我试图弄清楚如何反编译这个模糊的Lua脚本 [英] Im trying to figure out how I can decompile this obfuscated Lua script

问题描述

因此，我一直在尝试找出如何反编译dll，java和Lua文件的方法，但是一旦遇到此问题，我就会感到困惑.

So I've been trying to figure out how to decompile dlls, java, and Lua files but once I ran into this one I got stumped.

有人对我如何反编译有任何想法吗?

Does anyone have any ideas on how I can decompile this?

由于脚本太大，我将其放在pastebin链接中. https://pastebin.com/UsdWEHnm IlIIl1liIllIi1II1Ii.lIl1llIllIii1111lIIIiiii)局部ll1ili1i1Ii1II111li = lIlIlll1Ill1illiliIiI()为i1IiIili111iI1lil1l = lIliI1iii11lilII1IIil，ll1ili1i1Ii1II111li DO IlIIl1liIllIi1II1Ii.l111II111Il1IiIII11i [i1IiIili111iI1lil1l] = lIlIlll1Ill1illiliIiI()结尾lIlIlll1Ill1illiliIiI()lIli1IlI11lIlI1il11i1()lIli1IlI11lIlI1il11i1()lIlIlll1Ill1illiliIiI()lIlIlll1Ill1illiliIiI()lIlIlll1Ill1illiliIiI()lIli1IlI11lIlI1il11i1()本地ll1ili1i1Ii1II111li = lIlIlll1Ill1illiliIiI()-(#{91625，31274，132907，128929，89879，28353，85846，63662，120975，94604，40073，120271，29175，126728，55753，31423，118592，112751，123563，26653} + 49-22-12 + 24 + 10 + 32-27 + 22-35 + 41 + 25 + 29 + 18 + 33 + 32 + 133485)for i1IiIili111iI1lil1l = lIliI1iii11lilII1IIil，ll1ili1i1Ii1II111li do local l1iI1Illil1i1il1iII = {}本地lIlill1IIIlli1iII1ill = lIlIllI1i111lilIi1ilI(i1iIIIii1liiIillilI)l1iI1Illil1i1il1iII.il1li1iilIii1iIll11l = iiIlIlilIlIll1l1l1l(lIlill1IIIlli1iII1ill，#{19814，81950，109054，18321，117777，126276，941，40833，27393，25354，106568，58140，73781，28751，110509，42721，118305，94680，18166，4591} + 26-9 + 9-4-48-2 + 24 + 47-35-83-1-1 + 39，#{34453，33661，37020，5461，3935，7245，90253，30010、122438、78286、50375、62446、101176、126539、91679、59085、67167、93133、73148、54067、13807} + 29-46-15 + 41 + 32-26 + 6-6 + 27-43 + 12-17 + 11 + 6)l1iI1Illil1i1il1iII.llilIilillllll11iil1li1 = iillililIllilll1l1l1l(llill1IIIlli1II1ill)，#{59738，38876，31250，75801，96293，27832，11774，60,98,680,3132-43 + 21-10 + 5-32 + 14-8 + 7-15-19，#{37073，70137，113242，21765，129309，86407，33113，85980，105005，59356，53236，100694，61483，55175，85902，33351，70969，133357，55705，74121，116292，132529}-13-4-47-36-29 + 17-49 + 43-48-42-4-18 + 16 + 201)l1iI1Illil1i1il1iII.，12350，23326，93845，88636，103236，52249，70226，40074，

