Slexchange ATM Script Cracked?
by Alphaville Herald on 03/05/08 at 5:44 pm
Secret requested when Secret is unknown
by Pixeleen Mistral, National Affairs desk
UPDATE: According to über-scripter Day Oh, the bytecode/scripting exploit described in this story is real, but was fixed a month ago. Mr. Oh told the Herald that when crossing between regions, sometimes sims would randomly send sim-to-sim packets to clients. If scripts need to be handed between regions this makes a certain amount of sense – particularly if there were bugs in the server code that resulted in mis-directed messages going to clients — a plausible explanation for how the server-side bytecode could leak. While it is comforting to hear that the problem has been fixed, the Herald suggests Linden Lab might want to clarify how long this exploit was active and why they have been less than forthcoming with news about this problem and its solution. Meanwhile, those with sensitive scripts might want to update them, on the chance that they have been a victim of server bytecode leakage.
Friday, IntLibber Brautigan posted a warning of an exploit allowing technically savvy residents to “capture ATM scripts in bytecode format”. This is a significant development given the number of successful Second Life businesses that use LSL scripts to transfer goods and money — an un-patched exploit could be a significant blow to the in-world economy.
Because the real wold dollar value of typical SL transactions is low, it is common to automate these transactions. However, automation generally means the scripted transactions are run with minimal human supervision and depend on secrecy for security. This may present a problem. As Mr. Brautigan told the Herald, “with the code obtained, one can make an SLX terminal give you ANY product listed on SLX for free in any quantity or clean out the avatar owning the ATM – all their money – these capabilities have been tested I am told”.
Some observers are concerned that this sort of exploit could destabilize the in-world economy, and Mr. Brautigan reports that his source “has already notified Soft Linden about this vulnerability – he also tried to notify SLX but they said ‘our system is uncrackable’”. There we no Linden Lab staff online friday evening willing to speak with the Herald on the record.
While the game gods remained silent, the Herald was able to interview Second Life resident Uildiar Kuhn to learn more about the exploit.
Uildiar Kuhn
Pixeleen Mistral: hi – are you busy?
Uildiar Kuhn: nah whats up
Pixeleen Mistral: rumors of getting script bytecode from objects by moving them back and forth across sim boundaries
Uildiar Kuhn: yeah ;p
Pixeleen Mistral: shouldn’t the script code stay up on the server?
Uildiar Kuhn: I cant really discuss this with anyone.. its a very bad exploit if someone knows what too do with it
Pixeleen Mistral: this would explain the rumors of people copying scripts – did you report the exploit to LL?
Uildiar Kuhn: Yus too soft linden
Pixeleen Mistral: I was just talking to soft linden – who will not say anything on the record to a reporter. There are also a surprising number of Linden developers online this evening
Uildiar Kuhn nods
Pixeleen Mistral: do you think other people will be able to figure this one out?
Uildiar Kuhn: I only know a couple other people on the grid.. that can and they are responsible so we should be okay ;p
Pixeleen Mistral: so this is not an immediate crisis. Its more of a long term issue
Uildiar Kuhn: shouldn’t be long term i’m sure they will fix it
Pixeleen Mistral: will it take new client software – or can they just do a rolling restart on the servers?
Uildiar Kuhn: I’m not sure what there method of repair will be ^^
Pixeleen Mistral: you just told soft linden about this today?
Uildiar Kuhn: nah a couple months ago I’m sure they have been working on a fix for it
Pixeleen Mistral: wow. this is like that IM bug in jira that has been broken since february — the one the griefers are using to flood people’s mailboxes. Things get broken and don’t get fixed
Uildiar Kuhn: They get fixed in time they can only work on so meny things at once hehe
Pixeleen Mistral: but the basic message here is only a couple other people could figure this out – so mostly residents should not worry
Uildiar Kuhn: yeah ^^
Uildiar Kuhn: And i’m sure they will hand out bans if people try it. Well those few ;p
Pixeleen Mistral: of course the griefers don’t mind getting banned – but I guess the people who can figure it out are not griefers
Uildiar Kuhn nods
Pixeleen Mistral: at least we better hope so
Uildiar Kuhn: were fine hehe.. there far from griefers
Of course, wild claims are nothing new in the metaverse, and some readers may have difficulty believing that the Lab would leave a serious exploit un-patched for months.
