Jump to content

[WIP] SQF DeObfuscation Tool


SpiRe

Recommended Posts

I really don't know why people make SQF code obfuscated ( Entire code in one line ) because it's too easy parse the code just with notepad LOL...

 

I made this simple tool because as server owner you should know what code you run on the server.

 

Place your sqf files to folder with .exe file.

 

So far program is WIP so it can automatically deObfuscate A3AT.sqf and A3AH.sqf...

You can manually enter one custom filename.

 

If you want parse your AH or server side code then be my guest.

You will also get smaller files and infistar's AH seems loading a bit faster.

 

 

Download:

https://github.com/splitx0/SQF_DeObfuscationTool/

 

- InfiStar v0145 supported

 

 

Virus Scans:

 

http://virusscan.jotti.org/en/scanresult/1a03701f2cdb16f945723542cb66c45f053e7af9

https://www.virustotal.com/en/file/a3603353d5b4fb341e0a26811183d462d443d50bc9817deb7a2ef5d022d853e2/analysis/1426598982/

Link to comment
Share on other sites

If you look at the code in A3AH.sqf and A3AT.sqf replace '76561198152111329' with your steam64id and you have full admin access without being listed in the admin list.

Probably a good idea to do this as it should stop script kiddies kicking you from your own server

Also, if you place the folder 'infiSTAR_work_on_AH' in your local Arma3 root folder (on your client) and create TEST.sqf you can trigger it with numpad 0 (like the Skaronator file that everyone was crying about)

A breakdown of the additional key commands that it gives access to I have looked at so far:

Numpad 0 = run TEST.sqf from your local hard drive

Shift V = TP forward 1m

B = Freeze Air. If you are flying a plane or heli it stops you dead (hanging in mid air) until you press B again

F3 = Pickup any object (including players and epoch buildables)

Link to comment
Share on other sites

  • 4 weeks later...

I really don't know why people make SQF code obfuscated ( Entire code in one line ) because it's too easy parse the code just with notepad LOL...

<snip>

What you define there is not obfuscation, removing space characters is called compacting therefore name of this thread and tool could be more accurate with a rename...

 

With regards to uncompacting you are right, anyone with a macro-capable text editor can uncompact about 5K lines per second on an average PC.

 

Obfuscation on the other hand, is the process that makes one's head spin when one tries to follow code and no macro will help with that, at least nowhere near 5K line per second - one would be luckly to get 5 lines per second if anything at all.

 

If done well, reading obfuscated code is so hard that people usually give up which is the main point: here is a contest and here is a good example of obfuscation -- except the fact that code looks like a plane and the code when compiled runs a flight simulator so not totally hidden :)

Also on the subject, there is a good paper from Microsoft Research discussing Obfuscation in detail (perhaps a bit too specific however it's a good read first few pages is of intro nature) if interested search for: On Best-Possible Obfuscation Microsoft Research.

 

You ask why people do that, #1 reason in my experience is fun, occasional practical joke between colleagues handing over an module in obfuscated form (on non-urgent stuff since we would like to keep our jobs at this time) does lead to fun times and usually some reciprocity.

 

For other uses, in my only actual case of obfuscation in the last at least 5 years, I did it to prevent an early fork of an arma3 project before I complete a few milestones I had on mind.

Just to be clear, physical security trumps all in this area too so once one give the code or binary away, one should assume it is broken into, any other assumption is foolish.

I said assume to be broken but it's a matter of numbers game, for example since I am planning to open the code anyway, when I give away code in (semi) obfuscated form, in worst case scenario when someone 'break' the (semi)/quick obfuscation I put in, I won't lose anything at all but I can guarantee that person will have lost several hours if not days or weeks depending on their skill level.

 

On my end it costs near-nothing as I barely renamed files and piped all local vars to random string generator before PBO generation phase.

 

I totally agree software should be free hence the reason I put everything I release (not much though) under GNU GPL and provide the uncompacted/unobfuscated 'normal' source code [even though it's obfuscated in one example for a few weeks only].

 

Your software however is in binary format only (ironically released on GitHub) and it cannot be looked into without a proper decompiler and again massive amounts of time and specialized knowledge.

Hence the solution you offer to counter problem of compacted text code, involve binarized code and basically defeats the initial argument behind it, namely:

people should know what they are running.

 

They will never know what they are running with your EXE unless you release the source, am I wrong...

Link to comment
Share on other sites

What you define there is not obfuscation, removing space characters is called compacting therefore name of this thread and tool could be more accurate with a rename...

 

With regards to uncompacting you are right, anyone with a macro-capable text editor can uncompact about 5K lines per second on an average PC.

 

Obfuscation on the other hand, is the process that makes one's head spin when one tries to follow code and no macro will help with that, at least nowhere near 5K line per second - one would be luckly to get 5 lines per second if anything at all.

