search

marsinator358 / luajit-decompiler-v2

LuaJIT bytecode decompiler
Other
204 stars 52 forks source link

Nested luajit and `Invalid argument: --minimize_diffs` #40

Closed Velocet closed 4 months ago

Velocet commented 5 months ago

Hi there, i still got the problem with nested luajit code that doesn't get decompiled. When i run the decompiler the lua file gets decompiled but not the nested part for each line. Here is an example line:

package.preload["random.package.name"] = assert(loadstring("\x1BLJ\x01\x02�\x02\x02\x00\b\x00\x05\x00\x0E4\x00\x00\x00%\x01\x01\x00>\x00\x02\x024\x01\x00\x00%\x02\x02\x00>\x01\x02\x02%\x02\x03\x00%\x03\x04\x00\x10\x04\x00\x00\x10\x05\x02\x00\x10\x06\x03\x00\x10\a\x01\x00>\x04\x04\x02H\x04\x02\x00@com.example.CommandZ/com/example/path/Monitor6Example.logJExample.foobar\frequire\x00", "@Example/path/to/file.lua"))

Whats the problem here?

When using the long option to optimize output formatting it won't work. The short one (-m) works fine.

marsinator358 commented 4 months ago

i still got the problem with nested luajit code that doesn't get decompiled

That's correct, you'll need to dump the raw string to a file and decompile that one separately
(Though it's weird that someone would store the bytecode in a string).

When using the long option to optimize output formatting it won't work. The short one (-m) works fine.

I forgot a continue statement and have updated the current release. Thanks!

Velocet commented 4 months ago

Forgot to mention i already did that! I thought your program wasn't working correctly but i had a suspicion that there was something wrong with the encoding...

After spending too much time to debug this problem i found the culprit: thanks to .NET/PwSh the conversion is wrong. I did a quick test with CyberChefs unescape method and it worked flawlessly. There is only 1 byte(!!!) which .NET gets wrong .. every time ... for every input

Those are such bullshit problems you have to deal with every day. Living in 2024 and still have to take care of something like an unescape function. WTF Microsoft?

In case anyone finds this topic here is some help to get the luajit stripped:

## Decompile all luajit files with .lua and .module extension and recreate the folder structure in a new directory ($PATH_decompiled)
gci -Recurse -File -Include "*.lua","*.module" | % { $null = New-Item -Path $(($_.Directory.FullName).Replace('$PATH','$PATH_decompiled')) -Force -ItemType Directory; .\luajit-decompiler.exe $_.FullName -o $(($_.Directory.FullName).Replace('$PATH','$PATH_decompiled')) }

## Clean the file with the nestings first so each line is the following form: $name = $luajit
## This unescapes every line and writes each line into a file with the name from the first part.
Get-Content .\$file | % { $idx=$_.Split(' = ');Out-File -Path $($idx[0]+'.lua') -InputObject $([Regex]::Unescape($idx[1])) -NoNewline -Force -Encoding ascii }

## And then you can finally convert the rest of the files
Get-ChildItem -Recurse -File -Include "*.lua" | % { .\luajit-decompiler.exe $_ }
Velocet commented 4 months ago

That's correct, you'll need to dump the raw string to a file and decompile that one separately

The problem was that .NET could not handle the wrongly encoded bytes inside the stream. Tried every available .NET writer function .NET to no extent. Writing the file to disk and changing only the wrongly written bytes worked but was sadly no option as there was no easy way to do this for 1000+ files. In the end a little python script did the trick: luajit-convertNested.py

Note the used function to write the file to disk. Every other option had the same byte corruption like .NET. i tried every encoding but nothing worked. A really strange case...

(Though it's weird that someone would store the bytecode in a string).

It isn't that weird: When you look at the extracted line (there are hundreds of them) then it is either to "obfuscate" the code or it is a clever simple trick to have some kind of virtual file system (there is always a filename is the end of each line).