Jump to content

luac.mtasa.com and us

darkdreamingdan

By darkdreamingdan
in Scripting

Recommended Posts

darkdreamingdan Foot Soldier

darkdreamingdan

Posted
  • Author
Posted
There won't be anything like this. Ever.

Also, I don't think its needed. Disabling cache + serverside stuff won't be downloaded anyway.

Thats all you need.

In the end, MTA stuff isn't that valuable at all.

I completely concur. I don't think people really understand the technical limitations of "key generator" idea, and how it basically means we spend a lot of time implementing something that more or less won't improve the decompilation situation at all.

VCP FOREVER!

8298.png

  • 2 weeks later...
  • Replies 79
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

darkdreamingdan
darkdreamingdan

In September 2013, we launched a service to compile Lua files for your MTA servers, hosted within our web network - https://luac.multitheftauto.com . Currently, the service offers some basic encrypti

botder
botder

Stop throwing words at me, which I don't deserve. I am not going to tell anybody how to do it nor abuse it myself to steal scripts - I can do my own and without server scripts it's pretty pointless. T

Hale
Hale

Happens sometimes, try restarting your browser or wait a couple of minutes. EDIT: Just noticed the date of his post...

myonlake Shooter

myonlake

Posted
Posted

But MTA is 64-bit? By default it uses memory randomization, so it should be more than "slightly" harder to find something useful in memory, or does this not apply on MTA?

If I helped you, please click the like button on the right ;) Thanks!

  • MTA Team
sbx320 Rat

sbx320

Posted
  • MTA Team
Posted

The MTA Client always runs under a 32bit environment since GTA SA is a 32bit executable. As far as I know ASLR is active for MTA's libraries, but ASLR isn't designed to stop people from stealing your scripts.

As long as you execute anything on the client it will be stealable, no matter how many layers of protection are added. In the end, Lua always needs to be able to execute the code. The current no-cache option plus encrypting your files over luac.multitheftauto.com should be enough to stop most script thiefs already. Those who have the ability to steal your scripts despite that are probably capable of implementing the same things you did on their own.

  • 4 weeks later...
.:HyPeX:. Lil' G

.:HyPeX:.

Posted
Posted

As sbx320 stated, any client-side script should be able to be stealable no matter what, just the difficulty on the decrypting changes.

So, basically the actual barrier is not overlapable by everyone, and everyone that does overlap it can go far more into harder stuff.

In the end the actual idea, is to stop the people who cant make scripts on themselves so steal them, since the one who has the level to steal it with this will pretty much do the script by himself before?

My ingame nick is ~HyPeX~

BF3 Gamemode Progress: ~30% - Currently working on AI & MapManager

gKhdyRJ.png

  • 2 weeks later...
  • Moderators
IIYAMA Gangsta

IIYAMA

Posted
  • Moderators
Posted

Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

Do you want to improve your Lua programming skills and make less mistakes?   Start with Lua Language Server!   🙀

 

  Useful functions  3x 

Spoiler

   checkPassiveTimer

   getScreenStartPositionFromBox

   getPedGender

  Tutorials  4x 

Spoiler

    Scaling DX

    Events

    Attach an addEventHandler on a group of elements

    Debugging

 

Woovie Banger

Woovie

Posted
Posted
Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

1. We don't allow scripts compiled by others to execute for security reasons stated in the main post. Did you even read it?

2. It would be obvious that the person with the private key could decompile your scripts.

3. Moderators do not have access to this key, most admins probably don't either.

If you wish to spout any more rubbish, feel free.

"The humble beet is the answer to all riddles." - Rolf

  • Moderators
IIYAMA Gangsta

IIYAMA

Posted
  • Moderators
Posted

No you are right, misunderstanding.

Caused of our solved problem.

Do you want to improve your Lua programming skills and make less mistakes?   Start with Lua Language Server!   🙀

 

  Useful functions  3x 

Spoiler

   checkPassiveTimer

   getScreenStartPositionFromBox

   getPedGender

  Tutorials  4x 

Spoiler

    Scaling DX

    Events

    Attach an addEventHandler on a group of elements

    Debugging

 

Atton Chump

Atton

Posted
Posted
Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

Have fun trying to sign the code.

Nikola Tesla is love Nikola Tesla is light.

Email: [email protected]

  • Moderators
IIYAMA Gangsta

IIYAMA

Posted
  • Moderators
Posted
Have fun trying to sign the code.

Have fun using google translate.

Do you want to improve your Lua programming skills and make less mistakes?   Start with Lua Language Server!   🙀

 

  Useful functions  3x 

Spoiler

   checkPassiveTimer

   getScreenStartPositionFromBox

   getPedGender

  Tutorials  4x 

Spoiler

    Scaling DX

    Events

    Attach an addEventHandler on a group of elements

    Debugging

 

'LinKin Pimp

'LinKin

Posted
Posted

There's something I've wanted to ask,

When luac.multitheftauto.com launched, it had an 'encrypt' option. But some months ago it was replaced with the 'extra obfuscation' one. Why?