I was also initially skeptical that a sim crossing could result in a script being quietly handed to the SL client software, but perhaps this accounts for the well known prim-hair-attached-to-the-butt-on-sim-crossing phenomena. While researching this story, a reliable source produced a portion of what is claimed to be the SLexchange ATM scripts and I began to wonder about the security of the Second Life Grid. Should resident trust their serious business secret bytecode to the Lab? Maybe not, if the bytecode below is real.
…
PUSHE
PUSHBP
PUSHARGI 3
PUSHARGS “I have not heard from the SL Exchange server for a very long time, so I am resetting myself. This does not always fix the problem, so you should check that I have in fact been reactivated on the SL Exchange website. If I have not been reactivated, you should replace me with a new copy.”
PUSHARGE 16
PUSHSP
PUSHARGI 24
ADD Integer, Integer
POPBP
CALL 0
…
PUSHG 126
PUSHARGS “SLX Vendor Components”
PUSHARGS “00000000-0000-0000-0000-000000000000″
CAST String, Key
PUSHARGE 0
PUSHSP
PUSHARGI 16
ADD Integer, Integer
POPBP
…
PUSHBP
PUSHARGI 1
PUSHARGS “Got deliver item command”
PUSHARGE 16
PUSHSP
PUSHARGI 24
…
PUSHE
PUSHBP
PUSHARGI 1
PUSHARGS “Relaying deliver item command”
PUSHARGE 16
PUSHSP
PUSHARGI 24
ADD Integer, Integer
POPBP
…
CALLLIB_TWO_BYTE 139 //llGetLinkNumber()
PUSHG 186
PUSHARGS “normal”
PUSHARGS “00000000-0000-0000-0000-000000000000″
CAST String, Key
PUSHARGE 0
PUSHSP
PUSHARGI 16
ADD Integer, Integer
POPBP
CALLLIB_TWO_BYTE 164 //llMessageLinked()
JUMP 720
PUSHG 36
PUSH 4
EQ Integer, Integer
JUMPNIF Integer, 130
PUSHE
PUSHBP
PUSHARGI 1
PUSHARGS “Got XMLRPC channel.”
PUSHARGE 16
PUSHSP
PUSHARGI 24
…
PUSHARGS “”
PUSHGS 386
EQ String, String
JUMPNIF Integer, 73
PUSHE
PUSHBP
PUSHARGI 2
PUSHARGS “Secret requested when Secret is unknown.”
PUSHARGE 16
PUSHSP
PUSHARGI 24
ADD Integer, Integer
Ann Otoole
May 3rd, 2008
interesting. if truly an exploit and was properly reported to the security team then i hope whoever reported it gets the bounty for being the first to report such things.
of course this could extend to all vendors and gift card systems which could effectively make use of vendors and gift cards a thing of the past. in fact it could make use of anything with take money privilege grants a thing of the past. that is to say if LL sits back and proclaims it to be the way it is like the whole intercept thing with textures that there really is nothing LL can do about.
it could go so far as to be the end of transactions in sl for anything except land. perhaps this is the intended outcome?
hopefully its just another hole in the mud chinking the rickety boat together and they can patch it with some bubblegum.
or maybe… just maybe… crossing a sim boundary will require detaching all attachments. wouldn’t that be fun eh?
i’m not crying sky is falling yet. too many other things to worry about. like not being a tard. to achieve not-a-tard status in the eyes of the windlight team you take an 8*8 black texture and make a full skin and eyes from it. you wear that and nothing else. no attachments nothing. no AO, no chim, no huds. you flatten your sim and use black 24 bit targas for the ground images. you never place a prim out. never. ever. then your a good slitizen in the eyes of the windlight team. i guess a black shirt with a clan symbol to identify which social order you are in and maybe a rank insignia on the shirt texture might be ok though.
