[BUG] string encryption dumped

prometheus-lua / Prometheus

Lua Obfuscator written in pure Lua

https://levno-710.gitbook.io/prometheus/

GNU Affero General Public License v3.0

202 stars 60 forks source link

[BUG] string encryption dumped #139

Open fc577294c34e0b28ad2839435945 opened 1 year ago

fc577294c34e0b28ad2839435945 commented 1 year ago

Describe the bug You can easily dump strings in scripts that had EncryptStrings applied by finding " .. " and inserting print() in each result

Expected behavior It should be harder to find the string decryption.

To Reproduce Steps to reproduce the behavior:

Obfuscate with strong preset and use LuaU as the luaVersion:
- AntiTamper's UseDebug must be set to false
```
local constant = "Hello world!"
print(constant)
```

print("Hello world 2!")

2. Beautify obfuscated code
3. Find " .. " with Ctrl+F (include the spaces)
4. Add print() to each result

L87 = L69 .. L82 print(L87);


5. Reminify and run the code

**Screenshots**

![image](https://github.com/prometheus-lua/Prometheus/assets/138093353/24b5a7e3-aac5-46e0-a76c-58e63af88216)

**Additional context**
https://paste.ee/p/62huP - Obfuscated code with strong preset
https://paste.ee/p/8yfqO - Beautified code with print() inserted
https://paste.ee/p/NMisF - Reminified code

levno-710 commented 1 year ago

If somebody has an Idea on how to fix this flaw, please tell me. It would be possible to use string functions like string.gsub or table.concat, but those could easily be hooked. The other option would be, to spam a lot of fake strings through the decryption function, so that the real ones can't be identified, but that would make the code much slower.

fc577294c34e0b28ad2839435945 commented 1 year ago

If somebody has an Idea on how to fix this flaw, please tell me. It would be possible to use string functions like string.gsub or table.concat, but those could easily be hooked. The other option would be, to spam a lot of fake strings through the decryption function, so that the real ones can't be identified, but that would make the code much slower.

Applying SplitStrings (inline) + ProxifyLocals seem to solve this issue, but at the cost of performance.

Doing the string.gsub way will probably only work in LuaU (string:gsub() not string.gsub), since this can be hooked in Lua5.1 but not LuaU (unless there are also ways to hook :gsub() in LuaU)

I suggest to change the decryption function into what calls multiple different functions with their own purpose (returning chunks of the decrypted string, concatenation, etc.), which are randomly generated.

But there may be better ideas than what I said (that might be easier to implement).

SpinnySpiwal commented 10 months ago

I'm going to attempt to add fake strings somehow, one idea is to have 3 different functions all which have part of the string and have these shuffled each time and speak to each other somehow to combine them, obfuscation is about differentiation in the code each time