Custom Lua 5.4 bytecode signature (1E 4C 75 61) instead of the standard 1B 4C 75 61

I'm investigating a game that uses **xLua with Lua 5.4**, and I noticed something unusual about its compiled bytecode.

I hooked both `luaL_loadbufferx` and `xluaL_loadbuffer`, so I'm capturing the exact byte buffer that is passed to the Lua VM. At this point, the data should already be in the final format expected by the VM (i.e. no encryption or decoding should still be pending).

However, the bytecode header starts with:

```text
1E 4C 75 61
```

instead of the standard Lua signature:

```text
1B 4C 75 61
```

The first 32 bytes are:

```text
00000000  1E 4C 75 61 54 00 19 93 0D 0A 1A 0A 04 08 08 78
00000010  56 00 00 00 00 00 00 00 00 00 00 00 28 77 40 01
```

Apart from the first byte (`0x1E` instead of `0x1B`), the rest of the header appears to match the standard Lua 5.4 binary chunk format.

From what I can tell:

- There is **no XOR or encryption** involved.
- The buffer is captured **immediately before** it is loaded by the VM.
- The VM successfully loads the chunk without any issues.

My question is:

Has anyone seen xLua (or a customized Lua 5.4 VM) modified to accept a different chunk signature? Is changing only the first byte of the `LUA_SIGNATURE` a common anti-reversing modification, or is there something else in the loading process that I may be missing?

Any insight would be appreciated.

[enumerable_pairs.txt](https://github.com/user-attachments/files/29407822/enumerable_pairs.txt)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Custom Lua 5.4 bytecode signature (1E 4C 75 61) instead of the standard 1B 4C 75 61 #2

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Custom Lua 5.4 bytecode signature (1E 4C 75 61) instead of the standard 1B 4C 75 61 #2

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions