Forbid obfuscation in the scripts category.
-
I'd like to use this opportunity to again advocate for the banning of obfuscation. It delays discovery of any malicious code more than is tolerable. See my previous post on the subject.
-
@cancernameu Answering your previous post.
CCBlueX Forums should automatically deobfuscate scripts and check if it has any malicious code (Malware, account stealers, token loggers, IP grabbers, RATs, etc) and if not, post the script.This would be the best option so far, compared to others.
And this wouldn't be hard, since LiquidBounce developers are aware of how ScriptAPI works (Both v1 and v2), so yeah.
This wouldn't affect people with a good intent in any way (Unless false positives weren't fixed), compared to any of the options that you made in your previous post
-
@bobismymanager I'd argue that some scripts may be very overpowered with some very strange methods on how to disable very good anticheat and person X doesn't want his script to get disclosed. Only possible explanation, but I think it can be solved systematically by approval from Moderator/Administrator
-
-
@6sence sth like onUpload event:
check the script for obfuscation and if it is obfuscated - use .jar or .exe (idk, thats just suggestion) to deobfuscate it. -
@Gabriel
Firstly, fully automatic deobfuscation is not currently possible. Heck, we can't even detemine whether a script even is obfucated yet.Secondly, automatically determining whether a script is malicious is very, very, difficult. We might look at the amount of reflection it uses, but that can be circumvented by adding more native code.
Thirdly, using an automated system, even if it was perfect, to determine whether a user may upload their content is shit.
@natalka Yeah, I agree. While I personally don't see the point of obfuscation, some people might want those elite hax0r points. I personally am opposed to that and think it harms the overall community, however, I don't think it should be banned completely, as people might have valid reasons to obfuscate their code. IMO, manual approval is a good goal, but it's very time-consuming.
@Aftery I mostly agree with you. While a manual approval process would be ideal, it's also timewasteage. A temporary ban on obfuscated scripts, and temporary locking of any threads that post them without prior review, is preferable to me.
@idk-my-name Honestly, I'm convinced you're unfamiliar ith obfuscation,writing code in general, and running a forum. Not only is reliably checking anything for obfuscation pretty much impossible, it isn't even guaranteed that the deobfuscation even works. The only thing that's even remotely viable is run-time analysis, I have no idea on how we would implement this though. Aftery, as one of the most based people here, is once again correct.
-
liqudbounce antivirus
-
@aftery yes like on unkowncheats
-
@cancernameu hehe, i have my own github with my own repos & hacked clientbase using javaagents, also i code my own obfuscator for java bytecode (github.com/xWhitey)
-
@cancernameu i think if js had sth like ObjectWeb ASM, we could automatically deobfuscate js scripts
-
@idk-my-name well yeah but how are you going to get the jar or exe to deobf it lol, you would have to detect the type of obfuscation and then automatically deobf it. it best way to do it is literally not deobf the script just run it on a server and test if it tries to do anything malicious
-
@cancernameu lol that last point same
-
@6sence I do not think, that it is needed to run the script. I think just find for "Runtime" or "System" or getenv or http(s) things
-
@idk-my-name That won't fucking work.
-
@idk-my-name How is WebAssembly going to help us with this?!?
-
@bobismymanager skids, ac devs trying to patch the script...
-
@ender1355 NOOOOOOOO I NEED MY LEET HAXOR POINTS NOOOOOOO
