I need a good encryption

[MANDO01]

I need a good encryption

can someone help me i did found alot

But i think i can decrypt all of them  

 

[MANDO01]

On 7/25/2022 at 7:54 PM, Ferib said:

You paste your code in the window, then click either 'obfuscate' for 1-click solution or click on 'All Actions' to get more individual obfuscations

Bro even after i obfuscate it can be gg can log it

[Ferib]

6 hours ago, MANDO01 said:

Bro even after i obfuscate it can be gg can log it

Obfuscation does not protect against that, but out of curiosity can you show me some example logs?

EDIT: found an example here: 

this is the log file .... how to run it to simple lua (#4xa0gh75)

 

One think you might do is to first check if a logfile is generated on the device and exit the script, or bloat the logs by having junk-values/scans being done. Might be an interesting challenge to generate automated calls to gg.getValue or gg.searchNumber with pseudo-random numbers so an attacker will have a harder time to figure out which call is correct. Combine that with some logic on the higher Lua level and you got (despite the logging) a somewhat decent protected script.

Edited July 27, 2022 by Ferib

[MANDO01]

On 7/25/2022 at 7:18 AM, MANDO01 said:

Here

Bro i don't want something hard to read

 

I want something they can't find anything in it bc gg decryption can decrypt anything

 

8 hours ago, Ferib said:

Obfuscation does not protect against that, but out of curiosity can you show me some example logs?

EDIT: found an example here: 

this is the log file .... how to run it to simple lua (#4xa0gh75)

 

One think you might do is to first check if a logfile is generated on the device and exit the script, or bloat the logs by having junk-values/scans being done. Might be an interesting challenge to generate automated calls to gg.getValue or gg.searchNumber with pseudo-random numbers so an attacker will have a harder time to figure out which call is correct. Combine that with some logic on the higher Lua level and you got (despite the logging) a somewhat decent protected script.

Well this an example how to log gg script

Okay you can't execute it but you still can get the value from that what i want to block 

[Platonic]

On 7/25/2022 at 11:01 AM, Ferib said:

You take your lua code, obfuscate your lua code, then use THAT obfuscated lua code. (it will run just fine)

Hello. Can you explain why GG can run obfuscated scripts, i see scripts that start with "LuaR"? New to this. Also does this work the same as with encrypted metadata that when loaded during runtime the texts becomes readable because it has been decrypted with some key(i think). If i recall a serious member of the forum once explained that no matter what the obfuscation is, GG has to understand the script. So it must do some conversion in something GG understands. Let me know because it kind of seems interesting for learn. Thanks.

Edited July 27, 2022 by Platonic

[MC874]

16 hours ago, Ferib said:

Obfuscation does not protect against that, but out of curiosity can you show me some example logs?

EDIT: found an example here: 

this is the log file .... how to run it to simple lua (#4xa0gh75)

 

One think you might do is to first check if a logfile is generated on the device and exit the script, or bloat the logs by having junk-values/scans being done. Might be an interesting challenge to generate automated calls to gg.getValue or gg.searchNumber with pseudo-random numbers so an attacker will have a harder time to figure out which call is correct. Combine that with some logic on the higher Lua level and you got (despite the logging) a somewhat decent protected script.

Several problem to this if you keep "randomizing" gg.getValue/searchNumber:

• 1) In theory it should be working but when you keep "Randomizing" gg.getValue, eventually the attacker still got the correct values. An Attacker can extract all the gg.getValue from the logs and make a script on top of that, this somewhat an alternative for harder reads, not an entirely make the script unlogable.
• 2) Will this going to be a memory-hog?

With current available options, it's still enough to protect your script. However, i'm still curious if GG has actually offers some flag if the logs are running? Despite all of that, we're only struggling with GG internal logs, not really prevent from 3rd-party like memdumper.

