[BUG] string encryption dumped

Question

[BUG] string encryption dumped

fc577294c34e0b28ad2839435945 opened this issue a year ago · 3 comments

fc577294c34e0b28ad2839435945 commented a year ago

Describe the bug
You can easily dump strings in scripts that had EncryptStrings applied by finding " .. " and inserting print() in each result

Expected behavior
It should be harder to find the string decryption.

To Reproduce
Steps to reproduce the behavior:

Obfuscate with strong preset and use LuaU as the luaVersion:

AntiTamper's UseDebug must be set to false

local constant = "Hello world!"
print(constant)

print("Hello world 2!")

Beautify obfuscated code
Find " .. " with Ctrl+F (include the spaces)
Add print() to each result

L_87_ = L_69_ .. L_82_
print(L_87_);

Reminify and run the code

Screenshots

Additional context
https://paste.ee/p/62huP - Obfuscated code with strong preset
https://paste.ee/p/8yfqO - Beautified code with print() inserted
https://paste.ee/p/NMisF - Reminified code

Answer 1 · 2023-06-29T08:40:45.000Z

If somebody has an Idea on how to fix this flaw, please tell me.
It would be possible to use string functions like string.gsub or table.concat, but those could easily be hooked.
The other option would be, to spam a lot of fake strings through the decryption function, so that the real ones can't be identified, but that would make the code much slower.

Answer 2 · 2023-07-01T08:12:32.000Z

If somebody has an Idea on how to fix this flaw, please tell me. It would be possible to use string functions like string.gsub or table.concat, but those could easily be hooked. The other option would be, to spam a lot of fake strings through the decryption function, so that the real ones can't be identified, but that would make the code much slower.

Applying SplitStrings (inline) + ProxifyLocals seem to solve this issue, but at the cost of performance.

Doing the string.gsub way will probably only work in LuaU (string:gsub() not string.gsub), since this can be hooked in Lua5.1 but not LuaU (unless there are also ways to hook :gsub() in LuaU)

I suggest to change the decryption function into what calls multiple different functions with their own purpose (returning chunks of the decrypted string, concatenation, etc.), which are randomly generated.

But there may be better ideas than what I said (that might be easier to implement).

Answer 3 · 2023-08-27T23:17:47.000Z

I'm going to attempt to add fake strings somehow, one idea is to have 3 different functions all which have part of the string and have these shuffled each time and speak to each other somehow to combine them, obfuscation is about differentiation in the code each time