* Function to give each variable a new random name and replace all. */ private function value ( $string ) { /* Give value a md5 hash of a unique ID. */ $string = md5 ( uniqid ( $string ) ); /* Prepare string for lua. */ $string = str_replace ( range ( '0', '100' ) , '', $string ); /* Add padding to hash. */ $padding = "/*". str_shuffle ( $this -> hash ) ."*/" . $string ."/*". str_shuffle ( $this -> hash ) ."*/"; return $padding; } private function encrypt ( $file ) { /* Find all renamable functions. */ $functions = array ( "print", "concommand.Add", "concommand.Remove", "Msg", "CreateClientConVar", "GetConVar", "ConVarExists", "http.Fetch", "Color", "hook.GetTable" ); /* Custom functions. */ $custom = array ( "function", "(", ")" ); /* Foreach all functions. */ foreach ( $functions as $replace => $value ) { /* Check if they exist in global file. */ if ( strpos ( $this -> file, $value ) !== false ) { /* Replace function name with random unique ID. */ $this -> file = str_replace ( $value, $this -> value ( $value ) , $this -> file); /* Replace function name with random unique ID. */ $this -> file = "local " . $this -> value ( $value ) . " = " . $value . "\n" . $this -> file; } } /* Foreach all custom functions. */ foreach ( $custom as $replace => $value ) { /* Check if they exist in global file. */ if ( strpos ( $this -> file, $value ) !== false ) { /* Get the name of the function. */ $name = explode ( 'function ', rtrim ( $this -> file, ',' ) ); /* Ensure name is not empty. */ if ( !empty ( $name [ 1 ] ) ) { /* Remove function param. */ $name = str_replace ( array ( "end", "(", ")" ), '', $name [ 1 ] ); /* Save. */ $name = preg_replace ( '/\s+/', '', $name ); /* Check for calling of the function. */ if ( strpos ( $this -> file, $name ) !== false ) { /* Replace if it exists. */ $this -> file = str_replace ( $name, $this -> value ( $name ) , $this -> file ); } } /* Check if any () are invovled. */ if ( strpos ( $this -> file, $value ) !== false ) { /* Pad brackets inside and out. */ $this -> file = str_replace ( $value, "/*" . str_shuffle ( $this -> hash ) . "*/" . $value . "/*" . str_shuffle ( $this -> hash ) . "*/" , $this -> file ); } } } echo $this -> file; } } $luamount = new luamount; $luamount -> mount ( ); ?>[/CODE] [CODE] print("Hello") function hello ( ) concommand.Add() CreateClientConVar() end /*~ <~ > ~,cs u r n a b '~^ q .e o t y z jk* ^ fp xw * >m,< h g' .vldi */local/*c p . wk* fqugt ^> ~ ~ ^x ' n y jsb'* ev ~ , < odiz ~m hr al<,>.*/ /* j * rny f< , ,e.> ps t c .xmq * d ^o u~ k~*/afdaacddeedcb/*kf , .o wc ,jg .q ~u *bm ^ s t 'i*/ = CreateClientConVar /*~ <~ > ~,cs u r n a b '~^ q .e o t y z jk* ^ fp xw * >m,< h g' .vldi */local/*c p . wk* fqugt ^> ~ ~ ^x ' n y jsb'* ev ~ , < odiz ~m hr al<,>.*/ /* ^ v, q m' u,> ~c p ' ~z>g ^f k < *i sa r t< b* y n j d o welx~ h .~. */dabacebdab/* gx ^ew r a vm ~^'' * uyo~pn kq ~<~c z >*.is df, */ = concommand.Add /*~ <~ > ~,cs u r n a b '~^ q .e o t y z jk* ^ fp xw * >m,< h g' .vldi */local/*c p . wk* fqugt ^> ~ ~ ^x ' n y jsb'* ev ~ , < odiz ~m hr al<,>.*/ /*y^p k t' x j ~z> f ob gnw ~>m er ~l h, c q.