Understanding Lua Scripts & Basic Reverse Engineering

[InfinityGamer01]

1. Learn basic C# programming.
2. Look for DF installation directory.
3. Go to Dead Frontier > DeadFrontier_Data > Managed
4. Open the Assembly-UnityScript.dll with dnSpy
5. Browse the code and learn the programming logic the developer used. On the left navbar, expand "Assembly-UnityScript(0.0.0.0) > Assembly-UnityScript(purple) > {} -"

+ It will be hard and nothing will make sense because everything is obfuscated.

6. Browse the dead frontier mpgh forum for old lua scripts. People call them AoB hacks but they are just lua scripts that finds Array of Bytes by directly reading into game memory. In some cases, it modifies certain values that might represent a float value or a boolean (true or false).

Example of a lua script:

Code:

-- SUPER SPRINT:
AoB = AOBScan("22 9A 99 19 41 22 CD CC 8C 3F 22 6F 12 83 3B 11 11 6B 5A")
if (AoB) then
   print("Super Sprint OK")
   for x=0, AoB.getCount()-1 do
       writeBytes(tonumber(AoB[x],16)+8, 0x71, 0x40)
   end
else print("Super Sprint PATCHED")
end

Lua script important parts break down:

AoB = AOBScan("22 9A 99 19 41 22 CD CC 8C 3F 22 6F 12 83 3B 11 11 6B 5A") ----> the array of bytes the script looks for
writeBytes(tonumber(AoB[x],16)+8, 0x71, 0x40) ----> this modifies a certain byte(s), determined using the offset value

In this case, the offset is +8 [ writeBytes(tonumber(AoB[x],16)+8, 0x71, 0x40) ]
Meaning, it modifies the byte 8 positions from the first byte (22), which in this case is 8C.
writeBytes() replaces 8C with 0x71 or just 71, and the next byte (3F) with 0x40 or 40.
So this:
22 9A 99 19 41 22 CD CC 8C 3F 22 6F 12 83 3B 11 11 6B 5A
Becomes:
22 9A 99 19 41 22 CD CC 71 40 22 6F 12 83 3B 11 11 6B 5A

7. Go back to dnSpy, click on the "{} -".
8. Right-click on the panel on the right side where you can read example:

Code:

// 
// 
// Types:
// 
// $ArrayType$16
// $ArrayType$47484
// <Module>
// CE
// DecalPlacementCollider
// DF248_003d55070da542c9ceb76faa0e8be6eacccfb228
// DF248_009f52e110d5847bea5a758e92437b8bad803b34
// DF248_033dc5afee32575ecb61bef9e1c35be205a1f9d4
// DF248_0374935a56f59de50604742303d847e096249938
// DF248_0391ff1c27374e282aa7e2211900f042e483c805

9. Open Hex Editor or Ctrl + x.
10. Press Ctrl + f to launch the find/search window and paste the Array of Bytes. Which in our current case is the "22 9A 99 19 41 22 CD CC 8C 3F 22 6F 12 83 3B 11 11 6B 5A" from the lua script above.

For a better example, use wildcards or "??" to represent unknown bytes. Use the find function to look for this in the current DF patch.
AoB = 22 ?? ?? ?? ?? 22 CD CC ?? ?? 22 6F ?? ?? ?? ?? ?? 6B 5A

Right click the highlighted AoB (any byte, as long as its highlighted) from the hex editor, then "Go to Code or Structure". It should lead you to this:

Code:

float num21 = 2.3f * (1.1f + 0.004f * (float)num10) * 1.35f * DF248_5f3bde1d88ad1988d1357c3bdf3e6cf147729835.DF248_b13533014441047b671d218c83bc31116e27c092(value);
float num22 = 3.6f * (1.1f + 0.004f * (float)num10) * 1.35f * DF248_5f3bde1d88ad1988d1357c3bdf3e6cf147729835.DF248_b13533014441047b671d218c83bc31116e27c092(value);

The num21 represents your walking speed, num22 is your sprint speed. You can change the float values like the 2.3f by right-clicking the float then "Edit IL instructions...". Look for the target value then change it to whatever you like. Going back to the lua script above, 8C 3F represents the 1.1f and 70 41 = 1.15625f. From this you can work out how the lua script makes you faster, it just increases a certain float value in the computation of the sprint and walk speed. I determined this by hovering at the float value 1.1f and reading the Raw or the exact binary representation of the floating-point number, shown in hexadecimal. You might be thinking as to why the bytes are backwards reading 0x3F8C_CCCD, the concept is called the little-endian system, research if you'd like.

You should also research IL opcodes to understand what each opcode does and represent.

That's basically how you find the equivalent statements/code from old lua script hacks. You just need to play around using wildcards since a lot of bytes changes with each update but the general structure and sequence of the bytes doesn't change. Better yet, make copies of each Assembly-UnityScript.dll of each patch so you have a reference for the future. You can use it to find the class of the code again by studying the structure of the code (also similar methods within the classes where you found the code etc etc.).

This will be my first and last tutorial. Good luck

[killboy2]

do you have any tips on reading the obfuscated code? reading C# is not so hard to me because its similar to java, but with all of the variables/method names/class names obfuscated i cant make any sense of it

[NotAgain1101]

Hi, may I ask if only possible to get your data collected of current hexes as of 249 update?

what I currently have are these ones:

SUPER SPRINT
60 40 22 CD CC 8C 3F 22 35 78 8E 3B 11 10 6B 5A 58 5A 22 9A
to
XX XX XX XX XX XX XX XX 71 40 XX XX XX XX XX XX XX XX XX

INF. STAMINA
22 00 00 C0 3F 5A 58 7D 2F 3F 00 04 02 7B 2F 3F 00 04
22 00 00 C0 3F 5A 58 7D 95 40 00 04 02 6F C7 29 00 06
22 00 00 C0 3F 5A 58 7D 02 4A 00 04 02 6F 6F 2D 00 06
to
XX XX XX 70 41 XX XX XX XX XX XX XX XX XX XX XX XX XX

ONE HIT
02 7B 5E 0F 00 04 7B 03 0F 00 04 28 C3 29 00 06 16 6B 3D 4E
02 7B 90 16 00 04 7B 20 16 00 04 28 8B 2F 00 06 16 6B 3D 4C
to
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 00

FAST LOOT
02 7B FB 13 00 04 28 DF 00 00 0A 06 5A 58 7D FB 13 00 04
02 7B FD 18 00 04 28 E9 00 00 0A 06 5A 58 7D FD 18 00 04
to
XX XX XX XX XX XX 22 CD CC CC 3D XX XX XX XX XX XX XX XX

DZA
16 0A 12 01 FE 15 55 00 00 01 20 00 1C 11 00 0C
16 0A 12 01 FE 15 58 00 00 01 20 00 5C 1B 00 0C
16 0A 12 01 FE 15 59 00 00 01 20 00 5C 1B 00 0C
to
17 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX

Thank you, kindly.

[SemperNattramnar]

do you have any tips on reading the obfuscated code? reading C# is not so hard to me because its similar to java, but with all of the variables/method names/class names obfuscated i cant make any sense of it

use chat GPT, helping to read obfuscated code!

[Afagated]

Nice explanations, could you explain how to modify DZA, u haven't mentioned anythin about it, it's kinda complicated since i found a lot of HEX, im guessin each needs to be modified.