如何解密 LuaT 脚本

问题描述 投票:0回答:2

如何解密这种新的Lua加密方式?

key=[[BREW STORE]];dmnpxzbtpptkabbbstzuaaiyxqbgfszjdhxuxcztvmrghjbawfatwzqandrzrfqlragsyqggkpbvtqktxbckpewunqnfosobaogiitkfsbzuihgljnzslgtmjmgkdasx='om jangan decrypt aku :((';awzmplriqloyociafdhovyenmbcbhqmyegwedddczphgbvubquftewkdqtypcsxmsxihkcwajhqqwidoleeudnahsscjbmlkaocozlvxsbnjbyphljxkcavllyevkhii='Obfuscator Ini Milik ZiGB';jknofzqxfwhpgpwunwnntdqilsqedpbwajyxnzgqchnbspvvehqoyvqdsavrovwklpgfbzpyiorpggadtdjbworigkbdnkbsspfsobalqavigtcfwehcreyeftezpkdi='Kamu Nyari Load?';rzoekzjkzzarhiovruxttaybxqpnhiobpvhbcywmhqlcfoltkbktsjwkldwgobariqrhmimxrmmlbrwhpvurflbcgjonrjvfuappyjeqpmdjghdviciyqkrfpnburddu='Saya Tak Ragu Ingin Nembak Gay People';yazmbcaksoywojorasrbfjqppsgyjdqlzwulsjbfyjxnvxebwmmdxqwkqmhepswuioueybvygkqgijdkrfwmlswajeadgafqggjcdafxxqfgvcmcuennmaesreozhlbn="Soeharto is first indonesian president. Jokowi is seventh indonesian's president, Itadori Yuuji is one of main character in Jujutsu Kaisen Anime, Kento Nanami is Side Character On Jujutsu Kaisen Anime. Lava is 1 of the most dangerous liquid in the world (cap)";mfemjepnyenbjvuehqaxgpvdwqntjmfvsueerksbcticjjnhrqrrsualwlqeshnxqocmqhekxdgtecdogxyasfyapewprxfgmcmvwiedejihvdfujvprttydsulkhnju={ 1,160,3,187,236,277,257,244,160,185,307,173,170,186,170,164,168,168,280,246,160,160,160,160,160,160,160,160,160,160,160,200,279,224,161,392,224,227,218,252,260,265,275,259,271,274,260,205,258,271,276,205,268,277,257,205,271,258,262,277,275,259,257,276,271,274,252,260,265,275,259,271,274,260,205,258,271,276,205,268,277,257,205,271,258,262,277,275,259,257,276,271,274,252,260,265,275,259,271,274,260,205,258,271,276,205,268,277,257,205,271,258,262,277,275,259,257,276,271,274,252,271,258,262,277,275,259,257,276,261,260,252,261,270,259,206,268,277,257,293,296,160,160,215,161,337,171,160,160,160,299,160,160,161,171,161,160,162,174,161,162,163,299,161,160,164,302,161,163,165,179,162,160,320,242,160,160,160,289,290,213,288,161,163,215,288,289,163,208,288,161,292,209,288,289,292,179,288,161,293,216,288,289,165,210,288,161,166,216,288,289,166,218,288,161,167,210,288,289,167,217,288,161,296,217,288,289,296,175,288,161,297,179,288,289,297,176,288,161,170,195,288,289,170,194,288,161,299,201,288,289,299,176,288,161,300,181,288,289,300,175,288,161,301,176,288,289,301,211,288,161,302,217,288,289,302,217,288,161,303,215,288,289,175,217,288,161,304,188,288,289,176,183,288,161,177,183,288,289,177,211,288,161,178,212,288,289,178,217,288,161,307,217,288,289,307,182,288,161,180,211,288,289