< .* ~ u ^ ' * d svi< a, */bfecabecabfcdea/*w yg r '< ' * ^th l d qa ~om sz ^ b n* e~ ui <~c . ~. k j ,x > , vf> p*/ = print /*c w *^ >y v < l f ^ .'hde < s* z qr u' k,~i j g ,p ~m x nao.t ~ b> ~*/bfecabecabfcdea/*, < ~ v a~. b .f uy 'ei rg ^ ljs >ckd ~ < *ow ' ^ >n hz ~m, * x qp t*//* zy ~s > n*> w cd ' h < eq k o.ix* ~ un* ~ u< c~zjve.,~hmrq< d~y a b , ^ ' * sl pxk ' . >g^if*/"Hello"/* *x ' kp r *f .^z yq. , < ,~ts ^ d >>c~ba m~ ~ v < 'hio u n we lg j */)/*m>j.u k t , vf c s>'~y ' p qlwa d. <~ o ~ * gh*b x, ^re ^ni ~z < */ /* bwi l*,e ~ ~ p n, ' *^o k ' r h a tqf v g zm < > . xy ^ j*/function/* r z e ~s n>u>^gqx * * k< . < ch m~id, ' bv~ po fa, t~j'wl ^y.*/ hello /* zy ~s > n*> w cd ' h < eq k o.ix* ~ un* ~ u< c~zjve.,~hmrq< d~y a b , ^ ' * sl pxk ' . >g^if*/ /* *x ' kp r *f .^z yq. , < ,~ts ^ d >>c~ba m~ ~ v < 'hio u n we lg j */)/*m>j.u k t , vf c s>'~y ' p qlwa d. <~ o ~ * gh*b x, ^re ^ni ~z < */ /* a ~ *< r,^ > .i js~f t enbvm * u'y kh^o cp~ q '< z>.w ~x d ,lg */dabacebdab/*~v s l f ~^ , ,x ka j c . .~ > iq* n ~z d o u t*by '< < 'r > e^ whpm g *//* zy ~s > n*> w cd ' h < eq k o.ix* ~ un* ~ u< c~zjve.,~hmrq< d~y a b , ^ ' * sl pxk ' . >g^if*//* *x ' kp r *f .^z yq. , < ,~ts ^ d >>c~ba m~ ~ v < 'hio u n we lg j */)/*m>j.u k t , vf c s>'~y ' p qlwa d. <~ o ~ * gh*b x, ^re ^ni ~z < */ /*,> ^ ~. . * h , < pde~ s il > y ' nvk ,* .rk* >. tc~ ,*//* zy ~s > n*> w cd ' h < eq k o.ix* ~ un* ~ u< c~zjve.,~hmrq< d~y a b , ^ ' * sl pxk ' . >g^if*//* *x ' kp r *f .^z yq. , < ,~ts ^ d >>c~ba m~ ~ v < 'hio u n we lg j */)/*m>j.u k t , vf c s>'~y ' p qlwa d. <~ o ~ * gh*b x, ^re ^ni ~z < */ end Each time the page is reloaded it re-obfuscates the code: /* . k ~~ j u r,'y gzi .b ^' n , p ^ dlh v~~o ex a > s * < *w c t fq */local/*~ gn e f*<' r~tvpm i c b >< , ok > ^ul. q zx 'hy~ w, a jd ~. s^ **/ /* > <,bz q 'gf * * ~ np w < i o u ^^k xrj~ dv> a ~ s ~e. y,mtlh'c.*/eaacefcebeefd/*~> < k~ h * s x^ */ = CreateClientConVar /* . k ~~ j u r,'y gzi .b ^' n , p ^ dlh v~~o ex a > s * < *w c t fq */local/*~ gn e f*<' r~tvpm i c b >< , ok > ^ul. q zx 'hy~ w, a jd ~. s^ **/ /*y i'~u k< dp ^t b.^a~ s zl, g x ' mrc. o qwe*j ,* ~ nh ~f>*/dcdcffabdcdf/*< ul n k~y hp> , q ~m* rf. o xsgcd * b' ~ .~^^j ie< ' vza w, >t*/ = concommand.Add /* . k ~~ j u r,'y gzi .b ^' n , p ^ dlh v~~o ex a > s * < *w c t fq */local/*~ gn e f*<' r~tvpm i c b >< , ok > ^ul. q zx 'hy~ w, a jd ~. s^ **/ /* ~'w ml i v n ~ > >< rk f e *g h ,.< , .q ^jopy ac bz^~tsx~ d* u'*/adbecdda/* q~ nr jyv,. *a z . ^b de l < xo *h i >gs~u k ~' ' , > ~ w c <^ tm f p*/ = print /*jokpn~ >t~v mbr.g. ~ , e xd, a ~ <^ f*l ^*/adbecdda/* g > * ~z , . kbf ~' n c w,ov xs i e~ *dj ' trq l u ^ hm. > a~ <^ vk*~ l.f d b, j t . hauxc< r'~mn s'e */(/* .eg n y d*, k '* q ~t xw b ~ as.m j ^^ ,>v ~~ */"Hello"/* ,v o>s< t' lh d . cm .ebz* u ^a * f ~yp gqwx^ ~ ~ jr*/)/* ,gx > > *, r .o ~~tq < wl g > k*/function/*tg z o* ~x*qu . m ^j,h c d p k l ><~f , w i s.y ~r a ~ ^nb<>'v 'e*/ hello /*~z>vk*~ l.f d b, j t . hauxc< r'~mn s'e */(/* .eg n y d*, k '* q ~t xw b ~ as.m j ^^ ,>v ~~ */ /* ,v o>s< t' lh d . cm .ebz* u ^a * f ~yp gqwx^ ~ ~ jr*/)

I don't think it works properly. [url]https://dl.dropboxusercontent.com/u/8081284/ShareX/2015/03/2015-03-18_17-36-22.mp4[/url]

[QUOTE=edgarasf123;47351192]I don't think it works properly. [url]https://dl.dropboxusercontent.com/u/8081284/ShareX/2015/03/2015-03-18_17-36-22.mp4[/url][/QUOTE] It just works [i]too[/i] properly...

Yeah, it doesn't generate valid code. Here's the errors my parser fixed trying to parse the example: [code] Deleted (MToken {mpos = LineColPos 0 1220 1220, mtok = )},LineColPos 0 1353 1353) at position LineColPos 0 1220 1220 expecting one of [Token :, Token {, Token (, String, Token [, Token ., Token [, Token ., Token :, Token {, Token (, String, Token local, Token function, Token for, Token if, Token repeat, Token while, Token do, Token goto, Token continue, Token break, Some label, Token (, Variable, Token (, Variable, Token ;, Token return],-- Deleted (MToken {mpos = LineColPos 0 1604 1604, mtok = )},LineColPos 0 1743 1743) at position LineColPos 0 1604 1604 expecting one of [Token ., Token :, Token (],-- Inserted (MToken {mpos = LineColPos 0 0 0, mtok = (},LineColPos 0 0 0) at position LineColPos 0 1743 1743 expecting Token (,-- Deleted (MToken {mpos = LineColPos 0 2295 2295, mtok = )},LineColPos 0 2366 2366) at position LineColPos 0 2295 2295 expecting one of [Token local, Token function, Token for, Token if, Token repeat, Token while, Token do, Token goto, Token continue, Token break, Some label, Token (, Variable, Token (, Variable, Token ;, Token return, Token end[/code] These errors are cryptic (I should work on pretty printing them), but it's basically removing three ')' characters. After deleting those three characters, it did come up with this result: [lua] local afdaacddeedcb = CreateClientConVar local dabacebdab = concommand.Add local bfecabecabfcdea = print bfecabecabfcdea[["Hello"]] function hello(dabacebdab) end [/lua] [editline]19th March 2015[/editline] Also, it's readable when opening it in sublime: [t]http://i.imgur.com/sI2Ghb0.png[/t]

[QUOTE=FPtje;47353137]Yeah, it doesn't generate valid code. Here's the errors my parser fixed trying to parse the example: [code] Deleted (MToken {mpos = LineColPos 0 1220 1220, mtok = )},LineColPos 0 1353 1353) at position LineColPos 0 1220 1220 expecting one of [Token :, Token {, Token (, String, Token [, Token ., Token [, Token ., Token :, Token {, Token (, String, Token local, Token function, Token for, Token if, Token repeat, Token while, Token do, Token goto, Token continue, Token break, Some label, Token (, Variable, Token (, Variable, Token ;, Token return],-- Deleted (MToken {mpos = LineColPos 0 1604 1604, mtok = )},LineColPos 0 1743 1743) at position LineColPos 0 1604 1604 expecting one of [Token ., Token :, Token (],-- Inserted (MToken {mpos = LineColPos 0 0 0, mtok = (},LineColPos 0 0 0) at position LineColPos 0 1743 1743 expecting Token (,-- Deleted (MToken {mpos = LineColPos 0 2295 2295, mtok = )},LineColPos 0 2366 2366) at position LineColPos 0 2295 2295 expecting one of [Token local, Token function, Token for, Token if, Token repeat, Token while, Token do, Token goto, Token continue, Token break, Some label, Token (, Variable, Token (, Variable, Token ;, Token return, Token end[/code] These errors are cryptic (I should work on pretty printing them), but it's basically removing three ')' characters. After deleting those three characters, it did come up with this result: [lua] local afdaacddeedcb = CreateClientConVar local dabacebdab = concommand.Add local bfecabecabfcdea = print bfecabecabfcdea[["Hello"]] function hello(dabacebdab) end [/lua] [editline]19th March 2015[/editline] Also, it's readable when opening it in sublime: [t]http://i.imgur.com/sI2Ghb0.png[/t][/QUOTE] Alright so what's the fix for the php code?

[QUOTE=PwndKilled;47353310]Alright so what's the fix for the php code?[/QUOTE] You can't really make a proper obfuscator without parsing the Lua to an abstract syntax tree and walk over it. Knowledge of the semantics and scopes is needed. Basically, rewrite the script. It's much more complicated than you'd think.

