Advanced deobfuscation tool for reversing Lua scripts protected by Prometheus Obfuscator / MoonsecV3 / MoonsecV2
- Multi-layer polymorphism reversal
- VM structure analysis and devirtualization
- Control flow graph reconstruction
- Hybrid literal decryption (Base64/Hex/Decimal)
- String encryption reversal
- Dynamic payload analysis
- Phase boundary detection
- Anti-debugging countermeasure removal
python pol.py obfuscated_script.luaExample Input:
-- PHASE_BOUNDARY:INIT
local bit3c = {[1]=5,positan=4f,global=3j}
-- PHASE_BOUNDARY:VM_1J_BOUNDARY
function = 7; ["\05d"]=3c } local table = math.floor| Technique | Detection | Reversal |
|---|---|---|
| Control Flow Flattening | ✅ | ✅ |
| String Encryption | ✅ | ✅ |
| VM-Based Execution | ✅ | ✅ |
| Hybrid Literal Obfuscation | ✅ | ✅ |
| Dynamic GOTO Patterns | ✅ | ✅ |
| Anti-Tamper Checks | ✅ | ✅ |
| Metadata Stripping | ✅ | ❌ |
| String Decryption | ✅ | ❌ |
-
Polymorphism Reversal Engine
- Phase boundary detection
- VM structure analysis
- Dynamic payload tracking
-
Control Flow Analysis
class ControlFlowAnalyzer: def resolve_dynamic_gotos(self, code):
- May require manual intervention for:
- Custom encryption schemes
- Runtime-packed payloads
- Environment-specific checks
- Multi-stage encrypted resources
- Automated seed detection
- Interactive debugging mode
- Batch processing support
there is still things to add, like XOR seed detection/ and better phase detection.
MIT License - See LICENSE for details
Disclaimer: This tool is intended for educational purposes only. Use responsibly and only on code you have legal rights to modify.
