CodeCrypter enables you to encrypt scripts without placing the key inside the script.
This is because this key is extracted from the user environment at runtime by, for example:
password user query
any macro (e.g., @username)
any AutoIt function call
any UDF call
some permanent environment variable on a specific machine (and not created by your script)
a server response
a device response
anything else you can think of, as long as it's not stored in the script
any combination of the above
You need several scripts to get this to work, and they are scattered over several threads, so here's a single bundle that contains them all (including a patched version of Ward's AES.au3; with many thanks to Ward for allowing me to include this script here):
Latest version: 3.3d (28 Nov 2020): please follow this link.
Note: if you experience issues under Win8/8.1 (as some users have reported), please upgrade to Win10 (or use Win7) if you can; as far as I can tell, the scripts in the bundle all work under Win7 & Win10 (and XP). Moreover, I have no access to a Win8 box, so these issues will not be fixed, at least not by yours truly.
How the bits and pieces fit together:
CodeCrypter is a front-end for the MCF UDF library (you need version 1.3 or later). Its thread is here:
'?do=embed' frameborder='0' data-embedContent>>
The MCF package (also contained in the CodeScannerCrypter bundle) contains MCF.au3 (the library itself) plus a little include file called MCFinclude.au3. The latter you have to include in any script you wish to encrypt. Any code preceding it will not be encrypted, any code following it will be encrypted. You define the dynamic key inside MCFinclude.au3, in the UDF: _MCFCC_Init().
From the same post you can download an MCF Tutorial which I heartily recommend, because encrypting a script requires a number of steps in the right order, namely:
In MCFinclude.au3, define and/or choose your dynamic key(s) (skip this step = use default setting)
include MCFinclude.au3 in your target script
Run CodeScanner (version 2.3+) on your target script, with setting WriteMetaCode=True (see '?do=embed' frameborder='0' data-embedContent>>), then close CodeScanner.
press the Source button to load your target file
enable Write MCF0 (tick the first option in Main Settings)
Enable "Encrypt" (last option in the Main Settings)
Go to the Tab Encrypt and set up the encryption the way you want (skip this = use default settings)
Return to Main Tab and press "Run"
if all goes well, a new script called MCF0test.au3 is created in the same directory as your target. It has no includes and no redundant parts. Please check that it works as normal. (see Remarks if not)
It all sounds far more complicated than it is, really.
Not convinced? Check out:
a simple HowTo Guide: HowToCodeCrypt.pdf
an updated and extended Q & A pdf (FAQ, also included in the bundle) to help you get started:CodeCrypterFAQ.pdf
For additional explanations/examples in response to specific questions by forum members (how it works, what it can/cannot do), see elsewhere in this thread, notably:
Simple analogy of how it works: post #53, second part
General Explanation and HowTo: post #9, 51, 75, 185/187, 196, 207, 270, 280 (this gets a bit repetitive)
BackTranslation: post #179
Obfuscation: post #36 (general), 49 (selective obfuscation)
Specific features and fixes: post #3 (security), 84 (redefining the expected runtime response), 169 (Curl Enum fix), 185/187 (using license keys), 194 (replacing Ward's AES UDF with different encryption/decryption calls), 251 (AV detection issue), 262 (extract key contents to USB on different target machine prior to encryption)
Limitations: post #26 (@error/@extended), 149 (FileInstall), 191 (AES.au3 on x64)
Not recommended: post #46/249 (static encryption), 102 (programme logic error), 237 (parsing password via cmdline)
BackTranslation is a test to check that the MetaCode translation worked. Skip it at your peril. It also turns your multi-include composite script into a single portable file without redundant parts (you can opt to leave the redundant parts in, if you want).
CodeCrypter can also obfuscate (vars and UDF names) and replace strings, variable names and UDF names with anything else you provide, for example, for language translation). After CodeScanner separates your target's structure from its contents, CodeCrypter (actually MCF, under the hood) can change any part, and then generate a new script from whichever pieces you define. See the MCF Tutorial for more explanation and examples.
Encryption currently relies on Ward's excellent AES UDF and TheXman's sophisticated CryptoNG bundle. You can replace these with any other algorithm you like (but this is not trivial to do: edit MCFinclude.au3 UDF _MCFCC(), and MCF.au3 UDF _EncryptEntry(), see post #194 in this thread). AES by Ward, and CryptoNG by TheXman are also included in the bundle (with many thanks to Ward and TheXman for graciously allowing me to republish their outstanding work).
Going to lie down now...