Lawyer at Lawl
May 3rd, 2008
In B4 Apocalypse
whisper2u
May 3rd, 2008
This is excerpted from the SLX forums for educational purposes before the thread gets pulled. It looks like DiSSENTiON may be dismantling the SL eXchange right along with Second Life as a whole. From the SLX forums:
Posted: Sat May 03, 2008 6:47 pm Post subject:
——————————————————————————–
Yes SLX is completely compromised. The bytecode can be decompiled and by looking at those scripts one can do just about anything.
I have the code in its entirety.
Additionally:
We are attacking the grid again. Our weapons actually don’t directly attack the asset servers. When an object replicates all copies are a reference to the same asset but when our weapons replicate so fast and we are getting over twenty thousand of them returned per minute due to autoreturn it creates an asset for each and every one of them. We are also currently experimenting with disrupting SLX communications in-world since the admins got smart and began filtering our DDoS attacks.
We’re demanding that Montana be banned or she issue a public apology for being a french biggot and pedophile. Until Montana is banned SLX will continue to be the target of ongoing attacks. Montana doesn’t make much money here anyways so the admins are just trying to be stubborn thinking that they can report us the the FBI and that will solve the problem. We aren’t going anywhere, SLX. Comply or you will be dismantled.
If any of you are getting tired of the attacks you could simply move over to onrez and leave this shitfest behind. You could PM the admins and beg them to comply. They likely will not listen but it doesn’t matter to me or my associates if they go out of business.
You can also expect a delay on responses from support emails since we have spammed their inbox and Apotheus Silverman’s personal email which can be obtained from a simple WHOIS on the domain.
I think the best part is that we can attack Second Life while we attack SLX. It’s very convenient.
-DiSSENT
Okaaaayyy...
May 3rd, 2008
Why the -FUCK- should the bytecode even remotely wander into the direction of the client?
Srsly. Fail.
Dissatisfied
May 3rd, 2008
SLX admins actually deleted the thread we started to address this security issue which to me is highly suspicious.
Tomcat
May 3rd, 2008
The scripts above aren’t ATM scripts. They are excerpts from the SLX Magic Box, something you can’t use to steal things from SLX. Also to get script bytecode from things, you have to own the stuff yourself. As the ATM aren’t given out, the ATMs so far are safe.
Alyx Stoklitsky
May 3rd, 2008
What Uildiar Kuhn *doesn’t* tell you is that stole 20k from SLExchange.
Aidan Thornton
May 3rd, 2008
Well, that looks like valid LSL bytecode of the sort the LSL compiler produces, so if it’s a hoax it’s by someone who knows what they’re doing. I wonder what bytecode disassembler they’re using – it’s not mine (in fact, mine is nicer – it handles jumps better, for a start). See http://libsecondlife.org/wiki/LSO and http://www.makomk.com/~aidan/lso/ – the bytecode format’s well-documented.
This is interesting – in theory, there shouldn’t be any way to download the bytecode at all (even for scripts you have full rights to). Back when I was looking at the LSL internals, I had to sniff the bytecode as it was being uploaded to the server, since I couldn’t download it again afterwards.
Lavanya Hartnell
May 3rd, 2008
I read the notice cited in this blog entry. It says it’s possible for someone to read the scripts in your ATM (or other scripted object). That doesn’t mean they can outright control it. But it does mean that someone could figure out how your machine works. If they can do that and if a script has its own security holes, someone could potentially figure them out.
How to hack an ATM in 6 easy steps:
1.) Capture bytecode
2.) Figure out how to reverse engineer LSL from bytecode
3.) Make sense of gibberish LSL code
4.) Figure out the design concepts of gibberish script
5.) Discover exploits in script
6.) Write program to tap into exploits
OK. So it isn’t really easy. Guess I won’t be making a run on any banks just yet.
- Lavanya
Tenshi Vielle
May 3rd, 2008
My email inbox was full this morning. See this link for a pic and info regarding the message: http://shoppingcartdisco.com/2008/05/03/slx-atms-hacked-your-info-compromised/
obi-wan
May 3rd, 2008
This looks like fake to me, all SLH has done is pass on the rumour without giving any information. You can also claim that if you relog a certain number of times you can copy the no-copy items in your inventory. Its pure speculation to say that you can convert the bytecode back to LSL. I have a PhD in computer science waiting for you.
