Forbid obfuscation in the scripts category.
-
id like to advocate for manual approval of scripts rather than forbidding obfuscation
-
@aftery said in Forbid obfuscation in the scripts category.:
id like to advocate for manual approval of scripts rather than forbidding obfuscation
yes I agree
-
@6sence sth like onUpload event:
check the script for obfuscation and if it is obfuscated - use .jar or .exe (idk, thats just suggestion) to deobfuscate it. -
use .jar or .exe
slight chuckle -
@Gabriel
Firstly, fully automatic deobfuscation is not currently possible. Heck, we can't even detemine whether a script even is obfucated yet.Secondly, automatically determining whether a script is malicious is very, very, difficult. We might look at the amount of reflection it uses, but that can be circumvented by adding more native code.
Thirdly, using an automated system, even if it was perfect, to determine whether a user may upload their content is shit.
@natalka Yeah, I agree. While I personally don't see the point of obfuscation, some people might want those elite hax0r points. I personally am opposed to that and think it harms the overall community, however, I don't think it should be banned completely, as people might have valid reasons to obfuscate their code. IMO, manual approval is a good goal, but it's very time-consuming.
@Aftery I mostly agree with you. While a manual approval process would be ideal, it's also timewasteage. A temporary ban on obfuscated scripts, and temporary locking of any threads that post them without prior review, is preferable to me.
@idk-my-name Honestly, I'm convinced you're unfamiliar ith obfuscation,writing code in general, and running a forum. Not only is reliably checking anything for obfuscation pretty much impossible, it isn't even guaranteed that the deobfuscation even works. The only thing that's even remotely viable is run-time analysis, I have no idea on how we would implement this though. Aftery, as one of the most based people here, is once again correct.
-
liqudbounce antivirus
-
@aftery yes like on unkowncheats
-
@cancernameu hehe, i have my own github with my own repos & hacked clientbase using javaagents, also i code my own obfuscator for java bytecode (github.com/xWhitey)
-
@cancernameu i think if js had sth like ObjectWeb ASM, we could automatically deobfuscate js scripts
-
@idk-my-name well yeah but how are you going to get the jar or exe to deobf it lol, you would have to detect the type of obfuscation and then automatically deobf it. it best way to do it is literally not deobf the script just run it on a server and test if it tries to do anything malicious
-
@cancernameu lol that last point same
-
@6sence I do not think, that it is needed to run the script. I think just find for "Runtime" or "System" or getenv or http(s) things
-
@idk-my-name That won't fucking work.
-
@idk-my-name How is WebAssembly going to help us with this?!?
-
@bobismymanager skids, ac devs trying to patch the script...
-
@ender1355 NOOOOOOOO I NEED MY LEET HAXOR POINTS NOOOOOOO
-
@bobismymanager no one really loves skids, the skids have gone too far that they only renamed liquidbounce and called it own client.
-
@bobismymanager well i didnt ask but okay
-
@bobismymanager they are forks as they said, I'm talking about skids that don't even give credit to CCBlueX