No announcement yet.

Reverse engineering LUA code

  • Filter
  • Time
  • Show
Clear All
new posts

  • Reverse engineering LUA code

    I have a password embedded in the OnStartup section of my project (SUF9). The password is used later on in the project with the built-in Blowfish encryption. The project is built into Setup.exe.

    I know I should not consider this a secure environment, but I was wondering how easy or difficult it actually is for someone to decompile my Setup.exe and get the password? Are the EXEs compressed or encrypted as well?


  • #2
    Unless you use compiled script, as Lua is an interpreted language, that script needs to become available in readable format in RAM at some moment. In such moments, one could inspect the memory and find your script. If your password is already encrypted and isn't available in source code in plain text, it won't be readable when the RAM is inspected, however this may be not enough for somebody commited to breaking into your code - with access to your code, he could reverse the encryption.

    The safest approach would be not having a password in the code in the first place. Why do you need a password, without getting too much detail, can you explain what you do?