Forbid obfuscation in the scripts category.

Reply to Forbid obfuscation in the scripts category. on Tue, 29 Mar 2022 20:13:18 GMT

Ali00035 — Tue, 29 Mar 2022 20:13:18 GMT

@faaatpotato @Aftery manual approval of scripts should be done only when its obfuscated, like there should be an API that should check if the script is obfuscated or not, and for deobfuscated scripts, no one would make a malicious script that is not obfuscated

Reply to Forbid obfuscation in the scripts category. on Mon, 28 Mar 2022 16:43:44 GMT

[[global:former-user]] — Mon, 28 Mar 2022 16:43:44 GMT

@faaatpotato said in Forbid obfuscation in the scripts category.:

unkowncheats

unknowncheats? csgo moment

Reply to Forbid obfuscation in the scripts category. on Sun, 11 Jul 2021 17:00:27 GMT

ENDER1355v1 — Sun, 11 Jul 2021 17:00:27 GMT

@bobismymanager they are forks as they said, I'm talking about skids that don't even give credit to CCBlueX

Reply to Forbid obfuscation in the scripts category. on Sun, 11 Jul 2021 16:57:43 GMT

ENDER1355v1 — Sun, 11 Jul 2021 16:57:43 GMT

@bobismymanager well i didnt ask but okay

Reply to Forbid obfuscation in the scripts category. on Sat, 10 Jul 2021 09:02:40 GMT

ENDER1355v1 — Sat, 10 Jul 2021 09:02:40 GMT

@bobismymanager no one really loves skids, the skids have gone too far that they only renamed liquidbounce and called it own client.

Reply to Forbid obfuscation in the scripts category. on Fri, 09 Jul 2021 20:21:02 GMT

[[global:former-user]] — Fri, 09 Jul 2021 20:21:02 GMT

@ender1355 NOOOOOOOO I NEED MY LEET HAXOR POINTS NOOOOOOO

Reply to Forbid obfuscation in the scripts category. on Fri, 09 Jul 2021 20:18:33 GMT

ENDER1355v1 — Fri, 09 Jul 2021 20:18:33 GMT

@bobismymanager skids, ac devs trying to patch the script...

Reply to Forbid obfuscation in the scripts category. on Thu, 08 Jul 2021 11:36:43 GMT

[[global:former-user]] — Thu, 08 Jul 2021 11:36:43 GMT

@idk-my-name How is WebAssembly going to help us with this?!?

Reply to Forbid obfuscation in the scripts category. on Thu, 08 Jul 2021 11:35:58 GMT

[[global:former-user]] — Thu, 08 Jul 2021 11:35:58 GMT

@idk-my-name That won't fucking work.

Reply to Forbid obfuscation in the scripts category. on Wed, 30 Jun 2021 07:53:17 GMT

idk my name — Wed, 30 Jun 2021 07:53:17 GMT

@6sence I do not think, that it is needed to run the script. I think just find for "Runtime" or "System" or getenv or http(s) things

Reply to Forbid obfuscation in the scripts category. on Wed, 30 Jun 2021 03:23:34 GMT

6Sence — Wed, 30 Jun 2021 03:23:34 GMT

@cancernameu lol that last point same

Reply to Forbid obfuscation in the scripts category. on Wed, 30 Jun 2021 03:21:11 GMT

6Sence — Wed, 30 Jun 2021 03:21:11 GMT

@idk-my-name well yeah but how are you going to get the jar or exe to deobf it lol, you would have to detect the type of obfuscation and then automatically deobf it. it best way to do it is literally not deobf the script just run it on a server and test if it tries to do anything malicious

Reply to Forbid obfuscation in the scripts category. on Mon, 28 Jun 2021 19:59:47 GMT

idk my name — Mon, 28 Jun 2021 19:59:47 GMT

@cancernameu i think if js had sth like ObjectWeb ASM, we could automatically deobfuscate js scripts

Reply to Forbid obfuscation in the scripts category. on Mon, 28 Jun 2021 19:54:38 GMT

idk my name — Mon, 28 Jun 2021 19:54:38 GMT

@cancernameu hehe, i have my own github with my own repos & hacked clientbase using javaagents, also i code my own obfuscator for java bytecode (github.com/xWhitey)

Reply to Forbid obfuscation in the scripts category. on Mon, 28 Jun 2021 15:17:10 GMT