 

If done well, reading obfuscated code is so hard that people usually give up which is the main point: here is a contest and here is a good example of obfuscation -- except the fact that code looks like a plane and the code when compiled runs a flight simulator so not totally hidden :)

Also on the subject, there is a good paper from Microsoft Research discussing Obfuscation in detail (perhaps a bit too specific however it's a good read first few pages is of intro nature) if interested search for: On Best-Possible Obfuscation Microsoft Research.

 

You ask why people do that, #1 reason in my experience is fun, occasional practical joke between colleagues handing over an module in obfuscated form (on non-urgent stuff since we would like to keep our jobs at this time) does lead to fun times and usually some reciprocity.

 

For other uses, in my only actual case of obfuscation in the last at least 5 years, I did it to prevent an early fork of an arma3 project before I complete a few milestones I had on mind.

Just to be clear, physical security trumps all in this area too so once one give the code or binary away, one should assume it is broken into, any other assumption is foolish.

I said assume to be broken but it's a matter of numbers game, for example since I am planning to open the code anyway, when I give away code in (semi) obfuscated form, in worst case scenario when someone 'break' the (semi)/quick obfuscation I put in, I won't lose anything at all but I can guarantee that person will have lost several hours if not days or weeks depending on their skill level.

 

On my end it costs near-nothing as I barely renamed files and piped all local vars to random string generator before PBO generation phase.

 

I totally agree software should be free hence the reason I put everything I release (not much though) under GNU GPL and provide the uncompacted/unobfuscated 'normal' source code [even though it's obfuscated in one example for a few weeks only].

 

Your software however is in binary format only (ironically released on GitHub) and it cannot be looked into without a proper decompiler and again massive amounts of time and specialized knowledge.

Hence the solution you offer to counter problem of compacted text code, involve binarized code and basically defeats the initial argument behind it, namely:

people should know what they are running.

 

They will never know what they are running with your EXE unless you release the source, am I wrong...

 

I seriously doubt that i will ever read that...

Link to comment
Share on other sites

nice ...

 

but could you please make it so it just converts all files in current directory instead?

 

pretty annoying when you have to input these super long names when you cant just copy paste the name ...

 

 

Maybe you should, some very good points and information in there. 

 

nobody is gonna read all that ... tbh i feel its just spam for people who are seriusly sick of this retarded way of writing code

 

(i been looking at this for less than a day now and i got a major headache and just wanna kill whoever the retard is that got the idea for this crap)

Link to comment
Share on other sites

Lol, a sense of humour helps too. Am not bashing the OP. The compression talked about is for good reason, to reduce the overall size of the pbo, no point taking up space with whitespace and carriage returns.

 

Though, unless a known source or trusted / signed, I would want to see the source code before running an exe. Why not put it on the github? 

Link to comment
Share on other sites

Lol, a sense of humour helps too. Am not bashing the OP. The compression talked about is for good reason, to reduce the overall size of the pbo, no point taking up space with whitespace and carriage returns.

 

Though, unless a known source or trusted / signed, I would want to see the source code before running an exe. Why not put it on the github? 

 

How much space are you saving ?.

Link to comment
Share on other sites

Dunno, if it's a few k I'm happy, it does build up when you're getting into thousands of lines of code, times that by the number of times it is downloaded. Is just good practice really.

 

I an see some benefit for reducing bandwidth used from the servers you are providing the Epoch downloads from.  This is something that most would not consider and will be another cost to the Dev team if you don't have it hosted on an unlimited bandwidth plan. 

 

From the client side, the one time download saving a few K is probably less worth it.

 

The problem seems to be that by using this techneque you are effectively locking out the 'hobby' modders who just come and browse some code and fancy having a play and learning.  More experienced coders will, of course, be able to reformat the code in to a more human friendly workable format.  Relying on the more die hard coders for modding, I would suggest, may not be the best direction.

 

How about providing instructions for easily reformatting the code for people who want to take a look and get in to modding along with the download.  This way you save the bandwidth and still enable the 'Hobby' modders the ability to have a look and possibly contribute ?.  SHould be pretty trivial for someone with your experience to quickly put together a one pager.

 

This is, of course, if you wish to allow people the ability to provide mods for this code set.

 

It's default for decent web development. I can see the advantages. Maybe bit overkill for this stuff. 

 

Well i guess everything for that 1 extra framerate :P

 

Agreed.  If the code was constantly downloaded everytime someone joined a server etc then maybe it would be worth it from a player / server owners point of view.

 

I read somewhere that [space] and <CR> etc do not slow the code down.  Presumabily the compiler removes them on load.  If I come across the link I will post it up but it was from somewhere like the BIS Wiki of KillZone Kids site.

 

Of course, if anyone has any evidence to the contrary then that would also be very interesting.

