STANDALONE I'll give 10,000 credits to anyone who can decrypt cfx fxap (2 Viewers)

[SKYHUNT]

ima give 10,000 credits to anyone who can decrypt cfx fxap for me [maps ydr and..]

 

[bundeskanzler_olaf]

Serversided stuff I could make for you if you have access to it and give me nh serverkey. Nobody has unlocked clientside yet.

 

[SKYHUNT]

Serversided stuff I could make for you if you have access to it and give me nh serverkey. Nobody has unlocked clientside yet.

i need for ydr and... for maps not scripts

 

[bundeskanzler_olaf]

It's practically clientside.

You may have to search for a long time because unescrow does not work for clientside stuff.

Anything close to unescrow comes from leaking sources (e.g. former team members, contract developers, or the (dumb) mappers who sell their products for alt:V).

 

[SKYHUNT]

ima give 10,000 credits to anyone who can decrypt cfx fxap for me [maps ydr and..]

i want it for maps escrowed ydr

 

[ronakkisoppp]

Hehehe brooo mele toh muje bhi bataana

 

[takyoncsdc]

@SKYHUNT I can decrypt only server side, they patched client side decryption, idk but theres nothing impossible u (and me also cuz i need it too) need to search for it a long time cuz @bundeskanzler_olaf is right its either devs who leak or idiots who forgets things

 

[bundeskanzler_olaf]

@SKYHUNT I can decrypt only server side, they patched client side decryption, idk but theres nothing impossible u (and me also cuz i need it too) need to search for it a long time cuz @bundeskanzler_olaf is right its either devs who leak or idiots who forgets things

Not much has actually changed. Before, there was only the 'grants' verify token, which was identical for server.lua and client.lua. The maps always ran via grants_clk. If some scripts have not been updated, the client-side can still be decrypted today because the tokens are identical. This is why everyone was supposed to re-upload the scripts back then, but some people didn't do that. What we lack is an open-source version of the server and client SVAdhesive.dll, which contains the queries for script validity.
Alternatively, someone with the necessary reverse engineering skills could find the hooking method. The Serverside Decryptor currently works in the same way: it is intercepted in the resourceLoader.

Maps that were decrypted were often via a leak (so no decryption) or via the collisions file (I dumped all the maps from G&N's Studio on alt:V, for example).

Alternatively, someone could get access to the GitHub team account of CFX and steal the source code from the GitHub repository: github.com/citizenfx/fivem-private.

 

[takyoncsdc]

Not much has actually changed. Before, there was only the 'grants' verify token, which was identical for server.lua and client.lua. The maps always ran via grants_clk. If some scripts have not been updated, the client-side can still be decrypted today because the tokens are identical. This is why everyone was supposed to re-upload the scripts back then, but some people didn't do that. What we lack is an open-source version of the server and client SVAdhesive.dll, which contains the queries for script validity.
Alternatively, someone with the necessary reverse engineering skills could find the hooking method. The Serverside Decryptor currently works in the same way: it is intercepted in the resourceLoader.

Maps that were decrypted were often via a leak (so no decryption) or via the collisions file (I dumped all the maps from G&N's Studio on alt:V, for example).

Alternatively, someone could get access to the GitHub team account of CFX and steal the source code from the GitHub repository: github.com/citizenfx/fivem-private.

this is very interesting... are u interested to do things like this? we could team up and try something together if u down

 

[bundeskanzler_olaf]

this is very interesting... are u interested to do things like this? we could team up and try something together if u down

I tried various things for a while. But I didn't get any real results until today, so I stopped because I had no end product or proof of concept in sight.

I also had another project where I tried to swap the public key in the Adhesive so that I could return grants - with every number combination there is. Then I wouldn't have any source code, but every script would run.

 

[bundeskanzler_olaf]

this is very interesting... are u interested to do things like this? we could team up and try something together if u down

That's why I won’t continue working on it — it’s pretty complex and I barely have time for it.
The adhesive is the central piece of FiveM. It contains all the protection systems: anti-cheat, resource checker, etc.

If you take a look inside using strings on Kali Linux, you'll notice references to grants. These are part of the system, as well as the JWT info tied to your CFX key:
https://keymaster.fivem.net/api/validate/cfxk_<your_key> — this returns your grants_token, which you can decode using JWT to view the contents.
It includes various grants and grants_clk (client key). Each key represents an asset listed on your Keymaster, referenced by a number.
With this hash/key, you would theoretically decrypt using a public/private keypair — that’s just my theory though.
It’s possible that something else appears afterwards, like more LUAC code.

The adhesive is honestly the most important file. If you break through it, you've basically wrecked FiveM, because from that point on, you can access everything.
Meaning: you need the correct hash/key, the proper public/private keypair, and the method.
I think they used Botan (C++ crypto library) — it shows up quite a lot.

I was also never really able to figure out the role of the .fxap files. Personally, I suspect they are LUAC chunks — meaning just a minimal part of the script, but I’m not really sure.
The .fxap seems to have a fixed header and footer, and in between there's always an exact number of bytes (though I can’t confirm that 100%).

If you actually know what you're doing or want to dive into this, you should look around other communities focused on GTA V / FiveM and decrypting files — like unknownch.. (if you’re familiar with it).
But even there, a lot of people have already given up.

 

[takyoncsdc]

That's why I won’t continue working on it — it’s pretty complex and I barely have time for it.
The adhesive is the central piece of FiveM. It contains all the protection systems: anti-cheat, resource checker, etc.

If you take a look inside using strings on Kali Linux, you'll notice references to grants. These are part of the system, as well as the JWT info tied to your CFX key:
https://keymaster.fivem.net/api/validate/cfxk_<your_key> — this returns your grants_token, which you can decode using JWT to view the contents.
It includes various grants and grants_clk (client key). Each key represents an asset listed on your Keymaster, referenced by a number.
With this hash/key, you would theoretically decrypt using a public/private keypair — that’s just my theory though.
It’s possible that something else appears afterwards, like more LUAC code.

The adhesive is honestly the most important file. If you break through it, you've basically wrecked FiveM, because from that point on, you can access everything.
Meaning: you need the correct hash/key, the proper public/private keypair, and the method.
I think they used Botan (C++ crypto library) — it shows up quite a lot.

I was also never really able to figure out the role of the .fxap files. Personally, I suspect they are LUAC chunks — meaning just a minimal part of the script, but I’m not really sure.
The .fxap seems to have a fixed header and footer, and in between there's always an exact number of bytes (though I can’t confirm that 100%).

If you actually know what you're doing or want to dive into this, you should look around other communities focused on GTA V / FiveM and decrypting files — like unknownch.. (if you’re familiar with it).
But even there, a lot of people have already given up.

Ahh okay thanks for the info

 

[SKYHUNT]

i only want someone to remake the mlos not the scripts

 

[takyoncsdc]

me too, i dont know how to do that

i only want someone to remake the mlos not the scripts