I found this [URL="https://github.com/mlnlover11/XFuscator"]XFuscator[/URL] Which turned this [code] print("Hello world") [/code] into this [code] math.randomseed(0.71208838160344) local ____ ____ = { function(...) local t = { ...} return ____[8](t) end, print, game, math.frexp, math.random(1, 1100), string.dump, string.sub, table.concat, wait, tick, loadstring, "t", function(x) local x2 = loadstring(x) if x2 then return ____[tonumber("\50\48")](function() x2() end) else return nil end end, "InsertService", 1234567890, getfenv, "", "wai", 7.2, pcall, math.pi, "" } local ________ = ____[#____ - 9]('\108\111\97\100\115\116\114\105\110\103\40\34\114\101\116\117\114\110\32\92\34\77\87\65\72\65\72\65\32\72\52\88\48\82\90\92\34\34\41\40\41') local ___ = ____[5] local ______ = ____[21] local _ = function(x) return string.char(x / ___) end local __________ = ____[#____ - 9]('\108\111\97\100\115\116\114\105\110\103\40\34\114\101\116\117\114\110\32\95\95\95\95\34\41\40\41') local __ = {_(54), _(152), _(234), _(194), _(162), _(0), _(2), _(8), _(8), _(8), _(16), _(0), _(418), _(0), _(0), _(0), _(216), _(222), _(198), _(194), _(216), _(64), _(238), _(236), _(114), _(190), _(122), _(246), _(182), _(98), _(186), _(122), _(68), _(184), _(110), _(100), _(184), _(98), _(96), _(98), _(184), _(98), _(96), _(112), _(184), _(98), _(96), _(112), _(184), _(98), _(98), _(98), _(184), _(102), _(100), _(184), _(98), _(98), _(114), _(184), _(98), _(98), _(98), _(184), _(98), _(98), _(104), _(184), _(98), _(96), _(112), _(184), _(98), _(96), _(96), _(68), _(88), _(182), _(100), _(186), _(122), _(68), _(184), _(112), _(112), _(184), _(110), _(96), _(184), _(112), _(106), _(184), _(106), _(102), _(184), _(110), _(106), _(184), _(106), _(100), _(184), _(106), _(106), _(184), _(104), _(112), _(184), _(112), _(100), _(184), _(102), _(100), _(184), _(104), _(114), _(184), _(106), _(102), _(184), _(102), _(100), _(184), _(106), _(100), _(184), _(112), _(110), _(184), _(106), _(98), _(184), _(106), _(102), _(184), _(104), _(112), _(184), _(110), _(110), _(184), _(106), _(98), _(184), _(104), _(108), _(184), _(102), _(100), _(184), _(110), _(106), _(184), _(112), _(100), _(184), _(106), _(98), _(184), _(108), _(112), _(184), _(104), _(114), _(184), _(106), _(106), _(184), _(102), _(100), _(184), _(106), _(106), _(184), _(104), _(112), _(184), _(102), _(100), _(184), _(112), _(112), _(184), _(110), _(96), _(184), _(112), _(106), _(184), _(106), _(102), _(184), _(110), _(106), _(184), _(106), _(100), _(184), _(106), _(106), _(184), _(104), _(112), _(184), _(112), _(100), _(184), _(102), _(102), _(68), _(250), _(224), _(228), _(210), _(220), _(232), _(80), _(238), _(236), _(114), _(190), _(182), _(98), _(186), _(82), _(0), _(0), _(0), _(0), _(0), _(0), _(0), _(0), _(0), _(0), _(0), _(4), _(6), _(14), _(0), _(0), _(0), _(20), _(256), _(0), _(0), _(18), _(128), _(128), _(256), _(18), _(384), _(128), _(258), _(138), _(0), _(2), _(0), _(268), _(0), _(128), _(0), _(184), _(128), _(0), _(2), _(60), _(0), _(256), _(0), _(10), _(0), _(0), _(0), _(6), _(0), _(0), _(0), _(0), _(0), _(0), _(480), _(126), _(8), _(24), _(0), _(0), _(0), _(144), _(202), _(216), _(216), _(222), _(64), _(238), _(222), _(228), _(216), _(200), _(0), _(6), _(0), _(0), _(0), _(0), _(0), _(0), _(0), _(128), _(8), _(86), _(0), _(0), _(0), _(176), _(140), _(170), _(106), _(150), _(104), _(110), _(96), _(164), _(64), _(98), _(106), _(64), _(104), _(174), _(102), _(106), _(96), _(154), _(102), _(92), _(64), _(150), _(164), _(102), _(136), _(98), _(110), _(64), _(110), _(96), _(64), _(176), _(140), _(170), _(106), _(150), _(104), _(110), _(96), _(164), _(66), _(0), _(8), _(12), _(0), _(0), _(0), _(224), _(228), _(210), _(220), _(232), _(0), _(0), _(0), _(0), _(0), _(14), _(0), _(0), _(0), _(2), _(0), _(0), _(0), _(2), _(0), _(0), _(0), _(2), _(0), _(0), _(0), _(2), _(0), _(0), _(0), _(2), _(0), _(0), _(0), _(2), _(0), _(0), _(0), _(2), _(0), _(0), _(0), _(2), _(0), _(0), _(0), _(16), _(0), _(0), _(0), _(96), _(462), _(76), _(148), _(358), _(48), _(66), _(0), _(6), _(0), _(0), _(0), _(12), _(0), _(0), _(0), _(0), _(0), _(0), _(0), } local ______ = ____[#____ - 9]('\108\111\97\100\115\116\114\105\110\103\40\34\114\101\116\117\114\110\32\95\95\95\95\34\41\40\41') return ____[11](assert(#(____[8](__))==431 and (____[8](__)) or nil, '\84\97\109\112\101\114\105\110\103\32\100\101\116\101\99\116\101\100'), ____[#____])() [/code] It's valid LUA, but not valid GLUA :/, I tried transforming it to glua but so far no success. [code] function test() local loadstring = function(...) local t = {...} PrintTable(t) return CompileString(t[1], t[2] or "loadstring") end math.randomseed(0.71208838160344) local ____ ____ = { function(...) local t = { ...} return ____[8](t) end, print, game, math.frexp, math.random(1, 1100), string.dump, string.sub, table.concat, wait, tick, loadstring, "t", function(x) local x2 = loadstring(x) if x2 then return ____[tonumber("\50\48")](function() x2() end) else return nil end end, "InsertService", 1234567890, getfenv, "", "wai", 7.2, pcall, math.pi, "" } local ________ = ____[#____ - 9]('\108\111\97\100\115\116\114\105\110\103\40\34\114\101\116\117\114\110\32\92\34\77\87\65\72\65\72\65\32\72\52\88\48\82\90\92\34\34\41\40\41') local ___ = ____[5] local ______ = ____[21] local _ = function(x) return string.char(x / ___) end local __________ = ____[#____ - 9]('\108\111\97\100\115\116\114\105\110\103\40\34\114\101\116\117\114\110\32\95\95\95\95\34\41\40\41') local __ = { _(54), _(152), _(234), _(194), _(162), _(0), _(2), _(8), _(8), _(8), _(16), _(0), _(418), _(0), _(0), _(0), _(216), _(222), _(198), _(194), _(216), _(64), _(238), _(236), _(114), _(190), _(122), _(246), _(182), _(98), _(186), _(122), _(68), _(184), _(110), _(100), _(184), _(98), _(96), _(98), _(184), _(98), _(96), _(112), _(184), _(98), _(96), _(112), _(184), _(98), _(98), _(98), _(184), _(102), _(100), _(184), _(98), _(98), _(114), _(184), _(98), _(98), _(98), _(184), _(98), _(98), _(104), _(184), _(98), _(96), _(112), _(184), _(98), _(96), _(96), _(68), _(88), _(182), _(100), _(186), _(122), _(68), _(184), _(112), _(112), _(184), _(110), _(96), _(184), _(112), _(106), _(184), _(106), _(102), _(184), _(110), _(106), _(184), _(106), _(100), _(184), _(106), _(106), _(184), _(104), _(112), _(184), _(112), _(100), _(184), _(102), _(100), _(184), _(104), _(114), _(184), _(106), _(102), _(184), _(102), _(100), _(184), _(106), _(100), _(184), _(112), _(110), _(184), _(106), _(98), _(184), _(106), _(102), _(184), _(104), _(112), _(184), _(110), _(110), _(184), _(106), _(98), _(184), _(104), _(108), _(184), _(102), _(100), _(184), _(110), _(106), _(184), _(112), _(100), _(184), _(106), _(98), _(184), _(108), _(112), _(184), _(104), _(114), _(184), _(106), _(106), _(184), _(102), _(100), _(184), _(106), _(106), _(184), _(104), _(112), _(184), _(102), _(100), _(184), _(112), _(112), _(184), _(110), _(96), _(184), _(112), _(106), _(184), _(106), _(102), _(184), _(110), _(106), _(184), _(106), _(100), _(184), _(106), _(106), _(184), _(104), _(112), _(184), _(112), _(100), _(184), _(102), _(102), _(68), _(250), _(224), _(228), _(210), _(220), _(232), _(80), _(238), _(236), _(114), _(190), _(182), _(98), _(186), _(82), _(0), _(0), _(0), _(0), _(0), _(0), _(0), _(0), _(0), _(0), _(0), _(4), _(6), _(14), _(0), _(0), _(0), _(20), _(256), _(0), _(0), _(18), _(128), _(128), _(256), _(18), _(384), _(128), _(258), _(138), _(0), _(2), _(0), _(268), _(0), _(128), _(0), _(184), _(128), _(0), _(2), _(60), _(0), _(256), _(0), _(10), _(0), _(0), _(0), _(6), _(0), _(0), _(0), _(0), _(0), _(0), _(480), _(126), _(8), _(24), _(0), _(0), _(0), _(144), _(202), _(216), _(216), _(222), _(64), _(238), _(222), _(228), _(216), _(200), _(0), _(6), _(0), _(0), _(0), _(0), _(0), _(0), _(0), _(128), _(8), _(86), _(0), _(0), _(0), _(176), _(140), _(170), _(106), _(150), _(104), _(110), _(96), _(164), _(64), _(98), _(106), _(64), _(104), _(174),