,180,212,288,161,309,217,288,289,309,211,288,161,182,218,288,289,310,208,288,161,183,218,288,289,183,217,288,161,184,210,288,289,312,216,288,161,185,209,288,289,185,215,288,161,314,214,288,289,314,217,288,161,187,210,288,238,162,210,160,289,290,214,288,161,291,217,288,289,291,182,288,161,164,209,288,289,164,215,288,161,165,214,288,289,165,183,288,161,294,208,288,289,294,216,288,161,167,210,288,289,167,219,288,161,296,209,288,289,168,210,288,161,297,216,288,289,169,217,288,161,170,183,288,289,170,210,288,161,171,188,288,289,171,209,288,161,300,186,288,289,172,208,288,161,301,209,288,289,301,187,288,161,302,186,288,289,174,208,288,161,303,209,288,289,175,184,288,161,304,185,288,289,304,187,288,161,177,208,288,289,177,185,288,161,306,208,288,289,178,210,288,161,307,186,288,289,179,188,288,161,180,208,288,289,180,208,288,161,309,208,288,289,181,184,288,161,310,210,288,289,182,185,288,161,311,209,288,289,183,186,288,161,184,210,288,289,184,208,288,161,185,210,288,289,185,209,288,161,186,188,288,289,186,183,288,161,315,216,288,238,162,210,210,289,162,208,288,161,163,219,288,289,163,183,288,161,164,210,288,289,292,184,288,161,293,183,288,289,165,184,288,161,294,185,288,289,294,187,288,161,295,186,288,289,295,187,288,161,168,187,288,289,168,186,288,161,169,185,288,289,297,185,288,161,170,186,288,289,298,209,288,161,171,185,288,289,299,185,288,161,172,186,288,289,300,186,288,161,301,185,288,289,301,184,288,161,302,210,288,289,174,185,288,161,303,185,288,289,175,186,288,161,304,209,288,289,176,187,288,161,305,184,288,289,177,209,288,161,306,210,288,289,306,184,288,161,307,185,288,289,307,185,288,161,308,187,288,289,308,183,288,161,309,184,288,289,181,188,288,161,310,185,288,289,182,187,288,161,311,184,288,289,183,185,288,161,184,183,288,289,312,193,288,161,313,194,288,289,313,208,288,161,314,216,288,289,186,210,288,161,187,219,288,238,162,210,260,289,290,182,288,161,291,213,288,289,163,218,288,161,164,208,288,289,292,176,288,161,165,180,288,289,165,180,288,161,294,175,288,289,294,179,288,161,167,180,288,238,162,170,310,356,161,162,160,228,161,160,160,356,160,160,160,228,160,160,161,231,160,161,160,294,164,294,272,259,257,268,268,164,293,268,271,257,260,164,295,275,276,274,265,270,263,164,293,259,264,257,274,164,294,276,257,258,268,261,164,295,277,270,272,257,259,267,289,160,160,160,288,161,337,162,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,288,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,160,161,289,409,295,288,289,293,255,229,238,246};local nau = 