Explaining Obfuscation [Massive Thread]

NOTE : If I make any spelling mistakes or something is messed up in my explanation, I didn't explain properly, please tell me where my mistake is and I will fix it, this because I made this at 2 AM.

 

Hello,

welcome to my retarded thread as I speak about how obfuscation works and how reverse engineering obfuscation works without using any 'advanced' lua terms, please forgive me if you don't understand something, reply and I will give an explanation as I'm trying to make this very beginner friendly.

 

 

What is obfuscation?

Obfuscation is hiding your source code in a secure way, for example, let's say this script :

 

local Hamburgers = 5

if Hamburgers == 5 then
 print("We got 5 hamburgers!")
else
 print("no hamburger :(")

is very important and we've spent months working on it, and it's some big project or cracked version of Hub, whatever and I don't want the developer of this Hub patching my script or if you have a script for a game, you don't want the developer to patch your source code.

 

 

We will obfuscate it to protect it, obfuscation is basically encryption. We will take a lot at Synapse Xen, an old obfuscation that used to be very popular. https://pastebin.com/raw/ZsMTy0Cf

 

If you don't believe that the script will work, try executing it on a modern executor such as Fluxus or Synapse X. Now, as you can see, obfuscation is to protect your script from people seeing the source code.

 

But sadly, not all obfuscation is good and there are only little obfuscation that have been proven to stop all sorts of deobfuscation such as Luraph, MoonSec Premium, PSU Premium 

 

 

 

How does Obfuscation work?

Obfuscation takes your source code and smashes it into a very confusing enviorment, the main goal for obfuscation is to prevent the user reading it from not understanding on what's going on.

 

It uses a lot of math logic and functions that most new users are not aware on how to use and smashes it in a VERY big confusing script that even a experienced scripter will have no idea what's going on. 

 

Obfuscation is amazing, why doesn't everyone use it?

From what you understand, obfuscation is a very nice tool to have in your tool kit while making Roblox Scripts, it prevents developers patching scripts for their games and more. So why doesn't everyone use it?

 

- Preformance

Thanks to obfuscation, your code is secure but if you take another look at the script, you can notice how it uses a lot of functions and math to load your scripts dozens of times. This can increase lag on the user's computer or even make the exploit not work from how complicated the script is and makes it require a paid exploit.

 

- Script Compatibility

If every script used obfuscation, exploits like JJSploit would lag or crash when they inject & execute because it uses a lot of stuff that free exploits or trashy exploits can't handle. But if you have an exploit like ScriptWare, Sentinel, Synapse X, ProtoSmasher, etc. You will be fine but the other users will not be able to use it.

 

- Possible Backdoor

A lot of obfuscation might use backdoors, this means when you use a discord bot or website to obfuscate your script, the website sends your script to the owner and then obfuscates you script, and sends the obfuscated script back to you. Sometimes the owner might even leak your script or make a cracked version. I personally suspect Luraph of doing this but we never know. The only obfuscation that was secure was Synapse Xen but sadly it is now discontinued and you can't use it anymore and risks your script falling into the wrong hands.

 

There is a lot of good things that come with obfuscators, but there are always bad signs.

 

 

What is deobfuscation?

Deobfuscation is a tool used to combat obfuscation. Deobfuscation tries to take the confusing obfuscation and tries to convert it to normal Lua for the person to steal your script or patch it for their Roblox game, luckily deobfuscation only works on the obfuscator it was targetted for because all obfuscators are different, some are even good enough to change how it works everytime you obfuscate making it almost impossible.

 

How do I deobfuscate?

Deobfuscating is a very complicated process, every obfuscation is different. The only universal way of 'deobfuscating' is constant dumping. 

 

Constant Dumping is not really 'deobfuscation' but more of tampering with the script to understand what it's doing, here is an example. Let's say, an obfuscated script that is 

print("Hello World!")

and you get the constants of that obfuscated script, and you use constant dumping to reverse engineer the code, this is what you will see after constant dumping

print
Hello World

It is not 100% deobfuscation or deobfuscation at all, deobfuscation will give you back the entire source code clean, constant dumping lets you see what is going on. If you have enough experience, a developer for the game might understand how the code works and patches it. Good obfuscation do have anti-constant dumping protection but most of them can easily be bypassed

 

 

Should I use obfuscation?

It really depends on your script. I can't judge since I don't know what your script but it depends on how important you think your script is. If your script is some skidded hub, don't use obfuscation, there isn't a point. But if it's something you worked VERY hard for or you just don't want people to see the source code, use good obfuscation.