stackoom
  简体   繁体   中英

How to bring debugging information when encryption then lua code use luac

 原文  2018-02-11 03:29:30       lua/ luac

Question

I wrote the following code in the file "orgin.lua"

if test==nil then
    print(aa["bb"]["cc"])  -- to produce a crash
end
print(1120)

when it crash ,it will generate the following information:

lua: origin.lua:3: attempt to index global 'aa' (a nil value)

In order to prevent decompilation and make sure the code is safe,I use the following command to convert my code:

luac -o -s test.lua origin.lua

I know the argument -s is strip debug information, then it do not show the number of rows when crash:

lua: ?:0: attempt to index global 'aa' (a nil value)

but how to bring debugging information when encryption then lua code use luac?Is there any solution?

2 answers

solution1
 1  2018-02-11 06:43:44

There is no way to do this built into Lua, but there are some work-arounds.

If you only need line numbers, then one option is to leave the line numbers in the chunk. Line numbers are not that useful for reverse engineering (unluac currently doesn't use them at all), so it shouldn't affect security. Lua doesn't provide an option for this, but it is easy to modify Lua to leave them in when stripping. From ldump.c

n = (D->strip) ? 0 : f->sizelineinfo;

can be changed to

n = f->sizelineinfo;

(Disclaimer: untested)

A more complicated option would be to modify the Lua runtime to output the virtual machine program counter instead of the line number, and also output information describing the location of the current function in the chunk (eg top level, first function, second function nested in third function, etc). Then the line number could be looked up by the developer in a non-stripped version of the chunk. (Here is a reference to someone using this approach on lua-l -- no source code was provided, though.)

Note that preventing decompilation is not true security. It may help against casual attacks, but Lua bytecode is not hard to read.

solution2
 -1  2018-02-11 09:04:15

luac does not encrypt the output. It compiles your Lua source code to bytecode, that's all. The code is neither encrypted nor does it run any faster, only the loadtime is shorter since the compilation step is not needed.

If you want your code to be encrypted, I suggest to encrypt the bytecode using eg AES-256 and then decode it in memory just before handing it to the Lua state. This way the bytecode is encrypted on disk, but decripted in memory.

The overhead is low. We use this technique since years.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to execute lua bytecode genrated by luac on linux Decompile Luac files - dealing with encryption configure: error: You need 32-bits luac when using lua from contrib Debugging embedded Lua 5.2.2 code How to use the … operator in lua with C code Lua C: How would I use the Lua source code to create a Lua interpreter that will execute given blocks of Lua code? Lua luac.exe create binary file from string Can bytecode produced by luac be used on computers with no Lua library? Lua Debugging - Detect when the value of a variable changes How to use macro in lua
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM