Jump to content

How strong is the encryption of compiled scripts?

Roman

By Roman,
in AutoIt General Help and Support

 Share

Recommended Posts

Juvigy Universalist

Juvigy

Posted
Posted

If you havent implemented any additional security the script itself has almost no encryption.

The exe file can be easily decompiled and the source exposed. For extra security check the encryption

functions and the exprotec project.

Link to comment
Share on other sites
nfaustin Adventurer

nfaustin

Posted
Posted

I use Obfuscator in Scite.

Its good and so far I don't see any error compiling using the Obfuscated script.

[font="Palatino Linotype"][size="2"]*** The information contained in this post should be considered and certified WORKS ON MY MACHINE ***[/size][/font][font="Palatino Linotype"][size="2"] [/size][/font]
Link to comment
Share on other sites
bo8ster Universalist

bo8ster

Posted
Posted

The Obfuscator is good. Check out http://www.autoitscript.com/forum/index.php?showtopic=43853

It depends on what data you are trying to protect. If someone really wants to, they can de-compile the exe.

This may be of interest - http://www.autoitscript.com/forum/index.php?showtopic=93554

Post your code because code says more then your words can. SciTe Debug mode - it's magic: #AutoIt3Wrapper_run_debug_mode=Y. Use Opt("MustDeclareVars", 1)[topic="84960"]Brett F's Learning To Script with AutoIt V3[/topic][topic="21048"]Valuater's AutoIt 1-2-3, Class... is now in Session[/topic]Contribution: [topic="87994"]Get SVN Rev Number[/topic], [topic="93527"]Control Handle under mouse[/topic], [topic="91966"]A Presentation using AutoIt[/topic], [topic="112756"]Log ConsoleWrite output in Scite[/topic]

Link to comment
Share on other sites
WolfWorld Universalist

WolfWorld

Posted
Posted (edited)

First, Knowing

Autoit does not encrpyt it just compresses. Its start the read from a static address(not really an address, an array of chars) in the exe. In the days people change how it reads and how the char look like but the decompiler got much smarter. Now it's look for the header which can't be change. So your only defense is custom the script after it has been obfuscated.

Second, How to(for everyone who want to protect there script)

Obfuscator is also no good(I found a form that they are working to reverse the obfuscator which they succeed, the only thing they don't get is the variable). I recommend you to obfuscate your script with obfuscator and hide the file(the key file) in a safe place either when install or get it from the internet if your application required internet to run anyway. EVAL function is your friend. Also change the function lineament adding a extra function that will return the same value this is break the DeObfuscator.

Thrid, Is it really a problem?

No. Why? Because if you spent time developing your script to be big.

The bigger it's get the harder the hacker can understand your code.

When you look at your own script after a month without comments you will see trash(yap that is me). So after all if your code is free no one is going to decrypt it.

Edited by athiwatc

Main project - Eat Spaghetti - Obfuscate and Optimize your script. The most advance add-on.Website more of GadGets!

Link to comment
Share on other sites
herewasplato Universalist

herewasplato

Posted
Posted

... Autoit does not encrpyt it just compresses. ...

Has something changed?

From the help file for v3.3.0.0:

It is possible to take your .au3 script and compile it into a standalone executable; this executable can be used without the need for AutoIt to be installed and without the need to have AutoIt3.exe on the machine. In addition, the compiled script is compressed and encrypted and there is the option to bind additional files (also compressed/encrypted) to the exe using the FileInstall function. Also, any #include files will also be compiled into the script so they are not required at run-time.

[size="1"][font="Arial"].[u].[/u][/font][/size]

Link to comment
Share on other sites
herewasplato Universalist

herewasplato

Posted
Posted

... When you look at your own script after a month without comments you will see trash(yap that is me). ...

Hey - I see trash even with my comments and without obfuscation :-)

I did want to chime in and agree that scripts can be decompiled - or so I'm told... mine just decompose.

[size="1"][font="Arial"].[u].[/u][/font][/size]

Link to comment
Share on other sites
WolfWorld Universalist

WolfWorld

Posted
Posted

Has something changed?

From the help file for v3.3.0.0:

It is possible to take your .au3 script and compile it into a standalone executable; this executable can be used without the need for AutoIt to be installed and without the need to have AutoIt3.exe on the machine. In addition, the compiled script is compressed and encrypted and there is the option to bind additional files (also compressed/encrypted) to the exe using the FileInstall function. Also, any #include files will also be compiled into the script so they are not required at run-time.

Oops, but decompressing(decrypt in your case if true). Only takes "ONE" step. So I assume that would be compress.

Anyway >_< good luck.

Main project - Eat Spaghetti - Obfuscate and Optimize your script. The most advance add-on.Website more of GadGets!

Link to comment
Share on other sites
  • Developers
Jos Universalist

Jos

Posted
  • Developers
Posted

I use Obfuscator in Scite.

Its good and so far I don't see any error compiling using the Obfuscated script.

Obfuscator doen;t make it any more safe, just harder to read.

Anyways, enough said about this subject in the past so .... *click*

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...