Script Obfuscation

From Legacy Roblox Wiki
Jump to navigationJump to search
Note: this method of obfuscating code should not be used anymore as bytecode will soon be removed.

Obfuscation is the practice of making source code impossible or nearly impossible to read by humans. Obfuscating script source is becoming an increasingly popular practice among Roblox users. Obfuscation can range anywhere from odd syntax to compiling the code. Obfuscation is not the same as encryption as encryptions were designed to be decrytped by something else.

The method used here is compiling. However, the details are not going to be explained because this is an article about obfuscation, not compilation.

How To Obfuscate Source In Lua

Many users wish to know how to obfuscate their code. There is no specific way to do so, but they all do the same thing. Here is an example of obfuscating some source and then printing it to the output window: 

local Source = [==[
print("Hello World!")
]==]

Source = string.dump(loadstring("return function() " .. Source .. " end", "")())
Source = ("loadstring(%q)()"):format(Source)
print(Source)

Now most intermediate scripters will probably not understand the source above. The point of this tutorial is not to explain the source, but to demonstrate source obfuscation. What prints after running that code is this: 

loadstring('\27\76\117\97\81\0\1\4\4\4\8\0\45\0\0\0\114\101\116\117\114\110\32\102\117\110\99\116\105\111\110\40\41\32\112\114\105\110\116\40\34\72\101\108\108\111\32\87\111\114\108\100\33\34\41\10\32\101\110\100\0\1\0\0\0\2\0\0\0\0\0\0\2\4\0\0\0\5\0\0\0\65\64\0\0\28\64\0\1\30\0\128\0\2\0\0\0\4\6\0\0\0\112\114\105\110\116\0\4\13\0\0\0\72\101\108\108\111\32\87\111\114\108\100\33\0\0\0\0\0\4\0\0\0\1\0\0\0\1\0\0\0\1\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0')()


Decoding Obfuscated Source

Say you want to decode the source of the obfuscated script. Some obfuscations are simple and allow you to just print the source. However, using the obfuscated source above as an example, this is why you simply cannot print the source: 

print("\27\76\117\97\81\0\1\4\4\4\8\0\45\0\0\0\114\101\116\117\114\110\32\102\117\110\99\116\105\111\110\40\41\32\112\114\105\110\116\40\34\72\101\108\108\111\32\87\111\114\108\100\33\34\41\10\32\101\110\100\0\1\0\0\0\2\0\0\0\0\0\0\2\4\0\0\0\5\0\0\0\65\64\0\0\28\64\0\1\30\0\128\0\2\0\0\0\4\6\0\0\0\112\114\105\110\116\0\4\13\0\0\0\72\101\108\108\111\32\87\111\114\108\100\33\0\0\0\0\0\4\0\0\0\1\0\0\0\1\0\0\0\1\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0")

>LuaQ

This method of obfuscating code is also called pre-compiling, and there is no way to get back the exact source. However, it is possible to get something that roughly looks like the original source with some knowledge of LASM, or using a Lua decompiler for Lua 5.1 (even though these are usually incomplete, they can help getting the source back).

Retrieved from "https://rbxlegacy.wiki/index.php?title=Script_Obfuscation&oldid=83056"