Rip
May 3rd, 2008
If the “DiSSENT” group wants a exploit, heres one Jeska Linden told me about today, and the best part is that Linden will do next to nothing about it! For the last couple of weeks I have been hunting down scearch engine zombie farms (in groups of 30 or more) over the whole grid, during that time frame I filed over 30 ARs, with no reply from Linden. I ended up contacting Jeska Linden and finally go a answer to the zombie issue. Basically what she said is that Linden does not consider Zombie farms a violation of the TOS. Well if thats the case, then heres an interesting question. Whats to stop a programer from recoding a program that would bring in 10000 memeber zombie farms and to do this say a 100 or more times. Would increasing the log ins by 1,500,000 new members over night effect the Secondlife Grid in a negative way.
anon
May 3rd, 2008
If a server device (i.e. magic box like device) is written properly, it shouldn’t matter if the byte-code (or source for that matter) becomes public. One assumes that some random keys are exchanged upon reset which are unique to each device, so having the bytecode shouldn’t allow uncovering of the key pairs for other devices and hence shouldn’t allow arbitrary deliveries via spoofed messages.
Of course, I don’t know if the SLX magic box is written that way.
Similarly, if the bytecode or source for a deposit device (e.g. ATM) that is properly written became public it wouldn’t matter either, for similar reasons and since transactions can be checked against the SL logs. So, any ‘faked’ deposit messages to the server shouldn’t cause a credit unless the SL logs verify the payment. ATMs aren’t owned by an attacker anyway, so this exploit doesn’t even apply to them.
It is just sad that we have kids like DiSSENT who’s frontal cortex isn’t developed enough yet to wise-up and do something positive with their time instead of bringing everyone else’s efforts down and pathetically claiming it is all to do with some righteous indignation about one person’s bad behavior. What a joke. Sounds like they need to get some lov’in, LOL
Anshes Buttplug
May 3rd, 2008
In b4 Anshe goes tits up broke from a bank run…
whisper2u
May 3rd, 2008
While going through the process of coming up to speed on the new Havok4 physics engine (to convert my vehicles to H4) I had the geeky pleasure of assimilating reams of engineering data from LL. In one of those LL engineering reports was a comment by a Linden which detailed how certain people were using an Exploit to get programming into prims.
I can’t remember it all verbatim right now but it went something like: The SL Client software on the users side takes the LSL script that someone has written and compiles it into Bytecode when they press the SAVE button. It then sends that bytecode to the LL asset servers and is forever linked in a relational way to the original script. In an effort to add security to their creations some LSL coding residents are capturing that Bytecode on the way to the LL asset servers, cutting and pasting it onto a Notecard and then placing THAT into their prim instead of a script, and after saving that new prim creation they try it and BINGO it works just like having a script in it, the difference being that IT CANNOT be traced back to a human readable (and therefore crackable) LSL script even if someone managed to crack the SL permissions for that prim and get at the scripts.
This may be why certain objects that were coded that tricky way are disembowling themselves (revealing their bytecode contents) when repeatedly moved between simulators.
That might mean that ONLY objects that were scripted using that exploit to protect themselves are affected by this newly found bug (or feature
However, the Linden engineers in that engineering report went on to say that things were going to change and the Compile will now be performed on THEIR servers instead of by the client running on your home computer and therefore that tricky programming exploit would no longer work because The bytecode would never have to transfer over the net and therefore not be interceptable.
If that change is what caused this new problem of scripted objects divulging their Bytecode when moving to a new simulator, then ALL SCRIPTS ARE IN DANGER right now…
Its possible that none of my speculation is on point and this newly found problem affects all scripts and has been going on since day 1.
