CCBlueX Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. segv segv
    • Profile
    • Following 0
    • Followers 0
    • Topics 3
    • Posts 5
    • Best 3
    • Controversial 0
    • Groups 0

    segv segv

    @segv segv

    4
    Reputation
    15
    Profile views
    5
    Posts
    0
    Followers
    0
    Following
    Joined Last Online

    segv segv Unfollow Follow

    Best posts made by segv segv

    • [TUTORIAL] How to deobfuscate (most) scripts on this forum

      Requirement:

      • js knowledge
      • knowing how to use the terminal (install + run programs)
      • a code editor
      • a brain

      Step 1: Obtain the obfuscated script:

      In this example, I'll use BetterCriticals.

      Before deobfuscation:
      image

      Step 2: Basic deobfuscator and formatter

      • install nodejs (only once)
      • install synchrony
      • create a config file with the following content:
      rename: true
      loose: true
      sourceType: "script"
      
      • put the obfuscated script and the above config file in the same directory, open cmd.exe/terminal and run synchrony -c config [NAME] where name is the file name of the obfuscated script.

      Now the script should look like this:
      image

      Step 3: use brain

      Quick reminder:

      var flyModule = moduleManager.getModule('Fly')
      

      can be obfuscated into

      var flyModule = moduleManager['getModule']('Fly')
      

      and then those strings can be hidden inside a table and used via a decode function (a function that takes an index into the strings table and return the deobfuscated string).

      Use your brain now: what's the decode function in this script:
      image

      If you can't see that the decode function is axolotl_b, stop reading this, else proceed to step 4.

      Step 4: transformer

      Wouldn't it be nice if we can write a program that convert
      image

      into
      image

      by replacing each call of axototl_b with the result of that call?

      4.1: transformer base

      The variable axototl_a contains the encrypted string table for this script so copy that into a new file called transformer.js
      image

      4.2: remove anti debugger and anti formatter:

      Take a look at the decode function:
      image

      Again, if you can't see the part that prevents debugging and formatting, quit reading. For everyone else it's this part:
      image

      WCaJFG only succeeds if tPYtSP is a obfuscated function (in this case, have no newline which our deobfuscated one does). So uhm, remove it I guess.

      fS here is also another anti debug function:
      image

      So by now, you should know what to copy and what to not copy to your transformer.js. Mine look like this.

      4.3: processing input

      First, read read from stdin line by line and String.replace(), particularly the part that cover Specifying a function as the replacement.
      Now add this to your transformer.js:

      function replacer(match, p1, offset, string) {
        return "'" + axolotl_b(p1) + "'";
      }
      function processLine(line) {
        line = line.replaceAll(
          /axolotl_b\('([0-9A-Fa-fxX]+)'\)/g,
          replacer
        );
        console.log(line) // print modified
      }
      
      process.stdin.pipe(require('split')()).on('data', processLine) // for each line, run ProcessLine
      

      Now your transformer.js should look like this. Before running your transformer, run npm install split first.

      Now, run node transformer.js < crits.cleaned.js > crits.js (pretty sure this works on windows too, tested on linux) with crits.cleaned.js being the file produced in step 2 and crits.js is the name of the new file.

      The (almost) deobfuscated script should look like this file or this image:
      image

      Feel free to remove everything before the line

      var scriptName = 'BetterCriticals'
      

      as that is the beginning of most normal script and everything before it have no use from now.

      Step 5: last synchrony

      Repeat step 2 on the file produced by step 4. You should get something similar to this:
      image

      Step 6: Rename variables

      You read the entire thing and have a working brain, I believe you can do this yourself.

      Questions u may have:

      • I need more example: check out my other post in which I deobfuscated? using the same technique.
      • Bad english: yes ik english is not my first language.
      • Setup: images taken from Code OSS with Atom One Dark color scheme, running on Artix Linux.

      Questions I have:

      • What's the name (and creator) of this obfuscator?
      posted in ScriptAPI
      segv segv
      segv segv
    • [REQUEST] Give me your obfuscated scripts, I will deobf it

      Some scripts I have deobfed to prove that I know what I'm doing:

      • BetterCriticals.js: 95% deobfed but some variables don't have correct names

      • AACTP.js: 70% deobfed since this is a very big script, a lot of variables have no meaningful name

      posted in Scripts
      segv segv
      segv segv
    • RE: player.set_motion possible?

      You probably want MovementUtils.strafe(5). It make the player move at the speed of <speed> * 20 bps (in this case, 5*20 = 100 bps) only if W/A/S/D is pressed, else stop entirely (not sure about this part).

      For more movement related functions, checkout MovementUtils.java

      posted in Scripts
      segv segv
      segv segv

    Latest posts made by segv segv

    • [TUTORIAL] How to deobfuscate (most) scripts on this forum

      Requirement:

      • js knowledge
      • knowing how to use the terminal (install + run programs)
      • a code editor
      • a brain

      Step 1: Obtain the obfuscated script:

      In this example, I'll use BetterCriticals.

