Decompile Lua bin to Lua text file possible?

[bil til]

Hi,
is there any tool available which would be able to decompile Lua bin
to Lua text file?

Motivation:
I am developing a package for microcontrollers with very restricted
RAM, therefore I would like to offer the users the possibility to load
down BIN code which then is running in the ROM. This is running nicely
in V5.5 as it looks like.

For later service works on such systems it is typcially nice, if there
is a possibility to check the code which is currently running in the
system - reading out BIN file would be no problem, but for checking of
course the Lua text file would be very good.

[Martin Eden]

Hello, I doubt I understood all your message.

Convert compiled code back? Generally impossible. Compilation is
not bijective transformation.

Convert compiled code to "source" that compiles to the same code?
Generally possible but practically quite hard. And I see no much
sense in it.

-- Martin

[Fox Kelvin]

There is a compression library written in pure Lua specially to compress Lua source code,

https://github.com/MCJack123/Luz

You may find ideas there.

bye~

--
You received this message because you are subscribed to the Google Groups "lua-l" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lua-l+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/lua-l/f59cbefc-b06b-42d8-ba74-18805fe7d727%40disroot.org.

[bil til]

Am Sa., 6. Dez. 2025 um 01:46 Uhr schrieb Fox Kelvin <wolfr...@gmail.com>:
>
> There is a compression library written in pure Lua specially to compress Lua source code,
> https://github.com/MCJack123/Luz
> You may find ideas there.

Dr. Google also finds for "Lua Decompiler" even a webpage
"https://luadec.metaworm.site/", or also ""viruscamp/luadec: Lua
Decompiler for lua 5.1 , 5.2 and 5.3" ... but these site names sound
quite frightening to me - anybody has any experience with these sites
possilby?

(presumably I anyway would need a C source code example for such a
decompiler, as I would have to adapt it to my luaconf.h settings...).

[Sainan]

I don't think you need to be worried about the names. I think it's anti-virus people who obviously want to know what bytecode and other obfuscated code does, so they can deem it safe or not.

-- Sainan

[Philippe Verdy]

Decompiling Lua binaries may already be needed, developed, and maintained by antivirus companies, notably because Lua engines are being integrated in many web servers (sometimes usable in private visitor space, and shared by them, opening a door to malware injection, that may be difficult to find, even if these servers are using Lua script cripts compiled locally).However there's a difficulty: the Lua VM does not have a stable sepcification for its compiled binaries, and integrating Lua inside a server component may as well be tweaked specifically for the serverside software implemeing it.

There are however major target implementations, notably in game servers where users can install additional "Mod" component to tweak games or create variations. Modding games is a very active component of the gaming community, and it is also generating growing revenues, that hackers may attempt to steal and monetize for themselves (e.g. for stealing user credentials, or to create cheating bots to profit of the network, even to target users that use some Lua-tooled games, in addition to other games without Lua but sharing many user data components, including for social networking, as many active gamers play or try lot of games and mods proposed on online gaming platforms: the interest for hackers may be even more critical regarding  privacy and user data). Gaming plateforms may then need to invest time to secure their platform and keep their business model alive in a very competitive market.

Decompilers are general tools for use within all security companies. But it's hard to work with Lua if its specifications are constantly changing and adding new features and incompatibilities across versions, because suc decompiling tools need to target not just Lua versions, but also many target implementations and integration toolkits used in serverside servers, but also now in client-side applications such as games with many specific tweaks per application and platform.

Is there an ongoing joint effort about improving security and stability in Lua (possibly with the parallel development of compatiblity compatiblity layers that could support more versions, secure them with common security goals, and share common best practives, plus some tools to evaluate and detect defects in existing Lua source scripts, e.g. those shared on LuaRocks, and possibly other third party development platforms like GitHub)? This effort should not depend only on large private platforms, but should be open to other open source communities.

Le sam. 6 déc. 2025 à 09:40, 'Sainan' via lua-l <lu...@googlegroups.com> a écrit :

I don't think you need to be worried about the names. I think it's anti-virus people who obviously want to know what bytecode and other obfuscated code does, so they can deem it safe or not.

-- Sainan

--
You received this message because you are subscribed to the Google Groups "lua-l" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lua-l+un...@googlegroups.com.

To view this discussion visit https://groups.google.com/d/msgid/lua-l/evsp8KhT32F3iZ0svFd_dYyA6HRZUxRTplnKx_RqQ7RWc996M0ia8HoeG892PfKSDKXADNWmvk3l7j01qtcaelE9jLCdgF0jOk8-5NBwoKI%3D%40calamity.inc.

[bil til]

Am Mo., 8. Dez. 2025 um 11:29 Uhr schrieb Philippe Verdy <ver...@gmail.com>:
> integrating Lua inside a server component may as well be tweaked specifically for the serverside software implemeing it.

... yes, this is an important point... . I also would not need a
"decompiler from the shelf", but a C code example of such a
decompiler, as my Lua also could be called "tweaked" of course (it is
adapted to microcontrollers with small available RAM, and the settings
in luaconf.h of course also are adapted to this... (e. g. 32bit Lua).