Hmmm… I wonder how long this has been going on. That would narrow it down a lot…
———
“The system is less energetic when domains of opposite polarity alternate”
DiSSENT
May 3rd, 2008
Firstly there are bytecode decompilers that can convert bytecode back into LSL this was confirmed by an anonymous engineer at LL. You should ask around. Secondly, and this is for the imbecile that posted the garbage about LL transaction logs, those logs have NOTHING to do with anything. If you know the proper command by looking at the source code then you can issue it to the boxes and get items for free. It has nothing to do with any logs on LL servers. Please get your brain checked. Additionally, we had nothing to do with the actual discovery of this exploit but I DO suggest that anyone who believes it is untrue contact a linden tech or engineer and ask them instead of taking anyone else word for it. We have confirmed that this is true and we will also be exploiting it.
Additionally one can modify the client to directly upload bytecode without compiling anything and then open the script from within SL with your account with full perms – thats actually the easiest way to ‘decompile’ it.
haha for some reason emails that we sent spammed a fuckton of SLers including Tenshi Vielle and myself. Not sure how that happened but it’s damn funny.
Day Oh
May 3rd, 2008
This was fixed over a month ago. However it did exist and I’d urge slexchange to change their code.
DiSSENT
May 3rd, 2008
Apotheus Silverman himself admits that ‘this isn’t the first time that our LSL code has been compromised’ acknowledging that this IS in fact legit even though so many SLXers are bawwwing super hard about it claiming it isn’t because they’re stupid and they wish it wasn’t.
http://www.slexchange.com/modules.php?name=Forums&file=viewtopic&t=48743
Also sorry to everyone who has received our spam emails directed at Montana Corleone, I double checked our script code and there is NO reason this should be happening. This is likely a problem with LL servers as my email was spammed too, for an account that has been banned for like a week. When we spam everyone the email is far less personalized. I would personally love to find out what could have caused this as it would be useful to reproduce.
DiSSENT
May 3rd, 2008
We confirmed it is actually a problem with gmail. If you click show details in the email you’ll see some detail
from DiSSENTiON Linden <71479c9b-c88d-4545-13ed-d356b52f5cb5@lsl.secondlife.com>
to montanacorleone@gmail.com
date Sat, May 3, 2008 at 4:33 AM
subject LOL MY DICK IS HARD
The email was addressed to Montana Corleone’s email address with no CC or BC yet gmail seems to have spammed it everywhere LMAO
IntLibber Brautigan
May 3rd, 2008
This bug remains and was replicated last night with a simple ‘hello avatar’ script.
huh?
May 3rd, 2008
So, it was more of a “Haha, sorry we made your lives miserable we only meant to make one person’s life miserable. So sorry!”?
How about using that, um, “creative energy” to do something else besides grief?
Dr. Wily
May 3rd, 2008
WHERE MY COPYBOT PATCH, COD3C
DiSSENT
May 3rd, 2008
Getting to it, things have been crazy here and I haven’t found the problem yet. You might try downloading Testclient from libsecondlife.org and just removing permissions checks and seeing if that fixes the shit…that may confirm that sculpty support fucked something up but again I haven’t had much time to look at it so I don’t know.
Pissing myself laughing
May 3rd, 2008
OMG, this is so funny, the spamming campaign has backfired lmfao. And DISSENT is bawwwing super hard about it, and apologising profusely on several forums. Oh, it’s so rich, I’m rolling on the floor here pissing myself laughing.
Maybe your targets are smarter than you think. Maybe they have planted sniffers, and are in your email app, sniffing all your addresses and god knows what on your machines ROTFL. Or maybe it’s the FBI checking you all out… Ha ha ha.
Honestly, although mostly it’s shit here, and never factually correct, sometimes it’s just such a source of amusement, for the most pathetic SL “news” paper on SL.
The best laugh I’ve had all year. I’ll bet they are running around like headless chickens instead of jerking off like normal lmfao.
DiSSENT
May 3rd, 2008
No we’re still jerking off;)
That aside we only apologized here and the campaign has not backfired nor has it deterred us in any way. Your post reveals just how stupid you are when it comes to these technical things. You should leave them to the experts.
‘Maybe they have planted sniffers, and are in your email app, sniffing all your addresses and god knows what on your machines ROTFL. Or maybe it’s the FBI checking you all out… Ha ha ha.’