      Before deobfuscation:
      image

      Step 2: Basic deobfuscator and formatter

      • install nodejs (only once)
      • install synchrony
      • create a config file with the following content:
      rename: true
      loose: true
      sourceType: "script"
      
      • put the obfuscated script and the above config file in the same directory, open cmd.exe/terminal and run synchrony -c config [NAME] where name is the file name of the obfuscated script.

      Now the script should look like this:
      image

      Step 3: use brain

      Quick reminder:

      var flyModule = moduleManager.getModule('Fly')
      

      can be obfuscated into

      var flyModule = moduleManager['getModule']('Fly')
      

      and then those strings can be hidden inside a table and used via a decode function (a function that takes an index into the strings table and return the deobfuscated string).

      Use your brain now: what's the decode function in this script:
      image

      If you can't see that the decode function is axolotl_b, stop reading this, else proceed to step 4.

      Step 4: transformer

      Wouldn't it be nice if we can write a program that convert
      image

      into
      image

      by replacing each call of axototl_b with the result of that call?

      4.1: transformer base

      The variable axototl_a contains the encrypted string table for this script so copy that into a new file called transformer.js
      image

      4.2: remove anti debugger and anti formatter:

      Take a look at the decode function:
      image

      Again, if you can't see the part that prevents debugging and formatting, quit reading. For everyone else it's this part:
      image

      WCaJFG only succeeds if tPYtSP is a obfuscated function (in this case, have no newline which our deobfuscated one does). So uhm, remove it I guess.

      fS here is also another anti debug function:
      image

      So by now, you should know what to copy and what to not copy to your transformer.js. Mine look like this.

      4.3: processing input

      First, read read from stdin line by line and String.replace(), particularly the part that cover Specifying a function as the replacement.
      Now add this to your transformer.js:

      function replacer(match, p1, offset, string) {
        return "'" + axolotl_b(p1) + "'";
      }
      function processLine(line) {
        line = line.replaceAll(
          /axolotl_b\('([0-9A-Fa-fxX]+)'\)/g,
          replacer
        );
        console.log(line) // print modified
      }
      
      process.stdin.pipe(require('split')()).on('data', processLine) // for each line, run ProcessLine
      

      Now your transformer.js should look like this. Before running your transformer, run npm install split first.

      Now, run node transformer.js < crits.cleaned.js > crits.js (pretty sure this works on windows too, tested on linux) with crits.cleaned.js being the file produced in step 2 and crits.js is the name of the new file.

      The (almost) deobfuscated script should look like this file or this image:
      image

      Feel free to remove everything before the line

      var scriptName = 'BetterCriticals'
      

      as that is the beginning of most normal script and everything before it have no use from now.

      Step 5: last synchrony

      Repeat step 2 on the file produced by step 4. You should get something similar to this:
      image

      Step 6: Rename variables

      You read the entire thing and have a working brain, I believe you can do this yourself.

      Questions u may have:

      • I need more example: check out my other post in which I deobfuscated? using the same technique.
      • Bad english: yes ik english is not my first language.
      • Setup: images taken from Code OSS with Atom One Dark color scheme, running on Artix Linux.

      Questions I have:

      • What's the name (and creator) of this obfuscator?
      posted in ScriptAPI
      segv segv
      segv segv
    • RE: player.set_motion possible?

      You probably want MovementUtils.strafe(5). It make the player move at the speed of <speed> * 20 bps (in this case, 5*20 = 100 bps) only if W/A/S/D is pressed, else stop entirely (not sure about this part).

      For more movement related functions, checkout MovementUtils.java

      posted in Scripts
      segv segv
      segv segv
    • RE: Aimbot module but made by the ChatGPT AI

      My thoughts on this:

      • if (!getState()) return: not needed since a module's onUpdate() is only called when that module is enabled
      • for (Object object : mc.theWorld.loadedEntityList): the type of each element in mc.theWorld.loadedEntityList is Entity and the variable name should be entity
      • if (mc.thePlayer.getDistanceToEntity(entity) > fovValue.get()): FOV difference is actually calculated using RotationUtils.getRotationDifference(entity)
      • RotationUtils.faceEntity(): there is no such method and look at an entity isn't that simple, take a look at the actual aimbot in LB
      • isValidTarget(): not very easy to figure out since it depends on thing like Teams, Antibot, friend & NoFriend and Target
      • !LiquidBounce.moduleManager.getModule(Target.class).getValue(): only check if the Target module is enabled or not and is duplicated in 2 cases

      Overall thoughts: It know the value system, somewhat know the imports and utils but need more example on how to use the utils in a way that doesn't sucks

      posted in Kotlin/Java
      segv segv
      segv segv
    • [REQUEST] Give me your obfuscated scripts, I will deobf it

      Some scripts I have deobfed to prove that I know what I'm doing:

      • BetterCriticals.js: 95% deobfed but some variables don't have correct names

      • AACTP.js: 70% deobfed since this is a very big script, a lot of variables have no meaningful name

      posted in Scripts
      segv segv
      segv segv