[Platonic]

Personnaly i don't really get the point of obfuscating a script that your not even selling(i guess your not selling). At fist all scripts where open source and people could learn from it..now alot think there script is so valuable no one is allowed to see it. Im only talking about those scripts made for specific games. Not talking about tools. @HEROGAMEOfficial im not sure because i can't install your game but are this some of your values? If so then i think the info is enough after a few tries here and there to replicate your behaviour. I also don't expect you to tell me. I would not know eitherway as i can't install that game. I tried for learning purposes. Not looking for take anything.

testHero.txt

[Ferib]

11 hours ago, Platonic said:

Hello. Can you explain why GG can run obfuscated scripts, i see scripts that start with "LuaR"? New to this. Also does this work the same as with encrypted metadata that when loaded during runtime the texts becomes readable because it has been decrypted with some key(i think). If i recall a serious member of the forum once explained that no matter what the obfuscation is, GG has to understand the script. So it must do some conversion in something GG understands. Let me know because it kind of seems interesting for learn. Thanks.

You are confusing encryption with obfuscation, yes when you encrypt a script it will have to get decrypted before it can be used, making encryption pretty useless.

Obfuscation is different as it transforms the script BUT keeps the functionality, it will just be harder to read for humans yet GG still knows what to do.

The LuaR you see is just pre-compiled Lua Bytecode, it is not safer but the Lua Script is transformed into Lua Bytecode, this is some kind of 'obfuscation as the text representation is transformed into a byte representation that is difficult to understand for humans yet GG still knows exactly what to do. However I still recommend to obfuscate any script as it will stack multiple layers of transformation, making it more difficult for an attacker.

6 hours ago, MainC said:

Several problem to this if you keep "randomizing" gg.getValue/searchNumber:

• 1) In theory it should be working but when you keep "Randomizing" gg.getValue, eventually the attacker still got the correct values. An Attacker can extract all the gg.getValue from the logs and make a script on top of that, this somewhat an alternative for harder reads, not an entirely make the script unlogable.
• 2) Will this going to be a memory-hog?

With current available options, it's still enough to protect your script. However, i'm still curious if GG has actually offers some flag if the logs are running? Despite all of that, we're only struggling with GG internal logs, not really prevent from 3rd-party like memdumper.

You can do a memory read 10 times and only have 1 out of 10 be used by the script, you may also write 10 times to the same number and only have the last value as the real value.

Yes it will create a huge memory overhead, which hopefully forces the attacker to turn it off or disk gets f*ck. Or attacker keeps it enabled and has lots of logs to read through. 

[Ferib]

1 hour ago, Platonic said:

Personnaly i don't really get the point of obfuscating a script that your not even selling(i guess your not selling). At fist all scripts where open source and people could learn from it..now alot think there script is so valuable no one is allowed to see it. Im only talking about those scripts made for specific games. Not talking about tools. @HEROGAMEOfficial im not sure because i can't install your game but are this some of your values? If so then i think the info is enough after a few tries here and there to replicate your behaviour. I also don't expect you to tell me. I would not know eitherway as i can't install that game. I tried for learning purposes. Not looking for take anything.

testHero.txt 7.67 kB · 0 downloads

Obfuscation in general is mostly used as DRM, usually to prevent sharing scripts without permission of the developer.

I believe the devs should have all the rights to their own script and it would be kinda sad to have people not share their script as they are afraid to have it leaked or stolen. Of course obfuscation doesn't prevent that but it definitely makes it a bit harder and time consuming.

[MANDO01]

I need block log

[MANDO01]

I have an idea to block log but idk it will work or not

I'm 80% sure it will not work but i will just say it

I will try to make word like oyyosyodoysyodhldkhdtiars or something meaningless i just wanted it to be special

I just want it gg to log it then i will search in all the device to this word then if this word exists the script will delete him self

The problem is how to search in all the device ?

is there's a way to do that

[YouKnowAsura]

Hi , i am an encryption maker, my channel is available in telegram., My encryptions are not easily decodable.

 

You can check few out there

https://t.me/LearnEncryptionMaking

 

Contact me personally :-

https://t.me/YouKnowAsura