Jump to content
  • 0

Question

Recommended Posts

  • 1
Posted
11 hours ago, Platonic said:

Hello. Can you explain why GG can run obfuscated scripts, i see scripts that start with "LuaR"? New to this. Also does this work the same as with encrypted metadata that when loaded during runtime the texts becomes readable because it has been decrypted with some key(i think). If i recall a serious member of the forum once explained that no matter what the obfuscation is, GG has to understand the script. So it must do some conversion in something GG understands. Let me know because it kind of seems interesting for learn. Thanks.

You are confusing encryption with obfuscation, yes when you encrypt a script it will have to get decrypted before it can be used, making encryption pretty useless.

Obfuscation is different as it transforms the script BUT keeps the functionality, it will just be harder to read for humans yet GG still knows what to do.

The LuaR you see is just pre-compiled Lua Bytecode, it is not safer but the Lua Script is transformed into Lua Bytecode, this is some kind of 'obfuscation as the text representation is transformed into a byte representation that is difficult to understand for humans yet GG still knows exactly what to do. However I still recommend to obfuscate any script as it will stack multiple layers of transformation, making it more difficult for an attacker.

6 hours ago, MainC said:

Several problem to this if you keep "randomizing" gg.getValue/searchNumber:

  • 1) In theory it should be working but when you keep "Randomizing" gg.getValue, eventually the attacker still got the correct values. An Attacker can extract all the gg.getValue from the logs and make a script on top of that, this somewhat an alternative for harder reads, not an entirely make the script unlogable.
  • 2) Will this going to be a memory-hog?

With current available options, it's still enough to protect your script. However, i'm still curious if GG has actually offers some flag if the logs are running? Despite all of that, we're only struggling with GG internal logs, not really prevent from 3rd-party like memdumper.

You can do a memory read 10 times and only have 1 out of 10 be used by the script, you may also write 10 times to the same number and only have the last value as the real value.

Yes it will create a huge memory overhead, which hopefully forces the attacker to turn it off or disk gets f*ck. Or attacker keeps it enabled and has lots of logs to read through. 

  • 0
Posted
20 hours ago, MANDO01 said:

I need a good encryption 😕

can someone help me i did found alot

But i think i can decrypt all of them 😕  

 

First of all, what kind source that you're going to apply encryption, lua files?. If you're willing to use some Advanced way, you can use JWT or SHA hashing but for LUA Files; i think you should also obfuscate your script and then encrypting it. Yes, most of LUA encryption are decryptable so you need to atleast make it more harder to read. For example; you can calling another LUA Files from the first Lua, etc.

  • 0
Posted
56 minutes ago, MainC said:

First of all, what kind source that you're going to apply encryption, lua files?. If you're willing to use some Advanced way, you can use JWT or SHA hashing but for LUA Files; i think you should also obfuscate your script and then encrypting it. Yes, most of LUA encryption are decryptable so you need to atleast make it more harder to read. For example; you can calling another LUA Files from the first Lua, etc.

I want to encrypt lua

I not sure i understand what you saying

But is there a easy way to encrypt but good one no one can decrypt it

Bc idk JWT or SHA

  • 0
Posted
2 hours ago, MANDO01 said:

I did decrypt it 😕

and it's easy to decrypt it 

It would be usefull if you share the method here, as the Author can patch the script to avoid that. GG Lua Encryption mostly based on Client side and GG itself. It's a good practice if you're not trust the Client-Sided process, you might combine Good Encryption with several ways to make it more harder to read:

  • 1) Migrate your script into Online Reserver (Pastebin, etc) 
  • 2) Splits your Script into several mini-script: Import Extra GG Code
  • 3) Obfuscate your LUA / Encrypt LUA to make it more harder to poke.

It would be good if you have write your own Cheats manually (not GG based), as you can implement more things without restriction. 

  • 0
Posted

Hi folks, I doubt you guys are looking for 'encryption', but instead, are looking for 'obfuscation'.

To know the difference between the two, let me explain what they mean:
- Encryption: "the process of converting information or data into a code, especially to prevent unauthorized access."
- Obfuscation: "the action of making something obscure, unclear, or unintelligible."

The problem is that Encryption is what you want as it's the best at 'securing' your code from unauthorized access, however the receiver of your code will most likely 'decrypt' the code to use it, making it completely obsolete.

The solution is Obfuscation as the Lua script will be transformed into something that still has the same functionality, however it has been "transformed' in the worst possible way so that humans will have a very hard time understanding what it does. Good obfuscation means it is simply to hard/difficult to understand what the script does for a human.

So where do you get obfuscation? you can use free online tools such as https://luaobfuscator.com/, I have no experience with other tools as most of them are pay to use.

