Originally Posted by Kookie
You can distribute compiled code and execute it in WoW. Carbonite when it was closed source has proven this. Using the LUA -c parser will allow you pass an 'encoded' version so that it cannot be reversed.
|
Wrong. Carbonite was never compiled. It was heavily obfuscated, decrypting itself over and over using loadstring(), until the low level obfuscation layer was attained. But the code itself was never compiled, just heavily obfuscated.
Note: I'm saying "compiled" as in "compiled in byte code", not "compiled into an horribly obfuscated version", which would be against the new EULA from Blizzard anyway.
If you don't believe me, load the Wow.exe into a disassembler such as IDA pro free:
http://www.hex-rays.com/idapro/idadownfreeware.htm, and go to 00856190 (valid as of the latest 3.3.5 binary). If you know the Lua Virtual Machine, you'll recognize the f_parser function here, which sourcecode is:
Code:
static void f_parser (lua_State *L, void *ud) {
int i;
Proto *tf;
Closure *cl;
struct SParser *p = cast(struct SParser *, ud);
int c = luaZ_lookahead(p->z);
luaC_checkGC(L);
tf = ((c == LUA_SIGNATURE[0]) ? luaU_undump : luaY_parser)(L, p->z,
&p->buff, p->name);
cl = luaF_newLclosure(L, tf->nups, hvalue(gt(L)));
cl->l.p = tf;
for (i = 0; i < tf->nups; i++) /* initialize eventual upvalues */
cl->l.upvals[i] = luaF_newupval(L);
setclvalue(L, L->top, cl);
incr_top(L);
}
Look at 008561BC: the call here is luaY_parser, and you'll notice that the luaU_undump call from the conditional call is missing. The whole signature reading, condition on signature comparison, and call to the lua vm are being removed here, thus leaving only the ability to load non-precompiled, plain text binaries.
In all cases, I don't see how pre-compiling the addon would protect against anything. Only a key/signature check could. Nothing would prevent me from distributing a pre-compiled malicious piece of code. So that's redundant and irrelevant protection here.
Also, I hope you don't even think of "adjusting" the maximum size of the saved variable by modifying the Wow.exe binary. That, again, would be against the EULA, and probably detected by Warden as a cheat attempt, if you can even pass the authentication with a modified binary that is.
All in all, I too believe this is a bad idea overall. Several reasons:
-) This will drastically explode the size of the saved variables.
-) Circumventing that max size will probably cause troubles.
-) The CPU load to do a signature check will be insane in plain Lua.
-) The overall loading time for players will be insane.
-) The scalability of this kind of distribution method is probably going to make the Blizzard servers crying for their lost bandwidth.
Oh and, several other things "against" pre-compiled Lua code:
-) The bytecode is ridiculously easy to understand and reverse. Thus your "it can not be reversed" argument is void. See
http://luadec.luaforge.net/
-) The bytecode is
machine dependant. World of Warcraft still runs on powerpc machines. Loading pre-compiled lua wouldn't work, because you'd most likely load a little-endian bytecode whereas PPC is big endian.