Sign in to follow this  
darkdreamingdan

luac.mtasa.com and us

Recommended Posts

There won't be anything like this. Ever.

Also, I don't think its needed. Disabling cache + serverside stuff won't be downloaded anyway.

Thats all you need.

In the end, MTA stuff isn't that valuable at all.

I completely concur. I don't think people really understand the technical limitations of "key generator" idea, and how it basically means we spend a lot of time implementing something that more or less won't improve the decompilation situation at all.

Share this post


Link to post

But MTA is 64-bit? By default it uses memory randomization, so it should be more than "slightly" harder to find something useful in memory, or does this not apply on MTA?

Share this post


Link to post

The MTA Client always runs under a 32bit environment since GTA SA is a 32bit executable. As far as I know ASLR is active for MTA's libraries, but ASLR isn't designed to stop people from stealing your scripts.

As long as you execute anything on the client it will be stealable, no matter how many layers of protection are added. In the end, Lua always needs to be able to execute the code. The current no-cache option plus encrypting your files over luac.mtasa.com should be enough to stop most script thiefs already. Those who have the ability to steal your scripts despite that are probably capable of implementing the same things you did on their own.

Share this post


Link to post

As sbx320 stated, any client-side script should be able to be stealable no matter what, just the difficulty on the decrypting changes.

So, basically the actual barrier is not overlapable by everyone, and everyone that does overlap it can go far more into harder stuff.

In the end the actual idea, is to stop the people who cant make scripts on themselves so steal them, since the one who has the level to steal it with this will pretty much do the script by himself before?

Share this post


Link to post

Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

Share this post


Link to post
Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

1. We don't allow scripts compiled by others to execute for security reasons stated in the main post. Did you even read it?

2. It would be obvious that the person with the private key could decompile your scripts.

3. Moderators do not have access to this key, most admins probably don't either.

If you wish to spout any more rubbish, feel free.

Share this post


Link to post

No you are right, misunderstanding.

Caused of our solved problem.

Share this post


Link to post
Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

Have fun trying to sign the code.

Share this post


Link to post
Have fun trying to sign the code.

Have fun using google translate.

Share this post


Link to post

There's something I've wanted to ask,

When luac.mtasa.com launched, it had an 'encrypt' option. But some months ago it was replaced with the 'extra obfuscation' one. Why?

Share this post


Link to post
There's something I've wanted to ask,

When luac.mtasa.com launched, it had an 'encrypt' option. But some months ago it was replaced with the 'extra obfuscation' one. Why?

Probably because the encryption is pretty much extra obfuscation. It is not necessarily fine to call it encryption when clients have the key.

Share this post


Link to post

Difficulty is relative, but even with extra obfuscation it's still easy.

Share this post


Link to post
Difficulty is relative, but even with extra obfuscation it's still easy.

If it is as easy as you say then please prove it my inbox is open.

Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

1. We don't allow scripts compiled by others to execute for security reasons stated in the main post. Did you even read it?

2. It would be obvious that the person with the private key could decompile your scripts.

3. Moderators do not have access to this key, most admins probably don't either.

If you wish to spout any more rubbish, feel free.

A fact that is worth mentioning is that the scripts are decrypted every time they are used. Ciper text would never be executable so in turn everyone must have the decryption key.

Share this post


Link to post
Difficulty is relative, but even with extra obfuscation it's still easy.

If it is as easy as you say then please prove it my inbox is open.

Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

1. We don't allow scripts compiled by others to execute for security reasons stated in the main post. Did you even read it?

2. It would be obvious that the person with the private key could decompile your scripts.

3. Moderators do not have access to this key, most admins probably don't either.

If you wish to spout any more rubbish, feel free.

A fact that is worth mentioning is that the scripts are decrypted every time they are used. Ciper text would never be executable so in turn everyone must have the decryption key.

As seen a while ago by both of us, it is as easy as unlocking your bike's lock.

viewtopic.php?f=91&t=65618&start=45#p670306

Share this post


Link to post

There's a very simple way to do it, and it can be achieved with just MTA, in Lua - the functions used were intended to behave that way, but that allows one to decrypt any Lua file in seconds. All you have to do then is decompile the code with a normal Lua decompiler. It's not very difficult.

In the end, you're the one responsible for keeping your code safe. MTA's encryption system is not bullet-proof, none is. But more importantly, it was not meant to secure your files, it was introduced as the alternative to loading Lua bytecode directly, which was disabled due to its security flaws.

Share this post


Link to post
There's a very simple way to do it, and it can be achieved with just MTA, in Lua - the functions used were intended to behave that way, but that allows one to decrypt any Lua file in seconds. All you have to do then is decompile the code with a normal Lua decompiler. It's not very difficult.

In the end, you're the one responsible for keeping your code safe. MTA's encryption system is not bullet-proof, none is. But more importantly, it was not meant to secure your files, it was introduced as the alternative to loading Lua bytecode directly, which was disabled due to its security flaws.

I can find no functions related to what you are talking about and you also forget the obfuscation of the byte code. How you can get around all of that with Lua would be pretty interesting.

Share this post


Link to post

There are 2 functions you need to get the decrypted byte code and they are not hidden.

Share this post


Link to post
There are 2 functions you need to get the decrypted byte code and they are not hidden.

assert(loadstring()) ()

Share this post


Link to post

I've been wondering with this:

So far, we cannot have a system in wich the client is unnable totally to access our code, becouse the MTA needs to decrypt it to run it, but what if it did not have to decrypt it, couldnt it run it encrypted itself?

Probably i'm just saying buillshit, but any clarification would be accepted :)

Share this post


Link to post
I've been wondering with this:

So far, we cannot have a system in wich the client is unnable totally to access our code, becouse the MTA needs to decrypt it to run it, but what if it did not have to decrypt it, couldnt it run it encrypted itself?

Probably i'm just saying :~, but any clarification would be accepted :)

No, because of technical limitations. You would need to build your own compiler, which is impossible as we have a Lua VM. It would mean changes to source code of Lua etc.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.