Obfuscation

This thread is about (de)obfuscation of lua scripts.
Here are some rules if you are going to post on this thread:

  1. No one cares if obfuscation is “pointless”! Don’t post it here!
  2. Do not get the topic off-track. This thread is about OBFUSCATION only.

This is what I am starting this thread off with…

I need someone to attempt to deobfuscate this code and leave a rating (1-10) on how hard it was (10 being hard as hell). // i’m ready for any joke you make about this!
If you want, leave comments on what you think could use work in this script and what was good.
It would also be helpful to share how you deobfuscate this script.
Here is the script: http://pastebin.com/raw.php?i=jnRw1Lry

Is the code just meant to error unless there are some specific globals set? If so that’s pretty lame.

The code doesn’t work because you’ve assigned math.randomseed to the same local variable as string.char, which means that your string ‘decryption’ function will attempt to concatenate a nil value and error (math.randomseed returns nil). Relevant code below (with unicode names replaced):



local SYM_5 = string.char
local SYM_5 = math.randomseed

SYM_5(6520831)

local function SYM_7(strr) 
    local result = ""
    for i = 1, string.len(strr) do 
        local rnd = math.random(0,255)
        result = result .. SYM_5((string.byte(string.sub(strr,i,i)) + rnd) % 0xFF)
    end

    return result
end


Apparently I uploaded the wrong version, but the concept is still the same. Could you post everything you did /want to say about it?

Your obfuscator seems to: rename variables using non-ASCII characters, remove formatting, add useless comments, and encode strings.

The first 3 can be automatically cleaned up by using a Lua parser to make an AST, then reconstruct the code from the AST while renaming every variable and ignoring all comments. So now you’ve got readable code thats only issues are meaningless variable names and encoded strings.

If you had a Lua parser written in Lua, you could also tell it which function in the obfuscated code is the string decoding function. Every time it sees a call to that function with a string as the argument, it could run the function and you’d have removed all the encoded strings.

So really, after automating that process (most of which has been done by others already) the only thing which is annoying is the lack of descriptive variable names - which isn’t really a problem anyway.

In my opinion, it’s not very good obfuscation if it can be almost entirely cleaned up automatically.