Example use of LuaObfuscator.com:

-- sample snippet to calculate prime numbers: 
do
   function sieve_of_eratosthenes(n)
   local is_prime = { }
       for i = 1, n do
           is_prime[i] = 1 ~= i
       end
       for i = 2, math.floor(math.sqrt(n)) do
           if is_prime[i] then
               for j = i* i, n, i do
                   is_prime[j] = false
               end
           end
       end
       return is_prime
   end
   local primes = sieve_of_eratosthenes(420)
   for key, value in pairs(primes) do
       if (value) then
           print("Prime found: " .. key)
       end
   end
end

Obfuscated output (CFFv1, Strings, Minifiy )


local v0 = string.char;
local v1 = string.byte;
local v2 = string.sub;
local v3 = bit32 or bit;
local v4 = v3.bxor or v3.bxor;
local v5 = table.concat;
local v6 = table.insert;
local function v7(v8, v9)
	local v12 = {};
	for i = 1, #v8 do
		v6(v12, v0(v4(v1(v2(v8, i, i + 1)), v1(v2(v9, 1 + ((i - 1) % #v9), 1 + ((i - 1) % #v9) + 1))) % 256));
	end
	return v5(v12);
end
do
	local v10 = 0;
	local v11;
	while true do
		if (v10 == 1) then
			for key, value in pairs(v11) do
				if value then
					print(v7("\3\43\133\37\54\121\138\39\38\55\136\114\115", "\83\89\236\72") .. key);
				end
			end
			break;
		end
		if (v10 == 0) then
			function sieve_of_eratosthenes(v13)
				local v14 = 0;
				local v15;
				while true do
					if (v14 == 0) then
						v15 = {};
						for i = 1, v13 do
							v15[i] = 1 ~= i;
						end
						v14 = 1;
					end
					if (v14 == 1) then
						for i = 2, math[v7("\205\90\58\188\217", "\171\54\85\211")](math[v7("\7\152\255\8", "\116\233\141\124\175\201\74\192")](v13)) do
							if v15[i] then
								for j = i * i, v13, i do
									v15[j] = false;
								end
							end
						end
						return v15;
					end
				end
			end
			v11 = sieve_of_eratosthenes(420);
			v10 = 1;
		end
	end
end

 

  • 0
Posted

And the (Import Extra GG Code)

I don't understand

How i can put my codes 

I will use io.write or what???

16 hours ago, Ferib said:

Hi folks, I doubt you guys are looking for 'encryption', but instead, are looking for 'obfuscation'.

To know the difference between the two, let me explain what they mean:
- Encryption: "the process of converting information or data into a code, especially to prevent unauthorized access."
- Obfuscation: "the action of making something obscure, unclear, or unintelligible."

The problem is that Encryption is what you want as it's the best at 'securing' your code from unauthorized access, however the receiver of your code will most likely 'decrypt' the code to use it, making it completely obsolete.

The solution is Obfuscation as the Lua script will be transformed into something that still has the same functionality, however it has been "transformed' in the worst possible way so that humans will have a very hard time understanding what it does. Good obfuscation means it is simply to hard/difficult to understand what the script does for a human.

So where do you get obfuscation? you can use free online tools such as https://luaobfuscator.com/, I have no experience with other tools as most of them are pay to use.

Example use of LuaObfuscator.com:

-- sample snippet to calculate prime numbers: 
do
   function sieve_of_eratosthenes(n)
   local is_prime = { }
       for i = 1, n do
           is_prime[i] = 1 ~= i
       end
       for i = 2, math.floor(math.sqrt(n)) do
           if is_prime[i] then
               for j = i* i, n, i do
                   is_prime[j] = false
               end
           end
       end
       return is_prime
   end
   local primes = sieve_of_eratosthenes(420)
   for key, value in pairs(primes) do
       if (value) then
           print("Prime found: " .. key)
       end
   end
end

Obfuscated output (CFFv1, Strings, Minifiy )


local v0 = string.char;
local v1 = string.byte;
local v2 = string.sub;
local v3 = bit32 or bit;
local v4 = v3.bxor or v3.bxor;
local v5 = table.concat;
local v6 = table.insert;
local function v7(v8, v9)
	local v12 = {};
	for i = 1, #v8 do
		v6(v12, v0(v4(v1(v2(v8, i, i + 1)), v1(v2(v9, 1 + ((i - 1) % #v9), 1 + ((i - 1) % #v9) + 1))) % 256));
	end
	return v5(v12);
end
do
	local v10 = 0;
	local v11;
	while true do
		if (v10 == 1) then
			for key, value in pairs(v11) do
				if value then
					print(v7("\3\43\133\37\54\121\138\39\38\55\136\114\115", "\83\89\236\72") .. key);
				end
			end
			break;
		end
		if (v10 == 0) then
			function sieve_of_eratosthenes(v13)
				local v14 = 0;
				local v15;
				while true do
					if (v14 == 0) then
						v15 = {};
						for i = 1, v13 do
							v15[i] = 1 ~= i;
						end
						v14 = 1;
					end
					if (v14 == 1) then
						for i = 2, math[v7("\205\90\58\188\217", "\171\54\85\211")](math[v7("\7\152\255\8", "\116\233\141\124\175\201\74\192")](v13)) do
							if v15[i] then
								for j = i * i, v13, i do
									v15[j] = false;
								end
							end
						end
						return v15;
					end
				end
			end
			v11 = sieve_of_eratosthenes(420);
			v10 = 1;
		end
	end
end

 

I'm confused now 🙃

  • 0
Posted
4 hours ago, MANDO01 said:

And the (Import Extra GG Code)

I don't understand

How i can put my codes 

I will use io.write or what???

