Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Execute lua script

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
Corroder
Grandmaster Cheater Supreme
Reputation: 75

Joined: 10 Apr 2015
Posts: 1667

PostPosted: Tue Jun 16, 2015 7:39 am    Post subject: Execute lua script Reply with quote

Hi, guys...

I made a trainer by CE designer form and writing script some functions in CE -> Table -> Show Cheat Lua Table.
Then i have copy and paste all script into lua engine. And delete all script from Show Cheat Lua Table and execute it from lua engine. It work good. Next i save script in lua engine as a lua file, say it "test.lua" and add this lua file with "add file" in CE -> Table.


The problem when i I save the trainer as CT file and open it, it seem not automatic execute test.lua file which has added in CT file.

Question :
1. Which lua command / function can auto execute test.lua when open
the trainer ?
2. I want it work without add or put test.lua in same directory with CE
trainer file [use require, dofile() or loadfile() ]
3. Does somebody help to explain or help to fix this problem ?
4. Is impossible to store our AOB code in cMemo and call it into aobscan
function ?

Thanks and regards...
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 55

Joined: 01 Oct 2008
Posts: 941

PostPosted: Tue Jun 16, 2015 11:12 am    Post subject: Reply with quote

loadstring and with ce function findTableFile

eg.
Code:
--

function loadTableCode(n)
  local t = findTableFile(n)
  if t ~= nil then
    local s = t.Stream
    local c = readStringLocal(s.Memory,s.Size)
    return c ~= nil and loadstring(c) -- return a function
  end
end

local f = loadTableCode('loadtest.lua')
print(type(f))
if type(f) == 'function' then f() else print('not loaded') end

-- example content of 'loadtest.lua'
-- print('test')
Back to top
View user's profile Send private message
Corroder
Grandmaster Cheater Supreme
Reputation: 75

Joined: 10 Apr 2015
Posts: 1667

PostPosted: Tue Jun 16, 2015 10:07 pm    Post subject: Reply with quote

Thanks Panraven for solution...
I've tried it and it work good.

But the way, when i try open RAM process (use CE memory viewer or Hex Editor) while the trainer running, by open cheatengine-386 and view it in memory editor, still able to read script and codes.

My point is to hide or make hard to read code / script when someone try to leech and or steal the script and codes.

I tried with lua encryption function, e.q :

Code:

local script = string.dump(
    function()
        --Content
        print("Camouflaging Done.")
 
    end
)
 
buff=""
for v=1,string.len(script) do --Convert our string into a hex string.
    buff=buff..'\\'..string.byte(script,v)
end
 
file=io.open('encrypted.txt','w') --Output our bytecode into ascii format to encrypted.txt
file:write(buff)
file:flush()
file:close()


it work only give encrypted code in ASCII format and save it in a txt file. But still able to see script and code by memory viewer or Hex editor.

I am still to look best method / tool which can be use for encrypting or obfuscating script and code. (for Lua Table and or Lua script).

Next, what about your opinion to do protecting our CE file (CETRAINER / STAND ALONE EXE file) script and or code, make it more hard to read in memory viewer or Hex editor :

1. By obfuscating exe file or
2. (Is it Possible) use crypto tool to manipulating text or
3. (is it Possible) change UTF-8 to UTF-16 or other or
4. Other methods

I thinking about put leecher trap (camouflage codes) inside the trainer script with make substitute for some function or codes.

i try doing this for example :
i have original AOB code : D0 D1 66 XX YY 99 9A ZZ
and replace code is : D0 D0 66 XX YY 99 9A 00

Code:

c1 = "D0 D1 66"
c2 = "XX YY 99 9A ZZ"
sp = string(" ")
fs = aobscan()   ------ change function aobsan() name with something
r1 = tostring("0xd0, 0xd0")
r2 = 'tostring(0x00")
-- leecher  trap
-- put fake script here....
-- bla bla bla
-- contains aobscan() / aobswap() / luacall / [ENABLE] [DISABLE] etc etc

function CEButton1Click (sender)
resultList = fs(tostring(c1)+sp+tostring(c2)"+W*X-C")   --- not sure use this "+" to combine all code or use ","
if (resultList) then
   lngt = resultList.getCount()
   for x=0, lngt-1, 1 do
      writeBytes(resultList[x], tostring(r1), 0x66, 0xXX, 0xYY,  0x99, 0x9A, r2)    end
   resultList.Destroy()
   resultList = nil
end


Also i try to change AOB, to a stirng (number) e.q d0 =46, d1 = 47, etc...
or how if we put our code in a memo or as a lua table and load it in a button(s) function ?.

I hope any solution to protecting our script / codes from leecher and steal.

Regards
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Wed Jun 17, 2015 2:41 am    Post subject: Reply with quote

see if you can build(and probably fix) the luac executable using the ce lua source. convert a lua script into raw lua bytecode, and then load that
i never got that to work properly though, so may need some bugfixing (i did get it to work in lua 5.3)

Anyhow, why concern yourself about leechers. Just be the first to publish your findings in public and everyone will know you got it first and give you credits, even if other people find it themselves later on. (it's how patents and scientific research papers work as well)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
panraven
Grandmaster Cheater
Reputation: 55

Joined: 01 Oct 2008
Posts: 941

PostPosted: Wed Jun 17, 2015 7:50 am    Post subject: Reply with quote

load is similar to loadstring, but it use a custom reader function as input instead of explicit string. So the source can be encoded 1st, and decoded by this reader function.

eg.
Code:
--[[
---  this encoding not work for double byte char
local script="local aob = 'my aob 12 ff 22 ee 77 dd' print(#aob) print('-done-')"

local encoded,hash = {},script:len()
for i=1,script:len() do table.insert(encoded,bXor(hash+i,script:sub(i,i):byte()) % 256) end
local ms = createMemoryStream()
ms.write(encoded,#encoded)
ms.saveToFile('_testcode')
ms.Destroy()

--- manual load the disk file '_testcode' as tableFile in ct

--]]

function loadTableCode(n) -- this has to match the encoding method above now
  local t = findTableFile(n)
  local r -- reader function for _load_
  if t ~= nil then
    local s = t.Stream
    local i,hash = -1,s.Size
    r = function()
      i=i+1  -- i is zero-base now, so +1 in xor function
      if i < s.Size then return string.char(bXor(hash+i+1, s.read(1)[1]) % 256) end
    end
  end
  return r ~= nil and load(r) -- a function when execute
end

local ff = loadTableCode('_testcode')

-- the target string should not be found before the function executed? ah.. no, but it is more likely broken in parts in memory.
-- if type(ff)=='function' then ff() else print('not load') end


ofc this is just using an egg to hide the chicken. One can still reveal your encoded code from the loadTableCode in ct xml source , it just rise the bar a bit higher to prevent lame leecher.

No matter how sophisticated the source encoding is, if you provide the aob string for the aobscan / memscan function in run time, the aob string will still stay on the memory 'for a while' . Try use local variable to hold the string so that there is higher chance the string will be garbage collect / overwrote sooner.

The memscan can accept aob as table if I'm not wrong, where -1 means 'wildcard' bytes. Then the aob table can be read from an encoded binary. It is harder to memory search a table than a string, I guess.

Alternatively, you can hide the tree in a forest if using aob string. That's instead of hiding the target aob string, we provide many false targets to confuse a lame leecher. This function generate many aob pattern string and then garbage collect. Try run this function before and after the scanning and in the very beginning of code initial, or periodically from a timer function (n=100 is good enough I think).

Code:
function makeForest(n,showcheck) -- this g for flash bytecode, change if need
  local g = {'202825262a2b29d0d1d2d3d4a0a1a2a3','246263656c6d','2561666869','464f10111213141516'}
  local t,r = {},function(m) return math.floor(math.random()*m) end
  for i=1,n do
    local s,l = {},r(10)+4
    for j=1,l do
      local a = r(#g)
      local k = bShr(r(#g[1+a]),1)
      table.insert(s,string.sub(g[1+a],k*2+1, k*2+2))
      for i=1,a do table.insert(s,'??') end
    end
    t[i]=table.concat(s,' ')
    if showcheck==true then print(t[i]) end
  end
  t = nil -- release
  collectgarbage()
end

makeForest(10,true) -- no true when in actual running
Back to top
View user's profile Send private message
Corroder
Grandmaster Cheater Supreme
Reputation: 75

Joined: 10 Apr 2015
Posts: 1667

PostPosted: Thu Jun 18, 2015 7:15 am    Post subject: Reply with quote

The reason to hide our script / code (for game hack trainer) because a lot of people who join in a game hacking group , perform " leeching " our trainer when we release it to public . Furthermore, they just change the title of the trainer and they claim as their own work and as a founder.
More , they sold or exchanged the trainer with anything is in their advantages.

I just not understand why they don't want to learn, ask how, search some samples and try make it by their own.

I think some of expert cheaters and hackers here ever had experienced something like this and quite resent it.

I am not expert cheater or hacker, that is the reason I am join this forum in connections to learn, ask and share things specially about CE and LUA scripting. All knowledge start from nothing, by learn, it should comes to everything or something useful for ourselves or public.

Thanks to DB for hints and also Panraven for codes and explanation.
I have try implementation the codes to getting out the best work of them.

One question to Panraven (and others), is it better use :

Code:

luaL_loadbuffer(L,script,strlen(script),”=noname”)


to load script even use load_dostring?.
How to implement it intoi a function ?

B/Regards
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 55

Joined: 01 Oct 2008
Posts: 941

PostPosted: Thu Jun 18, 2015 10:11 am    Post subject: Reply with quote

oh, that's c-api for the lua language.
I've no idea exactly how it work.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites