How can I make Lua scripts un-decompilable?

Asked 14/12, 2011 at 5:25 Answered 27/9, 2013 at 11:46

I have many Lua scripts (for the multiplayer mod Multi Theft Auto) that are compiled, for many reasons, including theft prevention. In reality, this is only a theft deterrent, as Luadec (http://luadec51.luaforge.net/) can easily de-compile the scripts. Does anyone have have any tips on how I can make my scripts un-decompilable?

Presently answered 14/12, 2011 at 5:25 Comment(0)

Encryption; that's really the only way it's going to work. Of course, since your program would have to decrypt them, they could just snatch the decrypted data right out of memory.

So no, there's nothing you can do. Any method is going to be "only a theft deterrent" to some degree. Even compiling to actual assembly is just a deterrent, as this can be decompiled into something not entirely unlike the original source code.

The question is simply how much trouble you want to give the user. Encryption probably gives you the most bang for your buck. This will force them to have to walk through the executable to figure out how to yank the data out of memory. Most casual users won't want to do that.

Lexicon answered 14/12, 2011 at 5:37 Comment(0)

If you wanted to get really serious you could change the opcodes generated and used by the lua vm, then it couldn't be decompiled by off the shelf software. Though this might cause you more problems than it's worth - you'd have to support your own version of lua, and you probably couldn't use things like luajit.

To decompile they'd have to figure out the mapping of opcodes you'd come up with and translate. It probably wouldn't be too hard to do, but I probably wouldn't.

[Update]

Looking at the source it may be fairly easy, there are two files lopcode.c and lopcode.h maybe if you just change the order of the opcodes in these you'll be done. Please post if you end up doing this and it works or not.

Ketch answered 14/12, 2011 at 5:46 Comment(3)

You could make it a little bit harder by changing the order of the operands in the VM instructions as well. – Geochemistry 14/12, 2011 at 10:6

Note that this approach probably does not fully work if you have access to a bytecode lister such as the one provided by luac because you could reverse-engineer the order. But it would be a pain and would probably deter most people. Or be a challenge for the motivated hacker. :-) – Geochemistry 14/12, 2011 at 10:8

Indeed nothing will stop the dedicated hacker with a hex dump. If you include this with encryption as suggested by Nicol below and first run it through a lua obfuscator, only the truly dedicated would be left. – Ketch 15/12, 2011 at 0:4

Multi Theft Auto now supports encryption of scripts. You can compile them online at http://luac.mtasa.com/ or download standalone compiler.

Eisenberg answered 27/9, 2013 at 11:46 Comment(0)

I don't think it's possible. The very nature of the beast (a very minimal language working on a very small VM) basically forbids it.

The best you can hope for is for the decompiled code to be as difficult to understand as possible, for a human.

Coprophilous answered 14/12, 2011 at 12:16 Comment(0)

Recommended topics

Hot tags