I liked that ^ beauty. You should print it out and frame it.
Montana Corleone
May 3rd, 2008
I LIKE MY GIANT CHOCOLATE SALTY BALLS
Apotheus Silverman The American Traitor
May 4th, 2008
SLX Sucks balls anyway. They are a anti-American company residing in America.
Thats kinda like a LinuxSucks web site running on Linux, lol. They let all th French cowards over there talk shit about America and then ban any American or anyone else for that matter who stands up for America. That Montana Corleone I think is fucking Apotheus Silverman or something. I knew that mouth of hers was good for something as large as it is. The fact is… SLX’s days are numbered. Many of us have requested that Onrez add a forum. The only reason they have not yet is due to staffing.
SLX along with the ower Apotheus Silverman should be tossed from America.
There is talk of a new group forming called the N.W.O. who has claimed they plan to target SLX with nothing but grief and I really hope they do it.
To hell with SLX!
Sami Tabla - Pro Cock Sucker
May 4th, 2008
ALL HAIL -DiSSENT FOR ATTACKING SLX!!!! YOU RULE!!!!!
Shut their ass down!!! Anti-American trash.
YOU HAVE OUR FULL SUPPORT. The N.W.O. is planning attacks as well.
Pissing myself laughing
May 4th, 2008
Only apologised here? lol. That’s not what it says on the SL Universe forums, where there are two humble apologies posted by the bawwwwler Tenshi lol.
http://www.sluniverse.com/php/vb/general-sl-discussion/10680-dos-attacks-slx-grid-slx-script-byte-code-copyable.html
You idiots are so full of shit.
If you were experts, something would have happened to either SLX or SL by now, lol. Fail.
Witness X
May 4th, 2008
I’m sorry – I was laughing too hard at the DiSTENTion posts.
Wait, I’m sorry again, I need to put it in 4chan terms so you’ll understand it:
LOLWUT? TLDR…
Melissa Yeuxdoux
May 4th, 2008
Contrary to obi-wan’s claim, one can decompile bytecode, just as one can decompile assembly language. The result is nowhere near as readable as the original source code, but it is possible. Also, there are code obfuscators that consistently replace names with random text, to remove that much more information and make it harder to figure out the intent of the decompiled code.
hurr durr
May 4th, 2008
Uildiar Kuhn had this exploit working several months ago, and the only reason it was patched/SLX is not bankrupt is because he is simultaneously Soft Linden.
JAFO
May 4th, 2008
hey Hurr Durr, always knew a hacker would get into the ranks of lindens, this explanes why so many people who are being hacked by him cant get there cash back, also explanes why theres someone trying to sue LL for theft and the uildar guy for federal hacking and theft of RL money.
Witness X
May 4th, 2008
N.W.O?
ROFL!
Another bunch of 15-year-old skiddies, come to claim the throne of the 15-year-olds of the PN like the 15-year-olds of DiSSENTary? (though in this case the throne is made of porcelein..)
What does that stand for? “New Wide Orifice”? “Nonrelevant Wankers, Organized”?
Let’s skip all the posturing and call it a complete failure now and save everybody the trouble of pointing it out later.
whisper2u
May 4th, 2008
As an example of just how brilliant the /b/tards are over at the SL Exchange forums, click this link below for some more epic lulz. Someone over there is trying to mount an army to go and combat “Blue Blobs” that are chasing them around their Sim. They think that the “Blue Blobs” are a griefing weapon that some Army RPers put near their property to harrass them. It is really majorly funny to read when you know that the “Blue Blobs” that they see harrassing them are really infact the fast, fleeting, occasional Radar Sensor Probes being spit out from their own Conover Ultimate Sim Radar.
hahahaAHAHAHAHAHAHAhahahaah they are srs butthurt over this, its so funny how little it take to get them so paranoid:
http://www.slexchange.com/modules.php?name=Forums&file=viewtopic&t=48916
whisper2u Can't Read
May 4th, 2008
Clearly, like all the kiddies who post here, and the staff of this joke of a site, whisper2u can’t read. Nowhere does it say anyone is mounting an army, twat.
