Does corona compile apps' differently than others ?

I grabbed one of my apks and tried to decompile it and extract the lua files to see what a potential threat would it make if someone decompiled my scripts.

After I successfully decompiled my lua files I found my lua codes as they are with no obfuscation and even variable names are the same as I declared them.

I was curious how big app’s built with corona would deal with this issue so I grabbed one app’s apk and when I decompiled their lua’s files the exact same way I did to mine, the file was unreadable with a lot of errors.

I want to know how was the other app able to achieve this so I can do the same for my app.

Here is a sample of the lua code extracted from the other app

 L4\_15 = \_UPVALUE0\_ L4\_15 = L4\_15.encode L5\_16 = L3\_14 L4\_15 = L4\_15(L5\_16) L5\_16 = system L5\_16 = L5\_16.pathForFile L6\_17 = A0\_11 L5\_16 = L5\_16(L6\_17, A1\_12) L6\_17 = io L6\_17 = L6\_17.open L6\_17 = L6\_17(L5\_16, "w+") if L6\_17 then L6\_17:write(L4\_15) io.close(L6\_17) L6\_17 = nil end else L4\_15 = \_UPVALUE1\_ L5\_16 = L4\_15 L4\_15 = L4\_15.error

Thanks in advance.

No. I don’t think so. I don’t know what tool you used to decompile. If it was LuaDec51 then that one has problems with while loops and throws an error for each of them. As far as the code you presented it looks like they obfuscated the file before compiling. I think @roaminggammer had a service or tool that would do something similar (I can’t find the thread now).

Other options if you are concerned:

1. You can encrypt everything and then have a function that decrypts and returns a Lua library. Never done it but should be fairly easy to implement.

2. You can store the files on a server and pull them down at runtime.

3. You can probably use one of many tools online that do lua obfuscation.

But non of these options are fail proof. On a side note my super dumb TicTacToe game was stolen (a couple of years ago) by somebody and then re-skinned and put back up on the store. Their version of my game ended up being more popular than my game for a while (maybe they were advertising) but they forgot or didn’t know how to change the advertising keys for kidoz.net. Anyway I still get impressions from this version of my game. 

Are you comparing an apk that is signed with a debug key vs. a release key? I think we strip debugging symbols with release builds but not debug builds unless you set a flag in build.settings telling us to keep them. I don’t know if we use obfuscation on not but it could be something as simple as this.

Rob

No. I don’t think so. I don’t know what tool you used to decompile. If it was LuaDec51 then that one has problems with while loops and throws an error for each of them. As far as the code you presented it looks like they obfuscated the file before compiling. I think @roaminggammer had a service or tool that would do something similar (I can’t find the thread now).

Other options if you are concerned:

1. You can encrypt everything and then have a function that decrypts and returns a Lua library. Never done it but should be fairly easy to implement.

2. You can store the files on a server and pull them down at runtime.

3. You can probably use one of many tools online that do lua obfuscation.

But non of these options are fail proof. On a side note my super dumb TicTacToe game was stolen (a couple of years ago) by somebody and then re-skinned and put back up on the store. Their version of my game ended up being more popular than my game for a while (maybe they were advertising) but they forgot or didn’t know how to change the advertising keys for kidoz.net. Anyway I still get impressions from this version of my game. 

Are you comparing an apk that is signed with a debug key vs. a release key? I think we strip debugging symbols with release builds but not debug builds unless you set a flag in build.settings telling us to keep them. I don’t know if we use obfuscation on not but it could be something as simple as this.

Rob