Link to comment
Share on other sites

.

an easy way to format it would be open notepad++, press search, press replace, in find what enter a single:

;

now in replace with, enter:

;\r\n

in search mode press extended and last press replace all.

 

this is not 100% reliable, but usually works ...

 

WOuld be nice for a macro to to replace the indents as well though.

 

What people really need is for the instructions to be written in a brief guide and sticky'd to the A3 Epoch mods forum where people can easily find it rather than at the tail end of a thread that is likely to fade in to the mists of obscurity over time.  This would require the forum mods action to complete which means, more likely than not, would require the dev teams approval which is a good indicator on whether the Dev team actually want the code to be easily accessable to the modding community.  We shall see.

 

Alternatively the Dev team could provide copies of the code which is more human friendly as an alternative download for modders.  The majority with no interest in modding can take the 'smaller' package and the modders, and the mod-curious, could take the bigger human readable version. 

 

If, however, the Dev team would rather the community was not easily able to read through their code, possibly for good reasons, then clearly stating so here would clear up some missconceptions and make their position fully clear.  Stickying that statement in the A3 Mod forum will also help to reduce future missconceptions.

 

Keeping quiet and doing nothing really does not help either way :) .

Link to comment
Share on other sites

How much space are you saving ?.

In Arma world, enough savings to make it usual practice for the guys who made Arma :)  ref

 

This was a big thing back in the day when we had memory and disk levels measured with KBs but I guess in this day and age, it's more about the feeling to it than actual data size/savings etc. unless you are in the mission critical or embedded programming domain. I bet Dwarden also does it because of the feeling/habit rather than defendable meaningful data/bandwith savings.

Link to comment
Share on other sites

Interesting read in the ref.  Have you found anything newer along the same lines as that discussion was from May 2013 (A3 Alpha).  More interested in the security TBH.

 

The thread also seems to be aimed more at transfering the code to the client via PV or if the code is in the MPMissions folder.

 

Posts 27 and 28 from that thread sum it up nicely from my point of view...

 

Originally Posted by Twix (BIS forums)

 

It's true of course, but....in this day and age who cares about 90kb on a mission file? It's good practice but nothing to drive yourself nuts over. Clean and commented code is WAY more important than the mission size to me.
Any code that a regular coder can't just open and immediately understand is done wrong in my book, even if it works flawlessly.
A 4Mb instead of 5Mb MBmission on the other hand, who cares...
 
Originally Posted by EddyCK (BIS Forums)

I agree 200% for dynamic data though, especially what you push out and when (and if you really need to).

In my experience JIP causes desync for all clients, so any reduction in the amount of data to be sent to a JIP client is a good thing. Just hopefully people will provide the unminified version upon request (i.e. include a README in the PBO with details on obtaining it, preferably a DH, GitHub, Bitbucket, etc.).
 

 

Link to comment
Share on other sites

I really don't know why people make SQF code obfuscated ( Entire code in one line ) because it's too easy parse the code just with notepad LOL...

 

I made this simple tool because as server owner you should know what code you run on the server.

 

Place your sqf files to folder with .exe file.

 

So far program is WIP so it can automatically deObfuscate A3AT.sqf and A3AH.sqf...

You can manually enter one custom filename.

 

If you want parse your AH or server side code then be my guest.

You will also get smaller files and infistar's AH seems loading a bit faster.

 

 

Download:

https://github.com/splitx0/SQF_DeObfuscationTool/

 

- InfiStar v0145 supported

 

 

Virus Scans:

 

http://virusscan.jotti.org/en/scanresult/1a03701f2cdb16f945723542cb66c45f053e7af9

https://www.virustotal.com/en/file/a3603353d5b4fb341e0a26811183d462d443d50bc9817deb7a2ef5d022d853e2/analysis/1426598982/

hi can you reuploaded pls

Link to comment
Share on other sites

an easy way to format it would be open notepad++, press search, press replace, in find what enter a single:

;

now in replace with, enter:

;\r\n

in search mode press extended and last press replace all.

 

this is not 100% reliable, but usually works ...

 

need to make sure you have the regex/regular expression checkbox ticked for that one.

or you'll come out with some funny looking results

hahaha.

 

;\r\n\t if you want to indent it aswell, but it comes out looking a bit shitty. 

 

for things like a3ah, a3at usually best to select the whole blank space, usually 4-5 tabs worth of blank space,

then use ctrl+h (find and replace) then use \r\n to replace is pretty effective.  

Link to comment
Share on other sites

need to make sure you have the regex/regular expression checkbox ticked for that one.

or you'll come out with some funny looking results

hahaha.

 

i already mentioned that ...

 

 

in search mode press extended and last press replace all.

 

this is not 100% reliable, but usually works ...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Advertisement
  • Discord

×
×
  • Create New...