LUA is a lightweight and fast scripting language, often used in video games to manage game logic, real-time scripts, and other dynamic features.
Its structure makes it easy to integrate and manipulate, which is why it is one of the tools preferred by game developers, but also by researchers looking to discover security flaws.
However, the fact that it is used to manage critical operations in games makes it an attractive target for exploits, and this developer as well as hacker Flatz knows it.
Flatz has described on several occasions how LUA scripts can be exploited to obtain native code execution.
In his analysis, Flatz found that the LUA bytecode vulnerabilities could be exploited to manipulate the LUA virtual machine (the component running LUA code).
For example, in the context of a video game, if the game engine uses LUA to handle certain aspects of the game logic, a hacker could introduce malicious code into the LUA script.
This may allow access to unauthorized functions or execution of native code through techniques such as the ROP (Return-Oriented Programming). This technique exploits vulnerabilities in the execution stream of a program to gain control of the system.
In short, this technique allows you to “reuse” existing code fragments, called gadgets, to build a chain of operations that lead to the execution of arbitrary code.
In the case of LUA, the developer Flatz showed how it is possible to manipulate the bytecode of a LUA script to obtain the execution of native code. This is especially relevant for games that use vulnerable versions of LUA 5.1 or LUA 5.2.
These versions feature bugs that allow you to “break” the LUA virtual machine and get a deeper level of control than normally allowed by a game script.
One of the interesting aspects of Flatz’s work Flatzis the speed with which a LUA-based exploit can be performed.
It noted that an exploit in LUA can work much more quickly than those based on other technologies such as the Java Virtual Machine (JVM), widely used in other types of exploits.
In addition, a key advantage in using LUA is that, being a scripting language, it is relatively easy to manipulate and integrate into games.
This allows you to test and develop exploits more quickly and efficiently, making LUA a powerful weapon in the hands of exploit developers like Flatz.
Flatz’s work Flatzon LUA is not limited to specific games or contexts. Although much of his research is usage-oriented on PS4 and PS5, the potential for these exploits could be applied to any system that uses LUA as a scripting language.
This includes a wide range of gaming platforms and applications, increasing the attack surfaces for future exploits.
Flatz also hinted that some of the methods it is developing could be made public, but only after a careful review and publication of notes by those who originally discovered some vulnerabilities.
This kind of approach open to information sharing is crucial to the advancement of the hacking community, but at the same time raises important questions about console security.
Source: discord /biteyourconsole.net
Comments