Jump to content

Winbatch Vs. AutoIT Security

everseeker

By everseeker
in AutoIt Technical Discussion

 Share

Recommended Posts

WolfWorld Universalist

WolfWorld

Posted
Posted (edited)

If a link exists, it can be followed, regardless of whether a runtime is executing or not. Also, if the decompiler were also written in .Net, wouldn't that runtime be executing?

Okay here I will explain fully, Unpacker(as least what I called and some people) can be see as dumpers. They just rawly dump the MSIL code from the assembly. This CAN'T be protected(unless the obfuscater uses native code). It will be dump(and can be) no matter what happens or what ever the obfuscater does.

On the other hand Decompiler uses the dumped code from the unpacker to RECONSTRUCT the C# fully. Which can be read BUT Smart Assembly uses proxy which can be solve at runtime only(for now) and Overflowing the code(Changing the IL order) making reconstructing the C# impossible. Think of this.

If

int i = 123;

Compile to IL (example not real)

COMMAND 1

COMMAND 2

COMMAND 3

But the overflow changes this to

COMMAND 2

COMMAND 1

COMMAND 3

Which can't be reverse back to c# code(for now >_< ) There are more complicate stuff than this.

And "if the decompiler were also written in .Net, wouldn't that runtime be executing?" No, only the CLR will run the decompiler IL and not the cracking assembly. So it will not solve anything.

If your theory is true then you can't decompile a .NET code with a native decompiler with in a machine without .NET

But normal .NET uses reflection to see the class and all. As I explained SA(short) uses proxy therefor it can only see the proxy and not the class(and yes it can see the class if you put some work into it) and !!! IMPORTANT !!!! because of the nature of the proxy once the IL code changes the program will not run. This mean even you use an UNPACKER and change the IL directly it still won't work unless you remove all of the proxy call to the real call.

Also it can overload function that does not have anything in common this make decompiling very... lets say stupid.

All this refer to stealing to code, cracking application (make it free) can still be done with little(more than normal native) work.

Oops, off topic :(

Edited by athiwatc

Main project - Eat Spaghetti - Obfuscate and Optimize your script. The most advance add-on.Website more of GadGets!

Mobius Universalist

Mobius

Posted
Posted (edited)

While all of this is interesting, I still do not have a clear rebuttal to the WINBATCH assertion that Autoit is less secure then Winbatch because they do a true compile,

This is not true at all, after about 10 minutes interrogation, Winbatch uses a method that is similar to AutoIt3,

In that the original source is packed and encoded to binary archive like format before being injected into the

Desired Stub. shit it even reads this data from a static offset...(*stub dependent* but static none the less)

Nor can the WB stubs be packed intelligently because this data is not classed as an overlay or embedded in the

Resource table.

A couple more minutes interrogation and you will find that all is needed for this binary format to be decompiled

resides in the file WBDHC44I.dll (Required for any WB binaries to work) and a little bit of time and knowledge.

I mean what were they thinking?? Put all your secret functionality inside a dll that can be hooked and used by anyone!! >_<

There I go again, I could not code such a process any better than they so I will STFU. :(

while AutoIT just attaches the code to an instance of the AutoITruntime.... and the source can be easily read by any scriptkiddie onthe block

There is a great deal of time skill and effort invested in the process of "just attaching the code to an instance of the interpreter "

I suggest unless you are equally skilled to replicate this for yourself (or improve it) you show a little respect for the Author.

Just my POV, not sure if this answers your question.

Edited by Mobius

wtfpl-badge-1.png

everseeker Polymath

everseeker

Posted
  • Author
Posted

I suggest unless you are equally skilled to replicate this for yourself (or improve it) you show a little respect for the Author

NO!!!! .... Not my intent to disparage AutoIT... I LOVE AutoIT

I was discussing the attitude of the Winbatch rep... Who was telling me why I should dump AutoIT and use Winbatch...

I was looking to the forum for a good counterargument...

Everseeker

Valik Universalist

Valik

Posted
Posted

everseeker, if you talk to WinBatch, WinBatch is the best program. If ask on the AutoIt forum, you're going to mostly find that AutoIt is the best program. Rarely will you find somebody objective. That being said, my suggestion is and always has been use whatever language that gets the job done in the way that best meets your goal. If that's AutoIt, great. If not, so be it, I'm no under no illusion that AutoIt is the end-all of languages. Security is just one of the many aspects that you need to look at when designing an application.

Kealper Wayfarer

Kealper

Posted
Posted

hmmm...if WinBatch compiles using almost the same (if not easier) method, and no one has made a decompiler for it, one could assume that the language just is not good enough to attract the kind of people required to make said decompiler...but im not a good opinion for this, seeing as im biased tword AutoIt :D

Mobius Universalist

Mobius

Posted
Posted (edited)

hmmm...if WinBatch compiles using almost the same (if not easier) method, and no one has made a decompiler for it, one could assume that the language just is not good enough to attract the kind of people required to make said decompiler...but im not a good opinion for this, seeing as im biased tword AutoIt :D

You really do put the A in Assumption dude.

Here's a thought..... why not try the language for yourself and draw your own conclusions.

As for the WIL vs AU3 security argument.... neither is particularly fantastic.

There, I think that was objective enough.

Vlad

Edited by Mobius

wtfpl-badge-1.png

  • 1 year later...
mbkowns Wayfarer

mbkowns

Posted
Posted

You really do put the A in Assumption dude.

Here's a thought..... why not try the language for yourself and draw your own conclusions.

As for the WIL vs AU3 security argument.... neither is particularly fantastic.

There, I think that was objective enough.

Vlad

One thing is for sure WinBatch has crappy support. Least AutoIT has this killer forum to go to if you need coding help.

If any of you security buffs use this thread for reference do understand that AutoIT is a much more robust language than WinBatch.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...