Lua Decompiler for Xiaomi Routers

I've adapted luadec and unluac for the those lua encryption on Xiaomi Routers
Here it is:


PS: the lua-5.1 submodule in luadec can be compiled to genereate luac file in xiaomi format.

5 Likes

Hello
Thanks for your hard work!
luadec is not working for me.

root@kali:/tmp# git clone https://github.com/NyaMisty/luadec_miwifi
Cloning into 'luadec_miwifi'...
remote: Enumerating objects: 12, done.
remote: Counting objects: 100% (12/12), done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 2129 (delta 2), reused 4 (delta 1), pack-reused 2117
Receiving objects: 100% (2129/2129), 2.68 MiB | 4.26 MiB/s, done.
Resolving deltas: 100% (1310/1310), done.
root@kali:/tmp# cd luadec_miwifi/
root@kali:/tmp/luadec_miwifi# git submodule update --init lua-5.1
Submodule 'lua-5.1' (https://github.com/NyaMisty/lua51_miwifi) registered for pa                                                                                                                                                             th 'lua-5.1'
Cloning into '/tmp/luadec_miwifi/lua-5.1'...
Submodule path 'lua-5.1': checked out 'fd282121e1b31df3e6467b8b178d908b26cfde17'
root@kali:/tmp/luadec_miwifi# cd lua-5.1
root@kali:/tmp/luadec_miwifi/lua-5.1# make linux
/* compilation log */
root@kali:/tmp/luadec_miwifi/luadec# cp ~/backup/usr/lib/lua/luci/version.lua .
root@kali:/tmp/luadec_miwifi/luadec# ./luadec version.lua
./luadec: version.lua: bad header in precompiled chunk

Header from Xiaomi fimware file version.lua

root@kali:/tmp/luadec_miwifi/luadec# hexdump -C -n 16 version.lua
00000000  1b 46 61 74 65 2f 5a 1b  51 00 01 04 04 04 08 04  |.Fate/Z.Q.......|
00000010

Header from self compiled luac

root@kali:/tmp/luadec_miwifi/lua-5.1/src# echo 'print("hello")' > hello.lua
root@kali:/tmp/luadec_miwifi/lua-5.1/src# ./luac -o hello.luac hello.lua
root@kali:/tmp/luadec_miwifi/lua-5.1/src# hexdump -C -n 16 hello.luac
00000000  1b 46 61 74 65 2f 5a 1b  51 00 01 04 08 04 08 04  |.Fate/Z.Q.......|
00000010

13th byte is different.

I have the exact same problem as eth0

@Gaojianli @NyaMisty is your router different than Xiaomi 4A? Maybe the bytecodes have been changued. Any hint to fix the decompiler?

Thanks!

13th byte == sizeof(size_t)

On the 64 bit version of Linux I built 32 bit luac and luadec like this:

git clone https://github.com/NyaMisty/luadec_miwifi.git
cd luadec_miwifi
git submodule update --init lua-5.1
cd lua-5.1
make CFLAGS='-m32' MYLDFLAGS='-m32' linux
cd ..
cd luadec
make LUAVER=5.1 MYCFLAGS='-m32' MYLDFLAGS='-m32'