I don't think you'd want an obfuscator that turns one line into that many. Also, it seems to make the script a lot less efficient.

[quote] Notes: Next version will be faster. [/quote] PHP? Wait, I'm sorry... What?

Hmm, I don't think you could truly hide your code. No matter how strong you encrypt it, overriding CompileString/RunString functions will bypass all encryption, all you could do is obfuscate. Or as FPtje suggested is to make an abstract syntax(something like brainfuck), but that is way to complex to make it. Only if there was a way to access only built-in functions that couldn't be overridden. Maybe _BUILTIN table that is read-only, and you couldn't create any local variables named _BUILTIN. but that would be huge hack and most likely will never happen. Or atleast so you couldn't override debug table. [editline]19th March 2015[/editline] Wrote some recursive basic encrypter(simple to bypass by overriding RunString). Still was fun to write it. And yes, it's not optimized at all. [code]math.randomseed(4213807);RunString(("20033c570d3d4de03501d39b5db763e5b1ccf1e55b7e12373d28048d5ae4ffa61e1233e62529fbf270113acae4b26a72488ecba017305ed1eca0887a5293eac5f0548c438718827ff21cd24a6d10b0850397d61071deeea49bd931cdbd8e455ac77fc15da1e99f223563fa3a40606d58a5ac8a9627cdbafd2308967f1800ea1ad5bcaa2169b83a1c040abead82a641b9f63d548f80cea9bb50aea6fae879fd1d74b446395257cff99c1d00f9685656e16b598228a0251c1631e780e8d6a65b39cdbfc17494f1c5ab19abca859c7da88d50eb7a511e2bd7df010cb7a6448d6de66bdbe3392bb7d7b7de0f42650d75f5f509a724d88e0468df334f66d3ab9a2c6c4e00953e2b12a702b12a01f07225a3e1428c30a43cf2ca4122b31dac7bbc939d380dfd3772b9e87520af651025bf62f6f352fa92e3fa777e990ba22a0e96ab4b56806e590430f1a10a7b8cbef324550d526b13a5749d980ae27c10c02738ea2a7721ea558fdf390563d1527651d7c5d139beb022894ba5506dddc4598c6991543124d2410dc7969e3d0ec23c438a34386fa837ef9d92a9030240d96d62b44aa9f2dfc3a5a43b3c01f39708314f5422309a9f9fb94a198e22622d41a1d84c503dd926b7ad0b68ff296f3e642eff7e8f9c485dfb321895c09fd580ab30ae3e78e661ba55dda39ff892985d745192985c789c270b5121195c90d0bb876fe02b72b24204d2049f1d53ee22c2b61a05ef7753be956e975068a15e8cb33d563a13b4dda60d88b0c944a9eb67f1193b8dea1c61a3d4931e0708deb6312daf58f631814320248ea813a0ad54974aa81e2d697e34d80803bf7bb1cfc3b5f9747c3bc017a70b02c9ec7469c1b41eeab0d8494f7fd1a9786abd07ad00a0985c51979e77d68ec6211864d5d11ad8f483d7e13586c33de7c45e67e4f2b6eff25f2a6752f8022bf39212b852d4e6ae969b66b0a5c721d81e00b3cfee33cab53803b7ea93904dcc6498e50704d999075f6b51daf14a83120cca5ae2cf1663128c54fbbe15fc1e22c68f09a3df40e63ea7086739cad47b457bb144e7aa951c49336fcf50b2584f0915b63ecb64c65a3a53d26f45fa0780ffc1314cf02fb7220f0481c075a333d7c020a9c6e0440acb6e9c010e942e4965dd461f5b17931865a6489584c087abad4d5236d0828218dd51f7a86a002db942eaa9970425428411397fc6febc05f583b424e35ed9321c35bc2b57959931426713ba7d826a5022e1bee0d28600ddbe6ef6e3436469bb55b8850c3a24e22326fe270954e4637121f1980dc65e8dfb2e9829baa8e87e6bd9a24ab265f5633e58350b57fe0c448eb2e8d9467d1ff21bf8b2b3290c2ae2db42403059ffb3926e0bfca67ca7cd6138e15adedde01af376b6e2157897fb25dca52957a876e4b5abb641ffab7d9c1de4b2ecc7703f3c4b815855351450cd1d815c1349457ae01208325f99b4bac0e3599d79961996d0715d18181d5f861543a6a82045f436d3cad6bc044a8455a989635430b95454fe43c8ab8959045d445459b5acaf9adba9b24379b0f3376d208333286c6bdaca43a3099c38c83fda17943907016c1e140e29445dfb3700278ce5744a2fa9d489243eed1c77cc1aea718408c3f25b3f86ed92ec30ab15efdd8a773fca50b5ff510fcce08e38d64843a7fdbd622ddfd359dd90cad07ea14c0598921d4d938af134e580107d2a85c06051a29c823714f6de634c285c6fd0d20ac5fc248b4a07dd04ecba450e38442a380291d1887f13271c9eb7daac8d19cf5290a5d7478372861d4a2bd2adff9f5675d30f0604939f2910c2e27f9d84a7bd8f48ad50027bcf95458d83e446b37cc50d9e70176484a1f6e8564544856e59c5eeaff7f4b9adf6b1c66866c7149d6d565bdbd0d4f61f8746b7d149358402c8e0b9648865c13c4738ff7797adc256555ead0f84fe1d41b7d6e4203226aa9fc7836b3a79e88ffe5a0036fac1dccfd1779b62b513ccf5cfbc23ae03350f214a473746571d79f853bb6438482c932b27b328678bcfbc01f4ea38ef41b97254af6a0fb358cb868a3774e0e8e93b1c311897a639c9a12b66386923a43660f9ff4fa196816f64e72123c2302c42a84250395a5af118feacccfa81a8ebb844bac7a098694eedb909d37ba06c18bdb31e8b07ea12c2b1e37fc1acaa968d9c2a07c9009e00a528af28739ed8bb51ed7aaa65e2e6a9c1efbe8d0727e5a2f8e543210f84ee65ca2509481e2ae228d86ad795c12fa8295d6e9fc76868c6cb747bb81a92a4006cd1e21632cfe6201801629d190145a1381047078b8d5a00bd59a9138bcc648f201cae254a0a46ac6aded1c49f853577783ef2f8e0f756511659044ae38f5fb474b5e7b52878bd85fde204b6cb723f6bb372ee61c98e6c3f0570ef85e6144ebd0197a708615fc40b2cd9df8111048f8d5bfc46fd0561c4aefa3078e50dd3ff245e96850632d8e6ee58b4b5b9c9c0fc89330226c825c36a45c74ab7ccbe494c7bf0bcf51e40d5d15ef611391c0348058a2d14b1617d425956b11ea17441fd00d19e34d9fca313601a58e19e919bbd2a52350f7cb806ed1d4fd2b2c7d07a2a7d9700be427d61accf485ce2f8badb18b2ff145f4dfdc8d7cac94da9ebd3d979d2014d0374ac73ff97f9bd559fbb5946bcb62e0d629fed39d937b173bb0ba122447447e6ba2d4a5db72e87493b4c9da03b156f62f1ff4366f2f47452daa5d94352d45503487d57be459e159c82cb2532ca6a35693ab1697244327a38e229ec6f21635e34561d809748dd4ff39623a07a7954ea65e99348bd37040606c7729cf50a95e08db18ae2a4e512a9e02951251829244c69e1fc3429ad396af957ba78dbfbc645dcacc56cb8e2088e910670f96f1786248d974ea1cb343aa1d6a635b363c426a8ebdf3c2cf4dc5acc24fca86a266a4227825021bc662b45f1173636cc48fc5d449735cf333aaa91de5db4ad9e63fddfaf1350248239b1a7e7e929cab2e3746efadbf0584fca6212bbe74f2754c81c4b3fc11554b8bbfdb563183ca9078dea91fea1738989e9d901f1c2a135a2cc057caea0e43cea0da230df11a484"):gsub('%x%x',function(c)return string.char(bit.bxor(tonumber(c,16),math.random(0,255)))end))[/code] [code] math.randomseed(1/(os.clock()*1e3)) function recursiveObf( code, iter ) if iter <= 0 then return code end local seed = math.floor(math.random()*10000000) math.randomseed( seed ) local obfcode = string.gsub( code, ".", function( c ) return string.format("%02x",bit.bxor(string.byte( c ), math.random(0,255))) end) return recursiveObf( "math.randomseed("..seed..");RunString((\""..obfcode.."\"):gsub('%x%x',function(c)return string.char(bit.bxor(tonumber(c,16),math.random(0,255)))end))", iter-1 ) end local code = recursiveObf([[print("Hello")]],5) file.Write("obfdump.txt",code) [/code]

By abstract syntax tree I meant a data structure that represents the code.

