Help! Questions about making a mod in a Lua game

pentarix1996

pentarix1996

Platinian
Good morning. I'm trying to make a mod for the game "Pixel Heroes: Tales of Emond". The first thing I did was obtain the APK, which to my surprise was divided into several parts (something normal for large games). What I did was the following.

adb shell pm path com.haoplay.game.and.hero

1711367426989.png


After obtaining 5 routes (as shown in the attached image) I did a pull "adb pull <path> <destination>". When extracting the content of each APK, I saw that in the APK "split_game_asset.apk" there is all the code in .lua. When trying to see the content of each file, I saw that it was encrypted...

1711367567163.png


I have previously tried to make mods in other games (made in Unity) with success. But I have never faced one made with LUA. Any suggestions on how to decrypt these files or if I am making a mistake when obtaining the source code?

As an additional note for hexadecimal code changes I use HxD. On the other hand, I tried to do my own research before opening this post, but I can't find anything that helps me :S

Any suggestions on where to go or what to do?

Thanks in advance.

Edit:

One strange thing that I see and I don't understand very well is why both .lua and .lua64 files appear.
1711371267883.png
 
Last edited:
Sort by date Sort by votes
dewadw said:
Based on the first bytes, it seems luajit bytecode
Click to expand...



I'm going to investigate a little more, but how would I be able to flat read or decompile these types of files? the first 5 bytes of .lua files are always the following:
61 62 63 64 00
1711535574043.png



In .lua64 they are always the following: 1B 4C 4A 02 08

1711535690287.png


Any suggestions? :) Thank you very much in advance
 

Attachments

  • 1711535704230.png
    1711535704230.png
    312 bytes · Views: 86
Upvote 0 Downvote
Good morning! You're actually doing a lot of things right, and it's clear you're already familiar with modding and reverse engineering to some extent. Here's a breakdown of what's going on and how you might proceed from here.


---

🧩 Summary of the Situation

You're modding "Pixel Heroes: Tales of Emond".

You successfully pulled and extracted the APK split files.

Inside split_game_asset.apk, you found .lua and .lua64 files.

Opening them reveals what looks like binary or encrypted Lua, not plain Lua source.

You're unsure about how to decrypt or decompile these files.



---

🧠 What You’re Likely Dealing With

Based on the .lua64 extension, the presence of unreadable binary data, and common practices in mobile games:

🔐 Possibility 1: Precompiled Lua (Bytecode)

Many games compile their .lua scripts into Lua bytecode (luac) to obscure source and speed up loading.

.lua64 might mean:

Lua bytecode compiled for Lua 5.3+ (64-bit)

Possibly customized VM or encrypted bytecode


.lua and .lua64 coexist because one might be a stub or debug file, while the other is the actual functional code.


🔐 Possibility 2: Encrypted Bytecode

To deter modding, devs often encrypt the bytecode, meaning even if you "decompile" it, it won't work without first decrypting.


---

🔎 How to Identify What's Going On

You can check the headers of .lua or .lua64 files using HxD or xxd:

1. Open a .lua64 file in HxD.


2. Check the first few bytes (header).



For example:

Lua 5.1 bytecode starts with: 1B 4C 75 61

Lua 5.3 starts with: 1B 4C 75 61 53 00 19 93 0D 0A


If you don’t see this and instead see STX, NUL, or garbled values, it's either:

Obfuscated or encrypted

Custom VM, not standard Lua



---

🔧 What You Can Try Next

✅ 1. Try Luadec / Unluac / LuaDecTools

These work only on standard Lua bytecode (no encryption or heavy obfuscation).

Unluac

LuaDec


Usage (for unluac):

java -jar unluac.jar yourfile.lua64

If it fails or says "not a valid chunk", it's probably encrypted.


---

✅ 2. Hook or Trace Lua at Runtime

If the game runs Lua at runtime (most likely), you can hook into the interpreter and dump decrypted Lua memory.

Options:

Frida (dynamic instrumentation toolkit)
Hook into Lua functions like luaL_loadbuffer or lua_pcall.

GameGuardian (on rooted Android)
Search memory for known strings to dump decrypted Lua.



---

✅ 3. Look for Decryption Logic in APK

In lib/ or assets/ or smali code:

Check for functions like:

decrypt()

loadBuffer()

luaL_loadstring()

luaL_loadbufferx()


You may find a native .so file (e.g., libgame.so) handling decryption.

Use IDA Free, Ghidra, or Jadx to inspect them.



---

🧪 Tools You Might Want

ToolUse

HxDHex analysis
Unluac / LuaDecDecompile standard Lua bytecode
FridaHook Lua runtime to dump decrypted scripts
JadxReverse APK Java code
IDA / GhidraReverse native .so libraries
GameGuardianMemory scanning on Android



---

📁 Why .lua and .lua64 Together?

.lua may be empty/dummy/placeholder.

.lua64 contains the actual precompiled/encrypted content.

Devs may use this to support multiple architectures or versions.


You can compare file sizes and modification dates to confirm.


---

💡 Suggestion

Start with checking if any .lua64 is standard Lua bytecode:

Try unluac or luadec.

If it fails, use Frida to hook and dump after decryption at runtime.

As a stretch goal, reverse the native .so file that might contain decryption routines.



---

If you'd like, I can help guide you through Frida scripting or analyzing a specific .lua64 file if you upload it. Let me know how deep you want to go with this.

Good luck modding!
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top Bottom