how to decompile lua with .c format [ compiled as C ]

Question

I was trying to edit a program to make it flexible with my own but there is a problem. It is coded as LUA language and it is compiled as C .

Now I am trying to decompile this file and develop on this file . Can someone give any solution ? As I found we can compile the LUA files like this :

cc -o test test.c -Wall -I/usr/include/lua5.1 -llua5.1

But now I am trying to DECOMPILE it . Please help.

Compiled lua as .C file's photo

Answer 1

A file named test.c that you can give as input to cc is a C source file. You can open it in a text editor and read it.

In this case, it sounds like the C source code has a Lua chunk embedded inside. The C code can link with the Lua library and use it to load and execute the Lua chunk.

Such a C file might look something like this:

// Disclaimer: tested with Lua 5.3 (64-bit)
#include "lua.h"
#include "lualib.h"
#include "lauxlib.h"

#define CODE "print(\"hello world\")\n";
// Or, if the chunk is compiled:
// #define CODE "\x1b\x4c\x75\x61\x53\x00\x19\x93\x0d\x0a\x1a\x0a\x04\x08\x04\x08\x08\x78\x56\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x77\x40\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x04\x00\x00\x00\x06\x00\x40\x00\x41\x40\x00\x00\x24\x40\x00\x01\x26\x00\x80\x00\x02\x00\x00\x00\x04\x06\x70\x72\x69\x6e\x74\x04\x0c\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

int main(int argc, char **argv) {
  lua_State *L = luaL_newstate();
  luaL_openlibs(L);
  luaL_loadbuffer(L, CODE, sizeof(CODE) - 1, NULL);
  lua_call(L, 0, 0);
  lua_close(L);
  return 0;
}

The Lua chunk inside the C source file may or may not be compiled. In either case, it should not be hard to convert it back into a text or binary Lua file.

For example, in Lua (if the binary is encoded as in my example with all bytes as two digit hex escapes):

-- note: replaces file "out.lua" without asking
local binary = [[\x1b\x4c\x75\x61\x53\x00\x19\x93\x0d\x0a\x1a\x0a\x04\x08\x04\x08\x08\x78\x56\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x77\x40\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x04\x00\x00\x00\x06\x00\x40\x00\x41\x40\x00\x00\x24\x40\x00\x01\x26\x00\x80\x00\x02\x00\x00\x00\x04\x06\x70\x72\x69\x6e\x74\x04\x0c\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00]]

binary = binary:gsub("..(..)", function(n)
  return string.char(tonumber(n, 16))
end)

local f = assert(io.open("out.lua", "wb"))
assert(f:write(binary))
assert(f:close())

If the Lua chunk was not compiled to begin with, there is no need to decompile it. If it was compiled, the binary Lua file can be disassembled or decompiled, or even loaded into a compatible Lua interpreter as normal.

There are additional complications that could arise in the C file. There may be multiple Lua chunks. In this case, you may need to deal with each one individually. There may also be some additional obfuscation (eg compression) as well. However, the C program must eventually covert the data into a real Lua chunk before handing it off to the Lua library, so it should be possible grab the wanted data at the point of the hand-off. (The C or Lua source can be modified to write the data out instead of or in addition to loading it, or the data can be dumped directly from memory, perhaps in a debugger. The worst case is if the data is streamed to lua_load without the whole chunk ever being loaded into memory at the same time, but this can still be handled easily.)

Answer 2

yes it is like this but it's all codes are compiled and when i load it it looks like this :

http://www.upsara.com/images/t0r4_2018-02-21_19-57-20.png

but i know it is lua and it contains your code which you wrote