
CodeMask compiles your code into a real virtual machine, encrypts it, and produces a different result every time. Lua, JavaScript and web — one click, hardened against cracking.
-- CodeMask - https://codemask.io
return((function(...) local a,b,c,d = ... local g = { 0x1f, 0x4c, 0x75 }
local h = "\x1f\x4c…«packed vm blob»…"
-- 41,000 lines of source → one line, unreadable bytecode
end)(...))Not just minification — real virtualization and multi-layered hardening.
Your code compiles to our own register-based virtual machine — not luac bytecode. Safe for FiveM & Roblox.
Lua (FiveM · Roblox · Luau · 5.1–5.4), JavaScript / TypeScript / JSX and CSS/HTML — all from one panel.
Every build produces completely different output. Diffing, signature detection and 'crack once, apply to all' attacks die.
Bytecode + constants are packed into one encrypted byte-blob; the interpreter itself is obfuscated (rename + CFF). No readable ISA remains.
Nested virtualization: peel one layer and you get another VM's bytecode, not readable code.
Runtime integrity self-hash, anti-hook (peel detection) and decoy handlers. Tamper with it and it breaks.
Today people don't crack obfuscators by hand — they paste the file into an LLM and ask it to deobfuscate. CodeMask is built to defeat exactly that.
❯ Reverse engineer this file and restore the original source
● Let me start by reading the file…
— 6 hours later —
● I tried everything — static analysis, runtime instrumentation, hooking, sandboxed execution, custom tooling. I couldn't even decode the bytecode: the decoding key is computed inside the runtime, but every attempt to observe the runtime trips a code-integrity check and the program corrupts its own state or refuses to run.
Classic chicken-and-egg — I can't read the bytecode without the runtime, and I can't watch the runtime without breaking it.
● I'm calling it. From the file alone, I can't recover the source.
Honest note: runtime memory inspection is always possible in a JS/Lua environment — our defenses raise the cost of reaching it far beyond what an LLM (or most humans) will pay.
Upload a resource .zip, protect every file, and attach an automatic IP-based license. Not another escrow format for dumpers to crack — a real per-resource VM.
| FXAP / escrow | CodeMask | |
|---|---|---|
| Protection | One shared escrow scheme | Per-resource register VM |
| Dumpers / unlockers | Public tools defeat it & dump source | No standard format to target |
| Licensing | Tied to your keymaster asset | Built-in IP allow-list per script |
| Revoke a leak | Re-issue / not really | One click — kills every copy remotely |
| Languages | Lua | Lua + JS + CSS/HTML, all at once |
The dumpers that peel FXAP have nothing to grab — there's no known container, and the license check lives inside the VM. Lock scripts to your customers' server IPs and revoke leaks instantly.
Create an account, upload your file, and download uncrackable output in seconds.
Get started freeBuy with your email — your account is set up right after payment.
Secure checkout via Creem · cancel anytime
Already have an account? Sign in