Jump to content

Ferib

Members
  • Posts

    16
  • Joined

  • Last visited

2 Followers

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Ferib's Achievements

Apprentice

Apprentice (3/14)

  • Collaborator Rare
  • One Month Later
  • Conversation Starter Rare
  • First Post Rare
  • Reacting Well Rare

Recent Badges

4

Reputation

  1. @shuishanJust inject frida gadget .so and then use your .JS script? xDD
  2. The are tools worse than GameGuardian? lmao
  3. Open Terminal and start `vim`, then try to exit it and you will have a matrix fall of text, like in the Hollywood movies in no time. That's just how hacking works.
  4. Again I am not talking about multi-threading in the Lua side, just want to create a new thread on a asm function. Currently got around it by hooking a function and writing a small code cave to invoke thread creation.
  5. Ferib

    I need a good encryption

    Obfuscation in general is mostly used as DRM, usually to prevent sharing scripts without permission of the developer. I believe the devs should have all the rights to their own script and it would be kinda sad to have people not share their script as they are afraid to have it leaked or stolen. Of course obfuscation doesn't prevent that but it definitely makes it a bit harder and time consuming.
  6. Ferib

    I need a good encryption

    You are confusing encryption with obfuscation, yes when you encrypt a script it will have to get decrypted before it can be used, making encryption pretty useless. Obfuscation is different as it transforms the script BUT keeps the functionality, it will just be harder to read for humans yet GG still knows what to do. The LuaR you see is just pre-compiled Lua Bytecode, it is not safer but the Lua Script is transformed into Lua Bytecode, this is some kind of 'obfuscation as the text representation is transformed into a byte representation that is difficult to understand for humans yet GG still knows exactly what to do. However I still recommend to obfuscate any script as it will stack multiple layers of transformation, making it more difficult for an attacker. You can do a memory read 10 times and only have 1 out of 10 be used by the script, you may also write 10 times to the same number and only have the last value as the real value. Yes it will create a huge memory overhead, which hopefully forces the attacker to turn it off or disk gets f*ck. Or attacker keeps it enabled and has lots of logs to read through.
  7. The heck you doing here ;D?
  8. Ferib

    I need a good encryption

    Obfuscation does not protect against that, but out of curiosity can you show me some example logs? EDIT: found an example here: this is the log file .... how to run it to simple lua (#4xa0gh75) One think you might do is to first check if a logfile is generated on the device and exit the script, or bloat the logs by having junk-values/scans being done. Might be an interesting challenge to generate automated calls to gg.getValue or gg.searchNumber with pseudo-random numbers so an attacker will have a harder time to figure out which call is correct. Combine that with some logic on the higher Lua level and you got (despite the logging) a somewhat decent protected script.
  9. Ferib

    I need a good encryption

    You paste your code in the window, then click either 'obfuscate' for 1-click solution or click on 'All Actions' to get more individual obfuscations
  10. Ferib

    I need a good encryption

    You take your lua code, obfuscate your lua code, then use THAT obfuscated lua code. (it will run just fine)
  11. Ferib

    I need a good encryption

    Hi folks, I doubt you guys are looking for 'encryption', but instead, are looking for 'obfuscation'. To know the difference between the two, let me explain what they mean: - Encryption: "the process of converting information or data into a code, especially to prevent unauthorized access." - Obfuscation: "the action of making something obscure, unclear, or unintelligible." The problem is that Encryption is what you want as it's the best at 'securing' your code from unauthorized access, however the receiver of your code will most likely 'decrypt' the code to use it, making it completely obsolete. The solution is Obfuscation as the Lua script will be transformed into something that still has the same functionality, however it has been "transformed' in the worst possible way so that humans will have a very hard time understanding what it does. Good obfuscation means it is simply to hard/difficult to understand what the script does for a human. So where do you get obfuscation? you can use free online tools such as https://luaobfuscator.com/, I have no experience with other tools as most of them are pay to use. Example use of LuaObfuscator.com: -- sample snippet to calculate prime numbers: do function sieve_of_eratosthenes(n) local is_prime = { } for i = 1, n do is_prime[i] = 1 ~= i end for i = 2, math.floor(math.sqrt(n)) do if is_prime[i] then for j = i* i, n, i do is_prime[j] = false end end end return is_prime end local primes = sieve_of_eratosthenes(420) for key, value in pairs(primes) do if (value) then print("Prime found: " .. key) end end end Obfuscated output (CFFv1, Strings, Minifiy ) local v0 = string.char; local v1 = string.byte; local v2 = string.sub; local v3 = bit32 or bit; local v4 = v3.bxor or v3.bxor; local v5 = table.concat; local v6 = table.insert; local function v7(v8, v9) local v12 = {}; for i = 1, #v8 do v6(v12, v0(v4(v1(v2(v8, i, i + 1)), v1(v2(v9, 1 + ((i - 1) % #v9), 1 + ((i - 1) % #v9) + 1))) % 256)); end return v5(v12); end do local v10 = 0; local v11; while true do if (v10 == 1) then for key, value in pairs(v11) do if value then print(v7("\3\43\133\37\54\121\138\39\38\55\136\114\115", "\83\89\236\72") .. key); end end break; end if (v10 == 0) then function sieve_of_eratosthenes(v13) local v14 = 0; local v15; while true do if (v14 == 0) then v15 = {}; for i = 1, v13 do v15[i] = 1 ~= i; end v14 = 1; end if (v14 == 1) then for i = 2, math[v7("\205\90\58\188\217", "\171\54\85\211")](math[v7("\7\152\255\8", "\116\233\141\124\175\201\74\192")](v13)) do if v15[i] then for j = i * i, v13, i do v15[j] = false; end end end return v15; end end end v11 = sieve_of_eratosthenes(420); v10 = 1; end end end
  12. the pthread_create is indeed a native thing, what I meant is that I would like a Lua wrapper API to invoke the pthread_create so that I can spawn a thread on my injected assembly instructions. Lua coroutines are overrated btw
  13. Hello, would it be possible to have a Lua wrapper for `pthread_create` so we can create threads on the fly using the GG Lua API? I think more advanced people would greatly appreciate this as this would make GG more competitive against Frida, thanks.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.