I'm confused now 🙃

You take your lua code, obfuscate your lua code, then use THAT obfuscated lua code. (it will run just fine)

  • 0
Posted
4 hours ago, Ferib said:

You take your lua code, obfuscate your lua code, then use THAT obfuscated lua code. (it will run just fine)

Okay but how to obfuscateion ?

4 hours ago, HEROGAMEOfficial said:

👎👇👇

 

Bro I'm not taster and idk Lots about encryption

I just want a encrypt or block log gg

Or anything like that i don't want to anyone decrypt or log my script

  • 0
Posted
3 hours ago, MANDO01 said:

Okay but how to obfuscateion ?

Bro I'm not taster and idk Lots about encryption

I just want a encrypt or block log gg

Or anything like that i don't want to anyone decrypt or log my script

You paste your code in the window, then click either 'obfuscate' for 1-click solution or click on 'All Actions' to get more individual obfuscations

  • 0
Posted
On 7/25/2022 at 7:54 PM, Ferib said:

You paste your code in the window, then click either 'obfuscate' for 1-click solution or click on 'All Actions' to get more individual obfuscations

Bro even after i obfuscate it can be gg can log it

  • 0
Posted (edited)
6 hours ago, MANDO01 said:

Bro even after i obfuscate it can be gg can log it

Obfuscation does not protect against that, but out of curiosity can you show me some example logs?

EDIT: found an example here: 

this is the log file .... how to run it to simple lua (#4xa0gh75)

 

One think you might do is to first check if a logfile is generated on the device and exit the script, or bloat the logs by having junk-values/scans being done. Might be an interesting challenge to generate automated calls to gg.getValue or gg.searchNumber with pseudo-random numbers so an attacker will have a harder time to figure out which call is correct. Combine that with some logic on the higher Lua level and you got (despite the logging) a somewhat decent protected script.

Edited by Ferib
  • 0
Posted
On 7/25/2022 at 7:18 AM, MANDO01 said:

Here

Bro i don't want something hard to read

 

I want something they can't find anything in it bc gg decryption can decrypt anything 😕

 

8 hours ago, Ferib said:

Obfuscation does not protect against that, but out of curiosity can you show me some example logs?

EDIT: found an example here: 

this is the log file .... how to run it to simple lua (#4xa0gh75)

 

One think you might do is to first check if a logfile is generated on the device and exit the script, or bloat the logs by having junk-values/scans being done. Might be an interesting challenge to generate automated calls to gg.getValue or gg.searchNumber with pseudo-random numbers so an attacker will have a harder time to figure out which call is correct. Combine that with some logic on the higher Lua level and you got (despite the logging) a somewhat decent protected script.

Well this an example how to log gg script

Okay you can't execute it but you still can get the value from that what i want to block 

  • 0
Posted (edited)
On 7/25/2022 at 11:01 AM, Ferib said:

You take your lua code, obfuscate your lua code, then use THAT obfuscated lua code. (it will run just fine)

Hello. Can you explain why GG can run obfuscated scripts, i see scripts that start with "LuaR"? New to this. Also does this work the same as with encrypted metadata that when loaded during runtime the texts becomes readable because it has been decrypted with some key(i think). If i recall a serious member of the forum once explained that no matter what the obfuscation is, GG has to understand the script. So it must do some conversion in something GG understands. Let me know because it kind of seems interesting for learn. Thanks.

Edited by Platonic
  • 0
Posted
16 hours ago, Ferib said:

Obfuscation does not protect against that, but out of curiosity can you show me some example logs?

EDIT: found an example here: 

this is the log file .... how to run it to simple lua (#4xa0gh75)

 

One think you might do is to first check if a logfile is generated on the device and exit the script, or bloat the logs by having junk-values/scans being done. Might be an interesting challenge to generate automated calls to gg.getValue or gg.searchNumber with pseudo-random numbers so an attacker will have a harder time to figure out which call is correct. Combine that with some logic on the higher Lua level and you got (despite the logging) a somewhat decent protected script.

Several problem to this if you keep "randomizing" gg.getValue/searchNumber:

  • 1) In theory it should be working but when you keep "Randomizing" gg.getValue, eventually the attacker still got the correct values. An Attacker can extract all the gg.getValue from the logs and make a script on top of that, this somewhat an alternative for harder reads, not an entirely make the script unlogable.
  • 2) Will this going to be a memory-hog?

With current available options, it's still enough to protect your script. However, i'm still curious if GG has actually offers some flag if the logs are running? Despite all of that, we're only struggling with GG internal logs, not really prevent from 3rd-party like memdumper.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.