[SHOWCASE] Rate my Astolfo ClickGUI

All? categories opened:

One category:

Features that I don't think even Astolfo have:

• Expandable ListValue:
  

• Expandable BlockValue and readable block names:
  
  

• Scrollable IntegerValue and FloatValue

• Wider (but uglier) color pallete:
  

That's it for now. If people like this I might implemented it into main LiquidBounce.

Smooth fond mod, make scaled HUD elements look much better.

Requirement:

• js knowledge
• knowing how to use the terminal (install + run programs)
• a code editor
• a brain

Step 1: Obtain the obfuscated script:

In this example, I'll use BetterCriticals.

Before deobfuscation:

Step 2: Basic deobfuscator and formatter

• install nodejs (only once)
• install synchrony
• create a config file with the following content:

rename: true
loose: true
sourceType: "script"

• put the obfuscated script and the above config file in the same directory, open cmd.exe/terminal and run synchrony -c config [NAME] where name is the file name of the obfuscated script.

Now the script should look like this:

Step 3: use brain

Quick reminder:

var flyModule = moduleManager.getModule('Fly')

can be obfuscated into

var flyModule = moduleManager['getModule']('Fly')

and then those strings can be hidden inside a table and used via a decode function (a function that takes an index into the strings table and return the deobfuscated string).

Use your brain now: what's the decode function in this script:

If you can't see that the decode function is axolotl_b, stop reading this, else proceed to step 4.

Step 4: transformer

Wouldn't it be nice if we can write a program that convert

into

by replacing each call of axototl_b with the result of that call?

4.1: transformer base

The variable axototl_a contains the encrypted string table for this script so copy that into a new file called transformer.js

4.2: remove anti debugger and anti formatter:

Take a look at the decode function:

Again, if you can't see the part that prevents debugging and formatting, quit reading. For everyone else it's this part:

WCaJFG only succeeds if tPYtSP is a obfuscated function (in this case, have no newline which our deobfuscated one does). So uhm, remove it I guess.

fS here is also another anti debug function:

So by now, you should know what to copy and what to not copy to your transformer.js. Mine look like this.

4.3: processing input

First, read read from stdin line by line and String.replace(), particularly the part that cover Specifying a function as the replacement.
Now add this to your transformer.js:

function replacer(match, p1, offset, string) {
  return "'" + axolotl_b(p1) + "'";
}
function processLine(line) {
  line = line.replaceAll(
    /axolotl_b\('([0-9A-Fa-fxX]+)'\)/g,
    replacer
  );
  console.log(line) // print modified
}

process.stdin.pipe(require('split')()).on('data', processLine) // for each line, run ProcessLine

Now your transformer.js should look like this. Before running your transformer, run npm install split first.

Now, run node transformer.js < crits.cleaned.js > crits.js (pretty sure this works on windows too, tested on linux) with crits.cleaned.js being the file produced in step 2 and crits.js is the name of the new file.

The (almost) deobfuscated script should look like this file or this image:

Feel free to remove everything before the line

var scriptName = 'BetterCriticals'

as that is the beginning of most normal script and everything before it have no use from now.

Step 5: last synchrony

Repeat step 2 on the file produced by step 4. You should get something similar to this:

Step 6: Rename variables

You read the entire thing and have a working brain, I believe you can do this yourself.

Questions u may have:

• I need more example: check out my other post in which I deobfuscated? using the same technique.
• Bad english: yes ik english is not my first language.
• Setup: images taken from Code OSS with Atom One Dark color scheme, running on Artix Linux.

Questions I have:

• What's the name (and creator) of this obfuscator?

You probably want MovementUtils.strafe(5). It make the player move at the speed of <speed> * 20 bps (in this case, 5*20 = 100 bps) only if W/A/S/D is pressed, else stop entirely (not sure about this part).

For more movement related functions, checkout MovementUtils.java

My thoughts on this:

• if (!getState()) return: not needed since a module's onUpdate() is only called when that module is enabled
• for (Object object : mc.theWorld.loadedEntityList): the type of each element in mc.theWorld.loadedEntityList is Entity and the variable name should be entity
• if (mc.thePlayer.getDistanceToEntity(entity) > fovValue.get()): FOV difference is actually calculated using RotationUtils.getRotationDifference(entity)
• RotationUtils.faceEntity(): there is no such method and look at an entity isn't that simple, take a look at the actual aimbot in LB
• isValidTarget(): not very easy to figure out since it depends on thing like Teams, Antibot, friend & NoFriend and Target
• !LiquidBounce.moduleManager.getModule(Target.class).getValue(): only check if the Target module is enabled or not and is duplicated in 2 cases

Overall thoughts: It know the value system, somewhat know the imports and utils but need more example on how to use the utils in a way that doesn't sucks

Some scripts I have deobfed to prove that I know what I'm doing:

• BetterCriticals.js: 95% deobfed but some variables don't have correct names

• AACTP.js: 70% deobfed since this is a very big script, a lot of variables have no meaningful name