Jump to content

luac.mtasa.com and us

darkdreamingdan

By darkdreamingdan
in Scripting

Recommended Posts

darkdreamingdan Foot Soldier

darkdreamingdan

Posted
  • Author
Posted
There won't be anything like this. Ever.

Also, I don't think its needed. Disabling cache + serverside stuff won't be downloaded anyway.

Thats all you need.

In the end, MTA stuff isn't that valuable at all.

I completely concur. I don't think people really understand the technical limitations of "key generator" idea, and how it basically means we spend a lot of time implementing something that more or less won't improve the decompilation situation at all.

Link to comment
  • 2 weeks later...
  • Replies 79
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

darkdreamingdan
darkdreamingdan

In September 2013, we launched a service to compile Lua files for your MTA servers, hosted within our web network - https://luac.multitheftauto.com . Currently, the service offers some basic encrypti

botder
botder

Stop throwing words at me, which I don't deserve. I am not going to tell anybody how to do it nor abuse it myself to steal scripts - I can do my own and without server scripts it's pretty pointless. T

Hale
Hale

Happens sometimes, try restarting your browser or wait a couple of minutes. EDIT: Just noticed the date of his post...

  • MTA Team
sbx320 Rat

sbx320

Posted
  • MTA Team
Posted

The MTA Client always runs under a 32bit environment since GTA SA is a 32bit executable. As far as I know ASLR is active for MTA's libraries, but ASLR isn't designed to stop people from stealing your scripts.

As long as you execute anything on the client it will be stealable, no matter how many layers of protection are added. In the end, Lua always needs to be able to execute the code. The current no-cache option plus encrypting your files over luac.multitheftauto.com should be enough to stop most script thiefs already. Those who have the ability to steal your scripts despite that are probably capable of implementing the same things you did on their own.

Link to comment
  • 4 weeks later...
.:HyPeX:. Lil' G

.:HyPeX:.

Posted
Posted

As sbx320 stated, any client-side script should be able to be stealable no matter what, just the difficulty on the decrypting changes.

So, basically the actual barrier is not overlapable by everyone, and everyone that does overlap it can go far more into harder stuff.

In the end the actual idea, is to stop the people who cant make scripts on themselves so steal them, since the one who has the level to steal it with this will pretty much do the script by himself before?

Link to comment
  • 2 weeks later...
Woovie Banger

Woovie

Posted
Posted
Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

1. We don't allow scripts compiled by others to execute for security reasons stated in the main post. Did you even read it?

2. It would be obvious that the person with the private key could decompile your scripts.

3. Moderators do not have access to this key, most admins probably don't either.

If you wish to spout any more rubbish, feel free.

Link to comment
myonlake Shooter

myonlake

Posted
Posted
There's something I've wanted to ask,

When luac.multitheftauto.com launched, it had an 'encrypt' option. But some months ago it was replaced with the 'extra obfuscation' one. Why?

Probably because the encryption is pretty much extra obfuscation. It is not necessarily fine to call it encryption when clients have the key.

Link to comment
Atton Chump

Atton

Posted
Posted
Difficulty is relative, but even with extra obfuscation it's still easy.

If it is as easy as you say then please prove it my inbox is open.

Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

1. We don't allow scripts compiled by others to execute for security reasons stated in the main post. Did you even read it?

2. It would be obvious that the person with the private key could decompile your scripts.

3. Moderators do not have access to this key, most admins probably don't either.

If you wish to spout any more rubbish, feel free.

A fact that is worth mentioning is that the scripts are decrypted every time they are used. Ciper text would never be executable so in turn everyone must have the decryption key.

Link to comment
myonlake Shooter

myonlake

Posted
Posted
Difficulty is relative, but even with extra obfuscation it's still easy.

If it is as easy as you say then please prove it my inbox is open.

Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

1. We don't allow scripts compiled by others to execute for security reasons stated in the main post. Did you even read it?

2. It would be obvious that the person with the private key could decompile your scripts.

3. Moderators do not have access to this key, most admins probably don't either.

If you wish to spout any more rubbish, feel free.

A fact that is worth mentioning is that the scripts are decrypted every time they are used. Ciper text would never be executable so in turn everyone must have the decryption key.

As seen a while ago by both of us, it is as easy as unlocking your bike's lock.

viewtopic.php?f=91&t=65618&start=45#p670306

Link to comment
ixjf Crime Partner

ixjf

Posted
Posted

There's a very simple way to do it, and it can be achieved with just MTA, in Lua - the functions used were intended to behave that way, but that allows one to decrypt any Lua file in seconds. All you have to do then is decompile the code with a normal Lua decompiler. It's not very difficult.

In the end, you're the one responsible for keeping your code safe. MTA's encryption system is not bullet-proof, none is. But more importantly, it was not meant to secure your files, it was introduced as the alternative to loading Lua bytecode directly, which was disabled due to its security flaws.

Link to comment
Atton Chump

Atton

Posted
Posted
There's a very simple way to do it, and it can be achieved with just MTA, in Lua - the functions used were intended to behave that way, but that allows one to decrypt any Lua file in seconds. All you have to do then is decompile the code with a normal Lua decompiler. It's not very difficult.

In the end, you're the one responsible for keeping your code safe. MTA's encryption system is not bullet-proof, none is. But more importantly, it was not meant to secure your files, it was introduced as the alternative to loading Lua bytecode directly, which was disabled due to its security flaws.

I can find no functions related to what you are talking about and you also forget the obfuscation of the byte code. How you can get around all of that with Lua would be pretty interesting.
Link to comment
.:HyPeX:. Lil' G

.:HyPeX:.

Posted
Posted

I've been wondering with this:

So far, we cannot have a system in wich the client is unnable totally to access our code, becouse the MTA needs to decrypt it to run it, but what if it did not have to decrypt it, couldnt it run it encrypted itself?

Probably i'm just saying buillshit, but any clarification would be accepted :)

Link to comment
myonlake Shooter

myonlake

Posted
Posted
I've been wondering with this:

So far, we cannot have a system in wich the client is unnable totally to access our code, becouse the MTA needs to decrypt it to run it, but what if it did not have to decrypt it, couldnt it run it encrypted itself?

Probably i'm just saying :~, but any clarification would be accepted :)

No, because of technical limitations. You would need to build your own compiler, which is impossible as we have a Lua VM. It would mean changes to source code of Lua etc.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...