FaaatPotato — Mon, 28 Jun 2021 15:17:10 GMT

@aftery yes like on unkowncheats

Reply to Forbid obfuscation in the scripts category. on Mon, 28 Jun 2021 14:39:22 GMT

DreamWasFucked — Mon, 28 Jun 2021 14:39:22 GMT

liqudbounce antivirus

Reply to Forbid obfuscation in the scripts category. on Mon, 28 Jun 2021 14:30:48 GMT

[[global:former-user]] — Mon, 28 Jun 2021 14:30:48 GMT

@Gabriel
Firstly, fully automatic deobfuscation is not currently possible. Heck, we can't even detemine whether a script even is obfucated yet.

Secondly, automatically determining whether a script is malicious is very, very, difficult. We might look at the amount of reflection it uses, but that can be circumvented by adding more native code.

Thirdly, using an automated system, even if it was perfect, to determine whether a user may upload their content is shit.

@natalka Yeah, I agree. While I personally don't see the point of obfuscation, some people might want those elite hax0r points. I personally am opposed to that and think it harms the overall community, however, I don't think it should be banned completely, as people might have valid reasons to obfuscate their code. IMO, manual approval is a good goal, but it's very time-consuming.

@Aftery I mostly agree with you. While a manual approval process would be ideal, it's also timewasteage. A temporary ban on obfuscated scripts, and temporary locking of any threads that post them without prior review, is preferable to me.

@idk-my-name Honestly, I'm convinced you're unfamiliar ith obfuscation,writing code in general, and running a forum. Not only is reliably checking anything for obfuscation pretty much impossible, it isn't even guaranteed that the deobfuscation even works. The only thing that's even remotely viable is run-time analysis, I have no idea on how we would implement this though. Aftery, as one of the most based people here, is once again correct.

Reply to Forbid obfuscation in the scripts category. on Mon, 28 Jun 2021 07:59:42 GMT

Aftery — Mon, 28 Jun 2021 07:59:42 GMT

use .jar or .exe
slight chuckle

Reply to Forbid obfuscation in the scripts category. on Mon, 28 Jun 2021 07:52:56 GMT

idk my name — Mon, 28 Jun 2021 07:52:56 GMT

@6sence sth like onUpload event:
check the script for obfuscation and if it is obfuscated - use .jar or .exe (idk, thats just suggestion) to deobfuscate it.

Reply to Forbid obfuscation in the scripts category. on Mon, 28 Jun 2021 06:55:21 GMT

6Sence — Mon, 28 Jun 2021 06:55:21 GMT

@aftery said in Forbid obfuscation in the scripts category.:

id like to advocate for manual approval of scripts rather than forbidding obfuscation

yes I agree

Reply to Forbid obfuscation in the scripts category. on Mon, 28 Jun 2021 06:54:37 GMT

6Sence — Mon, 28 Jun 2021 06:54:37 GMT

@gabriel how is it meant to automatically deobf them?

Reply to Forbid obfuscation in the scripts category. on Mon, 28 Jun 2021 06:44:12 GMT

Aftery — Mon, 28 Jun 2021 06:44:12 GMT

id like to advocate for manual approval of scripts rather than forbidding obfuscation

Reply to Forbid obfuscation in the scripts category. on Mon, 28 Jun 2021 06:43:49 GMT

natalka — Mon, 28 Jun 2021 06:43:49 GMT

@bobismymanager I'd argue that some scripts may be very overpowered with some very strange methods on how to disable very good anticheat and person X doesn't want his script to get disclosed. Only possible explanation, but I think it can be solved systematically by approval from Moderator/Administrator

Reply to Forbid obfuscation in the scripts category. on Sun, 27 Jun 2021 22:41:41 GMT

Gabriel — Sun, 27 Jun 2021 22:41:41 GMT

@cancernameu Answering your previous post.
CCBlueX Forums should automatically deobfuscate scripts and check if it has any malicious code (Malware, account stealers, token loggers, IP grabbers, RATs, etc) and if not, post the script.

This would be the best option so far, compared to others.

And this wouldn't be hard, since LiquidBounce developers are aware of how ScriptAPI works (Both v1 and v2), so yeah.

This wouldn't affect people with a good intent in any way (Unless false positives weren't fixed), compared to any of the options that you made in your previous post