这里的任何人都可以帮助我解密保护本主题末尾链接的LUA脚本的SSL加密吗?基本上,它们是用Base64和SSL编码的,但是我不知道如何处理SSL部分。它们与一个名为Bot of Legends的程序一起使用,有人告诉我可以通过转储该程序的解密功能并使用它来获取SSL密钥来破坏加密,但是我不知道从哪里开始。那。基本上,这些脚本通过连接到编码为脚本的身份验证服务器来工作,而我自己通过从网络数据包嗅探到其身份验证服务器的流量以获取其服务器链接,从而获得了自己的一些信息,并使用以下方法创建了自己的身份验证服务器:然后,Apache从脚本将进入其服务器的网络流量重定向到我自己的网络流量,以获取脚本验证的响应。对于某些具有更强加密功能的脚本,它并不是那么容易,我将不得不获取源代码以删除运行身份验证服务器检查的代码。直到几天前,我还不知道lua编码是如何工作的,甚至还不知道如何通过lua混淆对简单文本文件中的编码进行身份验证服务器检查。所以,请允许我,如果有人可以鸣叫,让我对我的工作有所了解,请允许我。

问候,

克里斯

*** PasteBin链接到原始格式的问题脚本:http://pastebin.com/raw.php?i=bG0VqQGW

首先是Base64部分,底部是SSL部分。

最佳答案

print("SSL Decoder version 2.0")
print("Copyright (C) 2015")
print("Decoding Started...")

local infilename = select(1,...)
local outfilename = select(2,...)

local infile = io.open(infilename, "r")

if not infile then
  error("Failed to open input file.")
end

local intext = infile:read("*a")

infile:close()

local ssltabletext = intext:match("SSL%s*%(%s*%{([%s,0-9]*)%}%s*%)")

if not ssltabletext then
  error("Could not find ssl table in source file.")
end

local ssltable = load("return {"..ssltabletext.."}")()

if #ssltable < 255 then
  error("SSL table is too short -- can't find table encryption key.")
end

-- find decryption key for the ssl table
local decrypt = {}

decrypt[0] = 0
for i = 1,255 do
  local dec = i
  local enc = ssltable[i]
  assert(decrypt[enc] == nil)
  decrypt[enc] = dec
end

-- decrypt ssl table
for i = 256, #ssltable - 256 do -- not sure what last 256 bytes are
  ssltable[i] = decrypt[ssltable[i] ]
end

-- If this does a stack overflow, easy to change to something dumb but more robust
local sslcode = string.char(table.unpack(ssltable, 256, #ssltable - 256))

-- This is interesting --
--print(sslcode)

local keyindex = sslcode:match("local Key%s*=%s*'()")
if not keyindex then
  error("Could not find key in decoded ssl table.")
end

local key = sslcode:sub(keyindex)

local length = 0
while true do
  local c = key:sub(length+1, length+1)
  if c == "" then
    error("Key string was not terminated.")
  elseif c == "'" then
    break
  elseif c == "\\" then
    local c2 = key:sub(length+2, length+2)
    if c2:match("%d") then
      local c3 = key:sub(length+3, length+3)
      if c3:match("%d") then
        local c4 = key:sub(length+4, length+4)
        if c4:match("%d") then
          length = length + 4
        else
          length = length + 3
        end
      else
        length = length + 2
      end
    elseif c2 == "x" then
      length = length + 4
    else
      length = length + 2
    end
  else
    length = length + 1
  end
end

key = key:sub(1, length)

if #key == 0 then
  error("Key is empty")
end

print("Key Found! > " .. key)
print("Decoding finished, outfile is at > " .. outfilename)

-- find base64
local b64 = intext:match("_G.ScriptCode%s*=%s*Base64Decode%s*%(%s*\"([a-zA-Z0-9/+]*=*)\"%s*%)")
if not b64 then
  error("Could not find Base-64 encrypted code in source file.")
end

-- base64 decode
local b64val = {}
for i = 0, 25 do
  do
    local letter = string.byte("A")
    b64val[string.char(letter+i)] = i
  end
  do
    local letter = string.byte("a")
    b64val[string.char(letter+i)] = i + 26
  end
end
for i = 0, 9 do
  local numeral = string.byte("0")
  b64val[string.char(numeral+i)] = i + 52
end
b64val["+"] = 62
b64val["/"] = 63
b64val["="] = 0

local encoded = b64:gsub("(.)(.)(.)(.)",function(a,b,c,d)
  local n = b64val[a] * (64 * 64 * 64) + b64val[b] * (64 * 64) + b64val[c] * 64 + b64val[d]
  local b1 = n % 256; n = (n - b1) / 256
  local b2 = n % 256; n = (n - b2) / 256
  local b3 = n
  if d == "=" then
    if c == "=" then
      assert(b1 == 0 and b2 == 0)
      return string.char(b3)
    else
      assert(b1 == 0)
      return string.char(b3, b2)
    end
  else
    return string.char(b3, b2, b1)
  end
end)

-- decode
local decoded = encoded:gsub("()(.)", function(i, c)
  local b = c:byte()
  local ki = ((i - 1) % #key) + 1
  local k = key:byte(ki,ki)
  b = b - k
  if b < 0 then b = b + 256 end
  return string.char(b)
end)

-- verify
local result, err = load(decoded)
if not result then
  error("Decoded file could not be loaded -- it may be corrupt... ("..tostring(err)..")")
end

-- output
local outfile = io.open(outfilename, "wb")

if not outfile then
  error("Failed to open output file.")
end

outfile:write(decoded)

outfile:close()


此代码由极限编码器(https://reverseengineering.stackexchange.com/users/1413/extreme-coders

如何使用它,你需要获取lua52.exe
将代码保存到文本文件中,并将其命名为ssl.lua(例如)
现在运行cmd并键入lua52 ssl yourscript.lua解密的script.lua
它会运行并解密。

关于ssl - 协助解密被Base64> SSL混淆的Lua脚本,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/31779624/

10-14 15:02
查看更多