Still, fact and truth never was exactly a strong point here was it? And calling an organisation after a wrestling competition is mature? lol. What are they going to do, wrestle prims to the ground? :-O
No wonder none of their campaigns work, it helps to be able to read before you can write.
Tell me, how is your spamming campaign coming on again boys? The apologies by DiSSENT *are* EPIC LULZ, lmfao.
Impressed By The Experts
May 4th, 2008
So, we left it to the experts, and they, er, spammed themselves lol.
Worse than a dodgy construction worker.
This surely will win LULZ of the year, for complete incompetence, at next year’s LULZ conference. And the winner is: DiSSENT aka Adromor (I don’t want my SL business to get involved) Wierwight aka whisper2u aka d3eadlyc0ckup
Montana Corleone
May 4th, 2008
Hey guys I’m like SUPER raged and posting under like OVER A THOUSAND alts but too stupid to hide it.
Aidan Thornton
May 4th, 2008
whisper2u: I think you’re getting slightly mixed up. The usual trick is to capture the bytecode for your script, then upload a dummy script together with the actual bytecode. That way, if anyone reads the script, they won’t see the actual code. (I actually wrote some code to do this myself a while back, for other reasons.)
DiSSENT: I think you’re getting your decompilers confused with your disassemblers. Disassemblers for LSL are out there (there’s even one in the official client code, IIRC) and are probably enough for what you’re doing, but they don’t give you LSL source code back.
Melissa Yeuxdoux: having played around with LSL bytecode, the original variable names aren’t available anyway for recent code. Also, while it’s theoretically possible to decompile bytecode back to LSL (mainly because the compiler is really simple), I don’t know of anyone who’s done it. It’s not exactly trivial to do even for something this simple.
Day Oh
May 4th, 2008
lol omg
DiSSENT
May 4th, 2008
You’re right I am talking about disassembling LSO which does not turn back into LSL but does make it more readable.
One can simply upload the bytecode as-is using an slproxy patch and then open it inworld with full perms to see the LSL code. Why would this work? Because the client compiles scripts into .lso files in the cache and uploads those to the server. The server doesn’t know the difference between that and any other .lso file your client uploads. There are no permissions settings stored inside the lso and there is no unique encryption key generated by the client to verify ownership or anything.
here is an example of disassembled lso:
======== LSOAssembly ========
==== HeaderBlock ====
TM: 16384
VN: 512
BP: 16383
SP: 16383
HR: 333
HP: 476
CS: 0
NS: 0
CE: 0
IE: 0
ER: 0
FR: 0
SLR: 0
GVR: 100
GFR: 168
PR: 0
ESR: 0
SR: 168
NCE: 1
NIE: 0
NER: 4
==== StaticBlock ====
— StaticBlockHeader —
Size of header: 6
Type of object: Integer
StringData:
— Data —
00-00-00-7B
==== StaticBlock ====
— StaticBlockHeader —
Size of header: 6
Type of object: List
StringData:
— Data —
00-00-00-01
==== StaticBlock ====
— StaticBlockHeader —
Size of header: 6
Type of object: String
StringData:
— Data —
00-00-00-6E
==== StaticBlock ====
— StaticBlockHeader —
Size of header: 6
Type of object: Float
StringData:
— Data —
3F-9D-70-A4
==== StaticBlock ====
— StaticBlockHeader —
Size of header: 6
Type of object: Vector
StringData:
— Data —
41-F0-00-00-41-A0-00-00-41-20-00-00
==== StaticBlock ====
— StaticBlockHeader —
Size of header: 6
Type of object: Key
StringData:
— Data —
00-00-00-81
==== StateFrameBlock ====
Number of states: 1
— StatePointerBlock —
Offset: 16
EventMask: 4
==== StateBlock ====
— StateBlockHeader —
Size of header: 5
StringData:
— StateBlockHandler —
Pointer to code chunk: 8
Call frame size: 4
==== EventHandlerCodeChunk ====
— CodeChunkHeader —
Size of header: 5
StringData:
— Code —
63-5B-60-42-75-7A-7A-00-66-00-00-00-00-5C-5E-00-00-00-04-70-11-08-D1-01-24-5E-00-00-00-02-5E-00-00-00-01-75-11-92-01-00-00-00-23-63-5B-60-4E-6F-2E-20-46-41-49-4C-2E-00-66-00-00-00-00-5C-5E-00-00-00-04-70-11-08-D1-01-24-90-00-00-00-1B-63-5B-60-57-6F-6D-62-61-74-00-66-00-00-00-00-5C-5E-00-00-00-04-70-11-08-D1-01-24-63-5B-56-00-00-00-1A-66-00-00-00-00-5C-5E-00-00-00-04-70-11-08-D1-01-24-01-95
PUSHE
PUSHBP
PUSHARGS “Buzz”
PUSHARGE 0
PUSHSP
PUSHARGI 4
ADD Integer, Integer
POPBP
CALLLIB_TWO_BYTE 292
PUSHARGI 2
PUSHARGI 1
EQ Integer, Integer
JUMPNIF Integer, 35
PUSHE
PUSHBP
PUSHARGS “No. FAIL.”