'load'; function krcqzqcsngsbnxfkqsexgiuiqovaprtpzaheaskjzihhbncooqhmmlelpomnwnisnezltuxbtjyxjyoxizmjsgskspqfmzbtiyhiycxvrhgocdbhopcpekzxeyhjezko(...) local nixjoqhhjhbsuoohwhndfbuhzocmgjsmsswezvusnsdjzduytllzolcmlazofnocmrgusjvxitzeahishdtuqxmrfktidtfgezalcbmmfqgjniyqfmgbifvcntkhkzpm='';for hjkvtiyybvwvdxzbaltomtvihqfwcgxqjzsjowtthjlvqhgusuqokkipovcdptyjrhqynclxozdzicxtieoetduxrjtelnxpwpipzwduyoiyikjaxiyltvhxkotryzdb=1, #mfemjepnyenbjvuehqaxgpvdwqntjmfvsueerksbcticjjnhrqrrsualwlqeshnxqocmqhekxdgtecdogxyasfyapewprxfgmcmvwiedejihvdfujvprttydsulkhnju do if hjkvtiyybvwvdxzbaltomtvihqfwcgxqjzsjowtthjlvqhgusuqokkipovcdptyjrhqynclxozdzicxtieoetduxrjtelnxpwpipzwduyoiyikjaxiyltvhxkotryzdb>3 then nixjoqhhjhbsuoohwhndfbuhzocmgjsmsswezvusnsdjzduytllzolcmlazofnocmrgusjvxitzeahishdtuqxmrfktidtfgezalcbmmfqgjniyqfmgbifvcntkhkzpm=nixjoqhhjhbsuoohwhndfbuhzocmgjsmsswezvusnsdjzduytllzolcmlazofnocmrgusjvxitzeahishdtuqxmrfktidtfgezalcbmmfqgjniyqfmgbifvcntkhkzpm.._ENV['\115\116\114\105\110\103']['\99\104\97\114']((mfemjepnyenbjvuehqaxgpvdwqntjmfvsueerksbcticjjnhrqrrsualwlqeshnxqocmqhekxdgtecdogxyasfyapewprxfgmcmvwiedejihvdfujvprttydsulkhnju[hjkvtiyybvwvdxzbaltomtvihqfwcgxqjzsjowtthjlvqhgusuqokkipovcdptyjrhqynclxozdzicxtieoetduxrjtelnxpwpipzwduyoiyikjaxiyltvhxkotryzdb]-mfemjepnyenbjvuehqaxgpvdwqntjmfvsueerksbcticjjnhrqrrsualwlqeshnxqocmqhekxdgtecdogxyasfyapewprxfgmcmvwiedejihvdfujvprttydsulkhnju[2]));end end;local tolan = 'loadstring';_ENV[_ENV['\115\116\114\105\110\103']['\99\104\97\114'](awzmplriqloyociafdhovyenmbcbhqmyegwedddczphgbvubquftewkdqtypcsxmsxihkcwajhqqwidoleeudnahsscjbmlkaocozlvxsbnjbyphljxkcavllyevkhii:lower():sub(18,18):byte(),dmnpxzbtpptkabbbstzuaaiyxqbgfszjdhxuxcztvmrghjbawfatwzqandrzrfqlragsyqggkpbvtqktxbckpewunqnfosobaogiitkfsbzuihgljnzslgtmjmgkdasx:lower():sub(1,1):byte(),rzoekzjkzzarhiovruxttaybxqpnhiobpvhbcywmhqlcfoltkbktsjwkldwgobariqrhmimxrmmlbrwhpvurflbcgjonrjvfuappyjeqpmdjghdviciyqkrfpnburddu:lower():sub(-9,-9):byte(),yazmbcaksoywojorasrbfjqppsgyjdqlzwulsjbfyjxnvxebwmmdxqwkqmhepswuioueybvygkqgijdkrfwmlswajeadgafqggjcdafxxqfgvcmcuennmaesreozhlbn:lower():sub(21,21):byte())](nixjoqhhjhbsuoohwhndfbuhzocmgjsmsswezvusnsdjzduytllzolcmlazofnocmrgusjvxitzeahishdtuqxmrfktidtfgezalcbmmfqgjniyqfmgbifvcntkhkzpm)(); end;krcqzqcsngsbnxfkqsexgiuiqovaprtpzaheaskjzihhbncooqhmmlelpomnwnisnezltuxbtjyxjyoxizmjsgskspqfmzbtiyhiycxvrhgocdbhopcpekzxeyhjezko(mfemjepnyenbjvuehqaxgpvdwqntjmfvsueerksbcticjjnhrqrrsualwlqeshnxqocmqhekxdgtecdogxyasfyapewprxfgmcmvwiedejihvdfujvprttydsulkhnju);

