|
| 07 Aug 2012 01:43 PM |
In response to the article Bye Bye Bytecode (which is http://blog.roblox.com/2012/08/bye-bye-bytecode/ if you haven't read it yet), where ROBLOX removed bytecode from running, I ported LuLu to ROBLOX and added the standard ROBLOX libraries to it.
LuLu (lulu DOT luaforge DOT net) is a Lua bytecode interpreter in Lua.
It can be found at http://www.roblox.com/Item.aspx?id=89252512 HELLO AGAIN, BYTECODE (AND OBFUSCATION). |
|
|
| Report Abuse |
|
|
|
| 07 Aug 2012 01:44 PM |
| from what i understand this only works on your client. |
|
|
| Report Abuse |
|
|
lucas668
|
  |
| Joined: 18 Jun 2008 |
| Total Posts: 6183 |
|
|
| 07 Aug 2012 01:44 PM |
| Smart thinking there, I like it. |
|
|
| Report Abuse |
|
|
| |
|
stravant
|
  |
 |
| Joined: 22 Oct 2007 |
| Total Posts: 2893 |
|
|
| 07 Aug 2012 01:52 PM |
"HELLO AGAIN, BYTECODE (AND OBFUSCATION)."
Not for anything reasonably complex though, since using this stuff will probably run _at least_ 10x slower than normal, probably even more. |
|
|
| Report Abuse |
|
|
|
| 07 Aug 2012 01:52 PM |
| Stravant, that is true. But at least bytecode can be run. |
|
|
| Report Abuse |
|
|
lucas668
|
  |
| Joined: 18 Jun 2008 |
| Total Posts: 6183 |
|
|
| 07 Aug 2012 01:53 PM |
| Probably only Lua code though. |
|
|
| Report Abuse |
|
|
|
| 07 Aug 2012 02:00 PM |
| Lucas, it can run anything that is compiled into Lua bytecode (LASM) |
|
|
| Report Abuse |
|
|
|
| 07 Aug 2012 02:14 PM |
>local function ld(code) > if code:sub(2, 4) ~= "Lua" then -- if it's not precompiled > return loadstring(code) -- return the base loadstring function > end > return function() -- otherwise, its binary, load it with LuLu > local vm = _G.lulu.newvm() > return vm:run(_G.lulu.loadproto(buff.data)) > end >end
>if code:sub(2, 4) ~= "Lua" then
this is not how you tell if the input to loadstring() is bytecode.
Also, this is a terrible VM. It should definitely be faster. |
|
|
| Report Abuse |
|
|
mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
|
| 07 Aug 2012 02:31 PM |
Speed vs Security The age old trade off.
~Monica |
|
|
| Report Abuse |
|
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 07 Aug 2012 02:32 PM |
| ^ Nothing is fast and secure. |
|
|
| Report Abuse |
|
|
|
| 07 Aug 2012 02:33 PM |
| I'm sure Apple would disagree. |
|
|
| Report Abuse |
|
|
|
| 07 Aug 2012 02:34 PM |
@mew903 I'm sure Apple would disagree. |
|
|
| Report Abuse |
|
|
mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
|
| 07 Aug 2012 02:34 PM |
@tech Security through obscurity is not security.
~Monica |
|
|
| Report Abuse |
|
|
|
| 07 Aug 2012 02:34 PM |
wtf?
e.e I never did @mew903
stupid extensions |
|
|
| Report Abuse |
|
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 07 Aug 2012 02:35 PM |
@Tech
Apple OSX has a lot of shellcode exploits though :3 |
|
|
| Report Abuse |
|
|
mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
|
| 07 Aug 2012 02:36 PM |
Now that Apple is gaining market share, the malware writers will start writing for it.
~Monica |
|
|
| Report Abuse |
|
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 07 Aug 2012 02:37 PM |
| I already wrote a pretty brutal trojan for OSX systems. |
|
|
| Report Abuse |
|
|
mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
| |
|
|
| 07 Aug 2012 02:38 PM |
Apple was present at the Black Hat Conference, and while there are a couple of exploits there's not widespread viruses like Windows is plagued by. And most major exploits are patched within days of being discovered (think Flashback)
Also,
inb4tenal |
|
|
| Report Abuse |
|
|
mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
|
| 07 Aug 2012 02:40 PM |
It only takes one to launch all the nukes.
~Monica |
|
|
| Report Abuse |
|
|
|
| 07 Aug 2012 02:45 PM |
| @Necrobumpist The "ld" function has been patched and now looks for the "\027Lua" binary pattern. |
|
|
| Report Abuse |
|
|
|
| 07 Aug 2012 03:42 PM |
Basically, you transform the code into something that only your VM can run...
However, this makes everything so much slower... and it's incomplete too... |
|
|
| Report Abuse |
|
|
|
| 07 Aug 2012 03:43 PM |
@jAlternate
yeah i guess that's what i was trying to say. hehe |
|
|
| Report Abuse |
|
|