PUSHARGE 0
PUSHSP
PUSHARGI 4
ADD Integer, Integer
POPBP
CALLLIB_TWO_BYTE 292
JUMP 27
PUSHE
PUSHBP
PUSHARGS “Wombat”
PUSHARGE 0
PUSHSP
PUSHARGI 4
ADD Integer, Integer
POPBP
CALLLIB_TWO_BYTE 292
PUSHE
PUSHBP
PUSHGS 26
PUSHARGE 0
PUSHSP
PUSHARGI 4
ADD Integer, Integer
POPBP
CALLLIB_TWO_BYTE 292
POP
RETURN
==== HeapBlock ====
Size of data: 24
Type of object: List
Reference count: 1
Data: 00-00-00-05-00-00-00-20-00-00-00-2B-00-00-00-36-00-00-00-44-00-00-00-57
==== HeapBlock ====
Size of data: 4
Type of object: Integer
Reference count: 1
Data: 00-00-00-00
==== HeapBlock ====
Size of data: 4
Type of object: Float
Reference count: 1
Data: 3F-80-00-00
==== HeapBlock ====
Size of data: 7
Type of object: String
Reference count: 1
Data: 32-20-6D-75-63-68-00
==== HeapBlock ====
Size of data: 12
Type of object: Vector
Reference count: 1
Data: 41-50-00-00-41-40-00-00-41-30-00-00
==== HeapBlock ====
Size of data: 16
Type of object: Rotation
Reference count: 1
Data: 40-80-00-00-40-40-00-00-40-00-00-00-3F-80-00-00
==== HeapBlock ====
Size of data: 12
Type of object: String
Reference count: 1
Data: 61-62-72-61-63-61-64-61-62-72-61-00
==== HeapBlock ====
Size of data: 1
Type of object: String
Reference count: 1
Data: 00
lso is actually binary but the information given to the herald was disassembled lso so that people could more clearly see what it is that they are dealing with. It looks much better too.
obi-wan
May 4th, 2008
My questions is this, how do you get the bytecode of a LSL script that is no mod and no copy?
obi-wan
May 5th, 2008
@DiSSENT said:”One can simply upload the bytecode as-is using an slproxy patch and then open it inworld with full perms to see the LSL code. ”
This is only speculation, once LSL is compiled to bytecode you cant open it again to see the LSL source code.
DISSENT its better you only say things you have actually done. Not quoting things you think maybe possible.
Anne Otoole
May 7th, 2008
You children are such sucks, I could d a better email spam than any of you knuckle heads put together. LL just don’t have the experienced team to deal with this. They can’t even sort out the DB issues , they should hire a real coder then all you script kiddies would have nothing to do.
Oh I think its time for my Meds.
ATM Sales
Mar 13th, 2009
Interesting fact.The scripts above aren’t ATM scripts. They are excerpts from the SLX Magic Box, something you can’t use to steal things from SLX. Also to get script byte code from things, you have to own the stuff yourself. As the ATM aren’t given out, the ATMs so far are safe.