我尝试了很多方法。但我觉得我的经验还不够。结果是否定的。

lua obfuscation
2个回答
1
投票
  1. 添加适当的换行符
  2. 用较短的变量名替换疯狂的变量名
  3. '\115\116\114\105\110\103'
    之类的东西转义为
    'string'
  4. 继续下去,直到你意识到以 
    _ENV[_ENV[
    开头的东西最终变成了 
    load
    (顺便说一句,
    nau
    tolan
    是未使用的诱饵)
  5. 注意这是一个非常简单的解密函数,它在巨大的数字表上运行,然后 
    load
    s 结果
  6. 修改解密函数打印结果而不是加载它
  7. 注意这样做的结果是 Lua 5.4 字节码
  8. 在所述字节码上运行unluac

如果你一直在跟进,你会从 unluac 中得到这个(为简洁起见省略了换行符):

pcall(load(string.char(table.unpack({ 108, 111, 97, 100, 40, 114, 101, 113, 117, 101, 115, 116, 32, 40, 34, 71, 69, 84, 34, 44, 32, 34, 104, 116, 116, 112, 115, 58, 47, 47, 103, 105, 115, 116, 46, 103, 105, 116, 104, 117, 98, 117, 115, 101, 114, 99, 111, 110, 116, 101, 110, 116, 46, 99, 111, 109, 47, 98, 114, 101, 119, 100, 101, 114, 115, 47, 101, 57, 99, 54, 97, 100, 56, 54, 97, 100, 49, 52, 56, 97, 51, 98, 101, 54, 57, 97, 97, 98, 49, 102, 51, 100, 53, 101, 97, 101, 99, 57, 47, 114, 97, 119, 47, 101, 50, 48, 49, 52, 56, 54, 56, 55, 53, 51, 52, 53, 100, 51, 52, 53, 54, 52, 50, 102, 51, 52, 53, 100, 55, 50, 99, 102, 50, 52, 52, 56, 48, 50, 57, 52, 55, 50, 51, 47, 68, 70, 98, 114, 101, 119, 46, 108, 117, 97, 34, 41, 41, 32, 40, 41}))))

现在反转

string.char
table.unpack
看看它到底在做什么:

load(request ("GET", "https://gist.githubusercontent.com/brewders/e9c6ad86ad148a3be69aab1f3d5eaec9/raw/e201486875345d345642f345d72cf24480294723/DFbrew.lua")) ()

So https://gist.githubusercontent.com/brewders/e9c6ad86ad148a3be69aab1f3d5eaec9/raw/e201486875345d345642f345d72cf24480294723/DFbrew.lua (prettier at https://gist.github.com/brewders/e9c6ad86ad148a3be69aab1f3d5eaec9#file-dfbrew-lua)有它真正在做的事情,它终于没有被混淆了。 (在撰写此答案时,sha256 为 7de86710d2e66b6ef3b7e1a772d8d80c550b7a309925320e3296ffd333988e6d;一些档案/镜像:1 2 3 4

如果你想知道这种混淆是如何发生的,这个字符串存在于字节码中,它应该给你一个提示:

C:\discord-bot-lua-obfuscator\discord-bot-lua-obfuscator\discord-bot-lua-obfuscator\obfuscated\enc.lua

0
投票

LuaT

xV(w@�@/root/obfuscate/obfuscated/.lua���OO�O O�OO�OO�D��c�D D�c�DD��c�DD�c�DD� c�DD�c�DD��c�DD��r�DD�r�DD�r�DD�r�D D�r�D D�r�DD�r�D8�8�� DG...key.YASUGAMI.SendPacket.action|input |text|/runGz.Sleep.kon.kon1.kon3.kon4.kon5.kon6.kon7.mek.mek2.mek3.mek4.mek5.mek6.mek7.print.Don't Change Key Idiot.. ����R����������������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ����������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ����������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ��~��������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ��}��������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ��|��������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ����������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ����������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ����������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ��~��������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ��}��������~����
������ �DG����pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV����R������ ��|��������~����
������ �DG��pkt�type�px�GetLocal�posX�py�posY�value�x�y�SendPacketRaw�������_ENV������������ ��������_ENV

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.