How to decompress LUA script from Android .apk assets folder?

Question

I am trying to reverse engineer an Android game to find out the logic behind their calculation.

After extraction of .apk file, there are lua script in /assets/lua folder and all of them have .lua extension. However if open with Text/HEX editor, they are not human readable.

For example: this file

The content of all files end with "droi.lua" signature, made me think this is not a LUA script but some sort of compressed LUA script for Android. And Android has a mechanism to compress file for publishing purpose.

Has anyone experienced this before? Is there a way to make such file readable?

Is there any method / program to decompress files extraced from .apk assets (such as png, lua etc)?

Answer 1

The entropy of the data in that file is very high (Shannon entropy of approximately 7.98, where 8 is the theoretical maximum). I compared this to the entropy of a zipped, or 7zipped text file, and got entropies of more like 6 to 7.

The high entropy, combined with the fact that it doesn't seem to have any identifiable header bytes suggests to me that it is probably encrypted.

If I were you, I would look for a symmetric encryption key embedded in the app.

If you're interested, here's the python script I used to calculate the entropy:

import sys
import math

print('Calculating entropy of: {}'.format(sys.argv[1]))
with open(sys.argv[1], 'rb') as fp:
    data = fp.read()

# Trim off droi.lua
data = data[:-8]

# Calculate the frequency of each byte value in the file
frequencies = []
for b in range(256):
    ctr = 0
    for byte in data:
        if byte == b:
            ctr += 1
    frequencies.append(float(ctr) / len(data))

# Shannon entropy
ent = 0.0
for freq in frequencies:
    if freq > 0:
        ent = ent + freq * math.log(freq, 2)
ent = -ent

print('Shannon entropy:')
print(ent)

Answer 2

I would try to debug it and pause the app when it has loaded the script. I would assume that the app decrypts/decompresses/... the files at some point and stores them in memory so that it can properly access/execute them. If you manage to set a breakpoint at the right place and then search through the memory of the app, you should be able to find it.
The advantage of this method is that it doesn't matter what kind of encryption or compression is used and you don't have to understand the algorithm.

I haven't tried to do things like that on Android before, but I have done it successfully on Windows with tools like Cheat Engine.
Since there is a version of Cheat Engine for Android this should be relatively simple.

Another idea would be to use an app like Preferences Manager and check if you can find anything interesting like an encryption key or maybe a hidden developer option that somehow enables you to see the unencrypted file contents.