Jump to content

luac.mtasa.com and us


Recommended Posts

There won't be anything like this. Ever.

Also, I don't think its needed. Disabling cache + serverside stuff won't be downloaded anyway.

Thats all you need.

In the end, MTA stuff isn't that valuable at all.

I completely concur. I don't think people really understand the technical limitations of "key generator" idea, and how it basically means we spend a lot of time implementing something that more or less won't improve the decompilation situation at all.

Link to comment
  • 2 weeks later...
  • MTA Team

The MTA Client always runs under a 32bit environment since GTA SA is a 32bit executable. As far as I know ASLR is active for MTA's libraries, but ASLR isn't designed to stop people from stealing your scripts.

As long as you execute anything on the client it will be stealable, no matter how many layers of protection are added. In the end, Lua always needs to be able to execute the code. The current no-cache option plus encrypting your files over luac.multitheftauto.com should be enough to stop most script thiefs already. Those who have the ability to steal your scripts despite that are probably capable of implementing the same things you did on their own.

Link to comment
  • 4 weeks later...

As sbx320 stated, any client-side script should be able to be stealable no matter what, just the difficulty on the decrypting changes.

So, basically the actual barrier is not overlapable by everyone, and everyone that does overlap it can go far more into harder stuff.

In the end the actual idea, is to stop the people who cant make scripts on themselves so steal them, since the one who has the level to steal it with this will pretty much do the script by himself before?

Link to comment
  • 2 weeks later...
Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

1. We don't allow scripts compiled by others to execute for security reasons stated in the main post. Did you even read it?

2. It would be obvious that the person with the private key could decompile your scripts.

3. Moderators do not have access to this key, most admins probably don't either.

If you wish to spout any more rubbish, feel free.

Link to comment
There's something I've wanted to ask,

When luac.multitheftauto.com launched, it had an 'encrypt' option. But some months ago it was replaced with the 'extra obfuscation' one. Why?

Probably because the encryption is pretty much extra obfuscation. It is not necessarily fine to call it encryption when clients have the key.

Link to comment
Difficulty is relative, but even with extra obfuscation it's still easy.

If it is as easy as you say then please prove it my inbox is open.

Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

1. We don't allow scripts compiled by others to execute for security reasons stated in the main post. Did you even read it?

2. It would be obvious that the person with the private key could decompile your scripts.

3. Moderators do not have access to this key, most admins probably don't either.

If you wish to spout any more rubbish, feel free.

A fact that is worth mentioning is that the scripts are decrypted every time they are used. Ciper text would never be executable so in turn everyone must have the decryption key.

Link to comment
Difficulty is relative, but even with extra obfuscation it's still easy.

If it is as easy as you say then please prove it my inbox is open.

Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

1. We don't allow scripts compiled by others to execute for security reasons stated in the main post. Did you even read it?

2. It would be obvious that the person with the private key could decompile your scripts.

3. Moderators do not have access to this key, most admins probably don't either.

If you wish to spout any more rubbish, feel free.

A fact that is worth mentioning is that the scripts are decrypted every time they are used. Ciper text would never be executable so in turn everyone must have the decryption key.

As seen a while ago by both of us, it is as easy as unlocking your bike's lock.

viewtopic.php?f=91&t=65618&start=45#p670306

Link to comment

There's a very simple way to do it, and it can be achieved with just MTA, in Lua - the functions used were intended to behave that way, but that allows one to decrypt any Lua file in seconds. All you have to do then is decompile the code with a normal Lua decompiler. It's not very difficult.

In the end, you're the one responsible for keeping your code safe. MTA's encryption system is not bullet-proof, none is. But more importantly, it was not meant to secure your files, it was introduced as the alternative to loading Lua bytecode directly, which was disabled due to its security flaws.

Link to comment
There's a very simple way to do it, and it can be achieved with just MTA, in Lua - the functions used were intended to behave that way, but that allows one to decrypt any Lua file in seconds. All you have to do then is decompile the code with a normal Lua decompiler. It's not very difficult.

In the end, you're the one responsible for keeping your code safe. MTA's encryption system is not bullet-proof, none is. But more importantly, it was not meant to secure your files, it was introduced as the alternative to loading Lua bytecode directly, which was disabled due to its security flaws.

I can find no functions related to what you are talking about and you also forget the obfuscation of the byte code. How you can get around all of that with Lua would be pretty interesting.
Link to comment

I've been wondering with this:

So far, we cannot have a system in wich the client is unnable totally to access our code, becouse the MTA needs to decrypt it to run it, but what if it did not have to decrypt it, couldnt it run it encrypted itself?

Probably i'm just saying buillshit, but any clarification would be accepted :)

Link to comment
I've been wondering with this:

So far, we cannot have a system in wich the client is unnable totally to access our code, becouse the MTA needs to decrypt it to run it, but what if it did not have to decrypt it, couldnt it run it encrypted itself?

Probably i'm just saying :~, but any clarification would be accepted :)

No, because of technical limitations. You would need to build your own compiler, which is impossible as we have a Lua VM. It would mean changes to source code of Lua etc.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...