Since the script was way too big I put it in a pastebin link. https://pastebin.com/UsdWEHnmIlIIl1liIllIi1II1Ii.lIl1llIllIii1111lIIIii = lIli1IlI11lIlI1il11i1() lIli1IlI11lIlI1il11i1() lIli1IlI11lIlI1il11i1() local ll1ili1i1Ii1II111li = lIlIlll1Ill1illiliIiI() for i1IiIili111iI1lil1l = lIliI1iii11lilII1IIil, ll1ili1i1Ii1II111li do IlIIl1liIllIi1II1Ii.l111II111Il1IiIII11i[i1IiIili111iI1lil1l] = lIlIlll1Ill1illiliIiI() end lIlIlll1Ill1illiliIiI() lIli1IlI11lIlI1il11i1() lIli1IlI11lIlI1il11i1() lIlIlll1Ill1illiliIiI() lIlIlll1Ill1illiliIiI() lIlIlll1Ill1illiliIiI() lIli1IlI11lIlI1il11i1() local ll1ili1i1Ii1II111li = lIlIlll1Ill1illiliIiI() - (#{ 91625, 31274, 132907, 128929, 89879, 28353, 85846, 63662, 120975, 94604, 40073, 120271, 29175, 126728, 55753, 31423, 118592, 112751, 123563, 26653 } + 49 - 22 - 12 + 24 + 10 + 32 - 27 + 22 - 35 + 41 + 25 + 29 + 18 + 33 + 32 + 133485) for i1IiIili111iI1lil1l = lIliI1iii11lilII1IIil, ll1ili1i1Ii1II111li do local l1iI1Illil1i1il1iII = {} local lIlill1IIIlli1iII1ill = lIlIllI1i111lilIi1ilI(i1iIIIii1liiIillilI) l1iI1Illil1i1il1iII.il1li1iilIii1iIll11l = iiIlIlilIlIll1l1l1l(lIlill1IIIlli1iII1ill, #{ 19814, 81950, 109054, 18321, 117777, 126276, 941, 40833, 27393, 25354, 106568, 58140, 73781, 28751, 110509, 42721, 118305, 94680, 18166, 4591 } + 26 - 9 + 9 - 4 - 48 - 2 + 24 + 47 - 35 - 8 - 31 - 1 + 39, #{ 34453, 33661, 37020, 5461, 3935, 7245, 90253, 30010, 122438, 78286, 50375, 62446, 101176, 126539, 91679, 59085, 67167, 93133, 73148, 54067, 13807 } + 29 - 46 - 15 + 41 + 32 - 26 + 6 - 6 + 27 - 43 + 12 - 17 + 11 + 6) l1iI1Illil1i1il1iII.lIlilIilillll11iil1li1 = iiIlIlilIlIll1l1l1l(lIlill1IIIlli1iII1ill, #{ 59738, 38876, 31250, 75801, 96293, 27832, 11774, 9098, 31230, 80836, 129303, 101680, 12689, 60836 } - 3 + 38 + 32 - 43 + 21 - 10 + 5 - 32 + 14 - 8 + 7 - 15 - 19, #{ 37073, 70137, 113242, 21765, 129309, 86407, 33113, 85980, 105005, 59356, 53236, 100694, 61483, 55175, 85902, 33351, 70969, 133357, 55705, 74121, 116292, 132529 } - 13 - 4 - 47 - 36 - 29 + 17 - 49 + 43 - 48 - 42 - 4 - 18 + 16 + 201) l1iI1Illil1i1il1iII.I1i1IiiIlIIl1II11IiI = iiIlIlilIlIll1l1l1l(lIlill1IIIlli1iII1ill, #{ 129902, 68496, 976, 73113, 19012, 12350, 23326, 93845, 88636, 103236, 52249, 70226, 40074,

这是一个非常非常非常小的样本，总共有40,000个字符.

This is a VERY VERY VERY small sample, in all there are 40,000 chars.

推荐答案

您可以做一些不同的事情来帮助消除代码中的混淆.

There are a few different things you can do to help get rid of obfuscation in code.

一种方法是找到所有不同的变量和函数名称，并将其替换为比"I1lili1"更具特色的名称，依此类推.这样可以使您更轻松地遵循代码，并且还可以防止相互混淆任何变量.

One would be to find and replace all of the different variable and function names with something more distinctive than "I1lili1" and so on. This would allow you to follow the code much easier and also prevent you confusing any variables with each other.

另一种方法是查找'if'，'while'，'function'和'end'关键字，然后开始缩进代码以使其更具可读性，并且更易于遵循.

Another would be to look for the 'if', 'while', 'function' and 'end' keywords and then start indenting the code to make it more readable and again easier to follow.

上面的代码经常使用长度函数(#)，因为它使用大多数列表作为表示正常数字并防止人们容易看到实际数字的另一种方式.例如:

The above code uses the length function (#) very often as it is using most of the lists as another way to represent normal numbers and prevent people seeing the actual numbers easily. For example:

#{ 10, 372, 67298, 2287, 694, 1, 5039 }

将变为:

7

执行长度功能时.如果将所有这些列表都更改为实际数字，然后在可以消除几乎所有数字之后求解简单的加法和减法方程.

when you perform the length function. If you change all of those lists to actual numbers and then solve the simple addition and subtraction equations after you can get rid of nearly all the numbers.

当然要花很多时间，但这毕竟是混淆代码的关键.如果您不想花几个小时来处理所有代码，可以使用我之前准备的此版本:

Of course doing this will take a lot of time but that's the point of obfuscating the code after all. If you don't want to spend a few hours going through all the code getting rid of the obfuscation you can just use this version I prepared earlier: https://pastebin.com/Amtt8UMP I have used all of the above methods to get rid of some of the obfuscation in the code however you will still need to trace through the program to find the outputs from all the functions.

然而，正如Egor Skriptunoff所评论的那样，这段代码最有可能要做的就是激活一个加载字符串.来自负载字符串的这段代码也可能会被混淆，因此实际上这段代码对您没有用.

As Egor Skriptunoff commented however, all this piece of code will do most likely is activate a loadstring. This code from the loadstring will also probably be obfuscated so in reality this piece of code it useless to you.

希望这会有所帮助！

这篇关于我试图弄清楚如何反编译这个模糊的Lua脚本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！