Need a clanwar script? Click here!

Do you want some free scripts for your DD server? Visit my website.

myonlake Shooter

myonlake

Posted
Posted
There's something I've wanted to ask,

When luac.multitheftauto.com launched, it had an 'encrypt' option. But some months ago it was replaced with the 'extra obfuscation' one. Why?

Probably because the encryption is pretty much extra obfuscation. It is not necessarily fine to call it encryption when clients have the key.

If I helped you, please click the like button on the right ;) Thanks!

Atton Chump

Atton

Posted
Posted
Difficulty is relative, but even with extra obfuscation it's still easy.

If it is as easy as you say then please prove it my inbox is open.

Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

1. We don't allow scripts compiled by others to execute for security reasons stated in the main post. Did you even read it?

2. It would be obvious that the person with the private key could decompile your scripts.

3. Moderators do not have access to this key, most admins probably don't either.

If you wish to spout any more rubbish, feel free.

A fact that is worth mentioning is that the scripts are decrypted every time they are used. Ciper text would never be executable so in turn everyone must have the decryption key.

Nikola Tesla is love Nikola Tesla is light.

Email: [email protected]

myonlake Shooter

myonlake

Posted
Posted
Difficulty is relative, but even with extra obfuscation it's still easy.

If it is as easy as you say then please prove it my inbox is open.

Mta team and moderators, they all can decompile your scripts, it never was save.

Privacy doesn't exist any more in those times. That's all you have to know.

Time to build my own compiler...

1. We don't allow scripts compiled by others to execute for security reasons stated in the main post. Did you even read it?

2. It would be obvious that the person with the private key could decompile your scripts.

3. Moderators do not have access to this key, most admins probably don't either.

If you wish to spout any more rubbish, feel free.

A fact that is worth mentioning is that the scripts are decrypted every time they are used. Ciper text would never be executable so in turn everyone must have the decryption key.

As seen a while ago by both of us, it is as easy as unlocking your bike's lock.

viewtopic.php?f=91&t=65618&start=45#p670306

If I helped you, please click the like button on the right ;) Thanks!

ixjf Crime Partner

ixjf

Posted
Posted

There's a very simple way to do it, and it can be achieved with just MTA, in Lua - the functions used were intended to behave that way, but that allows one to decrypt any Lua file in seconds. All you have to do then is decompile the code with a normal Lua decompiler. It's not very difficult.

In the end, you're the one responsible for keeping your code safe. MTA's encryption system is not bullet-proof, none is. But more importantly, it was not meant to secure your files, it was introduced as the alternative to loading Lua bytecode directly, which was disabled due to its security flaws.

I used to know how to code, but then I took an arrow in the knee.

Project Redivivus - Remaking Old School MTA With New Code

MTA 0.6 Nightly 1 released

Atton Chump

Atton

Posted
Posted
There's a very simple way to do it, and it can be achieved with just MTA, in Lua - the functions used were intended to behave that way, but that allows one to decrypt any Lua file in seconds. All you have to do then is decompile the code with a normal Lua decompiler. It's not very difficult.

In the end, you're the one responsible for keeping your code safe. MTA's encryption system is not bullet-proof, none is. But more importantly, it was not meant to secure your files, it was introduced as the alternative to loading Lua bytecode directly, which was disabled due to its security flaws.

I can find no functions related to what you are talking about and you also forget the obfuscation of the byte code. How you can get around all of that with Lua would be pretty interesting.

Nikola Tesla is love Nikola Tesla is light.

Email: [email protected]

.:HyPeX:. Lil' G

.:HyPeX:.

Posted
Posted

I've been wondering with this:

So far, we cannot have a system in wich the client is unnable totally to access our code, becouse the MTA needs to decrypt it to run it, but what if it did not have to decrypt it, couldnt it run it encrypted itself?

Probably i'm just saying buillshit, but any clarification would be accepted :)

My ingame nick is ~HyPeX~

BF3 Gamemode Progress: ~30% - Currently working on AI & MapManager

gKhdyRJ.png

myonlake Shooter

myonlake

Posted
Posted
I've been wondering with this:

So far, we cannot have a system in wich the client is unnable totally to access our code, becouse the MTA needs to decrypt it to run it, but what if it did not have to decrypt it, couldnt it run it encrypted itself?

Probably i'm just saying :~, but any clarification would be accepted :)

No, because of technical limitations. You would need to build your own compiler, which is impossible as we have a Lua VM. It would mean changes to source code of Lua etc.

If I helped you, please click the like button on the right ;) Thanks!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...