Projects / Codelocker

Codelocker was a system for obfuscating Lua code. It was a VM-based obfuscator, meaning it would turn the Lua script into bytecode, which would later be executed by a custom implementation of the Lua VM. This custom VM implementation was written in Lua, so the obfuscated script would be a drop-in replacement for the original unobfuscated script. I developed it alongside two very talented programmers who I will not name here.

At a high level the obfuscation process was fairly simple. Codelocker would take a Lua script, use the LuaC compiler to turn it into bytecode, and then run the bytecode through a series of transformations designed to make the bytecode harder to read, but not to change its behavior. It would then use a template of the Lua-VM-in-Lua to generate a custom VM compatible with the obfuscated bytecode. The transformed bytecode was then embedded into the custom VM, and this resulting VM was then uglified further using the standard methods.

This type of Lua obfuscation was not my invention, and in fact, VM-based obfuscation was already well-established elsewhere, but it was only just starting to become commonplace for Lua. The most popular Lua obfuscator at the time was likely XFuscator, which was basically a code uglifier. VM-based methods are now the gold standard of Lua obfuscation. A few open source obfuscators like this exist these days, but when I was writing Codelocker, there were only a couple other VM-based obfuscators (to which I contributed some fixes), and they were not free to use. I don't think it's too much to say that while Codelocker was never officially released, my collaborators and I were on the bleeding edge of this obscure field.

The amount of knowledge and experience I gained from this project in particular was immense, but the code for the original Codelocker may be lost to time. To develop a custom Lua VM implementation, I needed to deeply understand the Lua bytecode format and the VM itself. Indispensable to me was the wonderful No-Frills Introduction to Lua 5.1 VM Instructions by Kein-Hong Man. I knew next to nothing about virtual machines, compilers, or bytecode before I started this project, but after spending hours of my free time (and non-free time, in my high school history class) reading and re-reading No-Frills, it started to feel like the size of my brain had doubled. This project is why I am passionate about compilers and virtual machines today.

I began a rewrite in Node.JS soon after development on the original reached a good stopping point. The rewrite itself also never saw the light of day, primarily because I fell out of touch with my collaborators, graduated high school, etc., but I do still have the code, and maybe one day the world will see it, even if it is completely outclassed by the open source options available now.