Sign in to follow this  
Followers 0
roman

How strong is the encryption of compiled scripts?

10 posts in this topic

Hi

I develop scripts running on our servers.

My boss aks me how strong / reliable the encryption of compiled AutoIt scripts is?

Has anyone a hint?

Kind regards,

Roman

Switzerland

Share this post


Link to post
Share on other sites



If you havent implemented any additional security the script itself has almost no encryption.

The exe file can be easily decompiled and the source exposed. For extra security check the encryption

functions and the exprotec project.

Share this post


Link to post
Share on other sites

I use Obfuscator in Scite.

Its good and so far I don't see any error compiling using the Obfuscated script.


[font="Palatino Linotype"][size="2"]*** The information contained in this post should be considered and certified WORKS ON MY MACHINE ***[/size][/font][font="Palatino Linotype"][size="2"] [/size][/font]

Share this post


Link to post
Share on other sites

The Obfuscator is good. Check out http://www.autoitscript.com/forum/index.php?showtopic=43853

It depends on what data you are trying to protect. If someone really wants to, they can de-compile the exe.

This may be of interest - http://www.autoitscript.com/forum/index.php?showtopic=93554


Post your code because code says more then your words can. SciTe Debug mode - it's magic: #AutoIt3Wrapper_run_debug_mode=Y. Use Opt("MustDeclareVars", 1)[topic="84960"]Brett F's Learning To Script with AutoIt V3[/topic][topic="21048"]Valuater's AutoIt 1-2-3, Class... is now in Session[/topic]Contribution: [topic="87994"]Get SVN Rev Number[/topic], [topic="93527"]Control Handle under mouse[/topic], [topic="91966"]A Presentation using AutoIt[/topic], [topic="112756"]Log ConsoleWrite output in Scite[/topic]

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

First, Knowing

Autoit does not encrpyt it just compresses. Its start the read from a static address(not really an address, an array of chars) in the exe. In the days people change how it reads and how the char look like but the decompiler got much smarter. Now it's look for the header which can't be change. So your only defense is custom the script after it has been obfuscated.

Second, How to(for everyone who want to protect there script)

Obfuscator is also no good(I found a form that they are working to reverse the obfuscator which they succeed, the only thing they don't get is the variable). I recommend you to obfuscate your script with obfuscator and hide the file(the key file) in a safe place either when install or get it from the internet if your application required internet to run anyway. EVAL function is your friend. Also change the function lineament adding a extra function that will return the same value this is break the DeObfuscator.

Thrid, Is it really a problem?

No. Why? Because if you spent time developing your script to be big.

The bigger it's get the harder the hacker can understand your code.

When you look at your own script after a month without comments you will see trash(yap that is me). So after all if your code is free no one is going to decrypt it.

Edited by athiwatc

Share this post


Link to post
Share on other sites

... Autoit does not encrpyt it just compresses. ...

Has something changed?

From the help file for v3.3.0.0:

It is possible to take your .au3 script and compile it into a standalone executable; this executable can be used without the need for AutoIt to be installed and without the need to have AutoIt3.exe on the machine. In addition, the compiled script is compressed and encrypted and there is the option to bind additional files (also compressed/encrypted) to the exe using the FileInstall function. Also, any #include files will also be compiled into the script so they are not required at run-time.


[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

... When you look at your own script after a month without comments you will see trash(yap that is me). ...

Hey - I see trash even with my comments and without obfuscation :-)

I did want to chime in and agree that scripts can be decompiled - or so I'm told... mine just decompose.


[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

Has something changed?

From the help file for v3.3.0.0:

It is possible to take your .au3 script and compile it into a standalone executable; this executable can be used without the need for AutoIt to be installed and without the need to have AutoIt3.exe on the machine. In addition, the compiled script is compressed and encrypted and there is the option to bind additional files (also compressed/encrypted) to the exe using the FileInstall function. Also, any #include files will also be compiled into the script so they are not required at run-time.

Oops, but decompressing(decrypt in your case if true). Only takes "ONE" step. So I assume that would be compress.

Anyway >_< good luck.

Share this post


Link to post
Share on other sites

I use Obfuscator in Scite.

Its good and so far I don't see any error compiling using the Obfuscated script.

Obfuscator doen;t make it any more safe, just harder to read.

Anyways, enough said about this subject in the past so .... *click*


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0