Just get the lua bytecode and you are settled if you don't want people to read it. This probably won't apply easily to Garrys Mod but heck why would you wanna even try? Also by definition of obfuscation you will be never able to protect the code from being stolen other than people being able to easily read it. So whats the point here really?

Lua Minifier: [url]http://apps.lastpengu.in/lua-minifier/[/url] Mainly just for making code smaller but it strips out structure and variable names too. Doesn't support Garry's added C++ syntax.

[QUOTE=thelastpenguin;47356095]Lua Minifier: [url]http://apps.lastpengu.in/lua-minifier/[/url] Mainly just for making code smaller but it strips out structure and variable names too. Doesn't support Garry's added C++ syntax.[/QUOTE] Source of that one: [url]https://github.com/mathiasbynens/luamin[/url] That one does seem to create an abstract syntax tree. Did you create it?

Nah. I'm just hosting it at the moment. Nice finding the link. I've just had the files on my hard drive for ages, had long since forgotten where I got it. ive got a modified version that supports gLua syntax but that one is written in node.js which is something of a pain to host publicly.

[QUOTE=Dear_Matt;47355946]Also by definition of obfuscation you will be never able to protect the code from being stolen other than people being able to easily read it. So whats the point here really?[/QUOTE] [url]http://en.wikipedia.org/wiki/Nirvana_fallacy#Perfect_solution_fallacy[/url]

Security by obscurity? haha Useless on its own in client-side due to its huge security flaws (printing the decrypted function) So it would probably work better if the salts were sent through the network instead. Still vulnerable to just a _G.CompileString = _G.print [CODE]function ez(a)local b=''while#a>0 do b=b..string.char(tonumber(string.sub(a,1,2),16))a=string.sub(a,3)end;return b end assert(CompileString(ez("66756e6374696f6e2068322861296c6f63616c20623d2730313233343536373839616263646566276c6f63616c20633d27277768696c6520613e3020646f206c6f63616c20643d6d6174682e666d6f6428612c313629633d737472696e672e73756228622c642b312c642b31292e2e633b613d6d6174682e666c6f6f7228612f313629656e643b696620633d3d27277468656e20633d273027656e643b72657475726e206320656e643b66756e6374696f6e2073322861296c6f63616c20623d27277768696c6523613e3020646f206c6f63616c20633d683228737472696e672e6279746528612c312c312929696623633c32207468656e20633d2730272e2e6320656e643b623d622e2e633b613d737472696e672e73756228612c3229656e643b72657475726e206220656e643b66756e6374696f6e2064322861296c6f63616c20623d27277768696c6523613e3020646f20623d622e2e737472696e672e6368617228746f6e756d62657228737472696e672e73756228612c312c32292c31362929613d737472696e672e73756228612c3329656e643b72657475726e206220656e643b66756e6374696f6e206528622c6329623d73322862296c6f63616c20643d2222666f7220653d312c236220646f20696623622d635b355d3e3d65206f72206e6f742066616c7365207468656e20666f7220663d302c3320646f206966206525343d3d66207468656e20643d642e2e737472696e672e636861722828737472696e672e6279746528737472696e672e73756228622c652c6529292d33322b635b662b315d292539352b333229627265616b20656e6420656e6420656e6420656e643b666f7220653d312c635b355d646f20643d642e2e737472696e672e63686172286d6174682e72616e646f6d2833322c3132362929656e643b72657475726e207332286429656e643b66756e6374696f6e206428622c6329623d64322862296c6f63616c20643d2222666f7220653d312c236220646f20696623622d635b355d3e3d65207468656e20666f7220663d302c3320646f206966206525343d3d66207468656e20643d642e2e737472696e672e636861722828737472696e672e6279746528737472696e672e73756228622c652c6529292d33322b2d635b662b315d292539352b333229627265616b20656e6420656e6420656e6420656e643b72657475726e206432286429656e64"), "dontbestealingmahscriptsyall"))() local salts = {239, 558, 931, 282, 627} -- may be networked instead to prevent client-sided view local func = "print(\"Hi! This is being ran from an encrypted function.\")" local e_func = e(func, salts) -- encrypted function print(e_func) assert(CompileString(d(e_func,salts),"loveyall"))() -- run the encrypted function [/CODE] e_func output = [CODE]2b7c34632a2633372b212f69267e31692a262f62267c32652a25336a2b202f612a263464267c33632a22336a2a523368267c34632a7d3337267c33672b7e33382a512f612a7d3337267c33662a5233642b7e346a2b7c34652a223365267c33672b2233372a2034652a2633382a522f37267e2f6a7d527246724279535e3a30633c4e4f342c206b3a5f3026447067422c726b74675b555e333e3c2a603a335d4f62772d7c515a567a665b3021284c523a3d492f6665203d663a5e2d7130414b5c2d765823792c52533231443e33427660577447217b2f275c34545b232633246336257e574d3f3a222a534a363d5978637d2c273360245a453d4f7c2279762d437e50254334736240735223377c613e36595d30322b584d6951727c7e67665c2e6c207576666a7c6f22256d5a276f3e346a72612e61293c2a46454f5b57587679785f3461433255742b4e53574f7c6a6149587551303a5632726f556e2a67312f3b645d5f6832776a5734333544675a75305767673e545d455c3a59717738397d265d334a2a3369613e6e6d765d6e374959275b79673d7762337c564f3b7d4b3c49687d7d627c3e50375668502827677e3f3e5560427e687b4b225d782b67635f72283367712f3a6b7975272b6c212b3a79767d612e475c23755271347225576356493c574e74207348794f572d284566297c32434c254d4c51564d7d2864607c2529312e702665696e69507a2338395b3e3d6c67215669233f2960687c3134395127463c713b67382a6b6f2774434f66253c6b2e4a505e604d5f215254645964512a2e712a695744795f41477069275f4c384e565972696448616a45545a65615a4a4f706435315b35485a435a364970336c723a6f443138512d312f7d71506a34315a2a32792f5d2a47263958777e6a553a675e2727744e792c27725a4d674f5c705a3a3f56634f4e29794a6d29394827694d474e7a4d412b5e26326d6d61575d773f564273563a322a64615a5b2a7c2d397d5f66246c6d5a7c756f57353c37232631552e356f [/CODE]

[QUOTE=_Divine;47357697] [lua]while#a>0 do b=b..[/lua][/QUOTE] O(n^2) Also, anything that's been string.char'd can be turned back into the original string. [editline]20th March 2015[/editline] [t]http://i.imgur.com/1IGip5X.png[/t] There goes your obfuscation. Literally the function to deobfuscate was already given. [editline]20th March 2015[/editline] And from there on it's only a matter of pretty printing: [lua]falco@manjaro:~/Programs/gluaparser$ dist/build/gluaparser/gluaparser fix obfus.lua Errors: [] Pretty printed code: function h2(a) local b = '0123456789abcdef' local c = '' while a > 0 do local d = math.fmod(a, 16) c = string.sub(b, d + 1, d + 1) .. c a = math.floor(a / 16) end if c == '' then c = '0' end return c end function s2(a) local b = '' while #a > 0 do local c = h2(string.byte(a, 1, 1)) if #c < 2 then c = '0' .. c end b = b .. c a = string.sub(a, 2) end return b end function d2(a) local b = '' while #a > 0 do b = b .. string.char(tonumber(string.sub(a, 1, 2), 16)) a = string.sub(a, 3) end return b end function e(b, c) b = s2(b) local d = "" for e = 1, #b, 1 do if #b - c[5] >= e or notfalse then for f = 0, 3, 1 do if e % 4 == f then d = d .. string.char((string.byte(string.sub(b, e, e)) - 32 + c[f + 1]) % 95 + 32) break end end end end for e = 1, c[5], 1 do d = d .. string.char(math.random(32, 126)) end return s2(d) end function d(b, c) b = d2(b) local d = "" for e = 1, #b, 1 do if #b - c[5] >= e then for f = 0, 3, 1 do if e % 4 == f then d = d .. string.char((string.byte(string.sub(b, e, e)) - 32 + -c[f + 1]) % 95 + 32) break end end end end return d2(d) end [/lua]

[QUOTE=FPtje;47362013]O(n^2) Also, anything that's been string.char'd can be turned back into the original string. [editline]20th March 2015[/editline] ... [/lua][/QUOTE] Yeah, there isn't a way to completely 'hide' the encrypt / decrypt function. The point wasn't really to obsufucate anything, but rather to hide the encrypt / decrypt functions ( e(string, salts) and d(pseudo-encrypted string, salts ) ) from plain view. It'll stump some people along the way and it'll would still require a 'seed' for it to function. I was just trying out some 'encryption' by requiring some sort of password for you to read the text.

[QUOTE=_Divine;47372583]Yeah, there isn't a way to completely 'hide' the encrypt / decrypt function. The point wasn't really to obsufucate anything, but rather to hide the encrypt / decrypt functions ( e(string, salts) and d(pseudo-encrypted string, salts ) ) from plain view. It'll stump some people along the way and it'll would still require a 'seed' for it to function. I was just trying out some 'encryption' by requiring some sort of password for you to read the text.[/QUOTE] It fails in every regard, including the one you just mentioned. A good obfuscator is hard to read even after pretty printing. This mostly involves around removing information. In a previous thread I mentioned some of these: - replacing control structures with labels and gotos - replace variable names to less descriptive ones, including that of local functions - remove indentation and comments (obvious, but can be reversed with pretty printing) - References to global variables obfuscated, localised, etc. When making an obfuscator, you must ensure soundness and completeness: - global functions must remain available with the same signature - global variabes too - references to global functions in other functions cannot necessarily be localised on the top level because functions can change in time There's a lot of other more demands. They can be met, but it's hard work. Obfuscating has a lot of common ground with minifiers. JQuery is a perfect example: minified: [url]http://code.jquery.com/jquery-2.1.3.min.js[/url] normal: [url]http://code.jquery.com/jquery-2.1.3.js[/url] An obfuscator/minifier is a compiler that compiles to the same language as its input. So yeah, you need to build a compiler, and that's a lot of work. Luckily there are plenty of GLua parsers out there [url=https://github.com/FPtje/GLuaParser]hint hint[/url]

I wrote (a really basic) one a few years back. I'll see if I can find it. Stripped newlines, unnecessary whitespace, replaced variable names with varying length underscores, replaced global variable lookups with byte format strings (also converted strings). Readable when you print (get strings back), reads newlines and variable names, but it was a start.