How to protect some informations in a file ?

[sambalec]

Hello, I want to use a script who can start only on a computer ( not movable, with adress mac recognizing, user windows...), How can I hide or crypt many informations params on my .ini file for example?

Thank's a lot !

Sambalec

Edited December 15, 2009 by sambalec

[Melba23]

sambalec,

Searching the forums will provide you with a lot more information in greater detail, but in brief:

- Your plain language script is within the compiled .exe, but in compressed form. It is not immediately viewable with a hex editor, but is by no means secure as it is expanded in memory when the .exe is run.

- Obfuscator (part of the full SciTE4AutoIt3 package) will obscure your script by changing variable and constant names (and a lot more!), which makes it harder to decompile but again does not render the .exe secure.

So, compiling an Autoit script will prevent quick snooping, but a determined, experienced hacker can relatively easily get your source - including passwords, specific filenames, etc - or the encryption routines you have used in your script to encrypt/decrypt them if they are stored in another file.

M23

[sambalec]

Thanks I try it !

[Melba23]

Thanks I try it !

The whole point of my reply was that you should NOT try it.

M23

[Juvigy]

Best way is to encrypt the sensitive data using one way encryption. Obfuscator doesnt help at all.

[ReFran]

" ...data using one way encryption ..."

A one way encryption means you don't get(/need) it back identical. So you may use it for a password, which only needs to be matched. In your case you may better use other methods - which give you back identical data - like you will find in the help file (see _stringEncrypt, RCA based) or if you have much data search here for "AES" it's much quicker.

I think I read somewhere that AES-encryption will be implemented into AutoIT.

Attached an quick example, which you can use to compare beetwen _stringeEncrypt und AES Comparison. You have to download AES.au3 example before.

HTH, Reinhard

Edit: changed "#include "AES_changed.au3"", which was for testing back to "#include "AES.au3"" (the origin)

#include <GuiConstantsEx.au3>

#include <String.au3>

#include "AES.au3"

Opt("MustDeclareVars", 1)

_Main()

Func _Main()

Local $WinMain, $EditText, $InputPass, $InputLevel, $UpDownLevel, $EncryptButton, $DecryptButton, $string

Local $RadioRC, $RadioAES, $zeit, $timer, $time

; GUI and String stuff

$WinMain = GUICreate('Encryption tool', 400, 400)

; Creates window

$EditText = GUICtrlCreateEdit('', 5, 5, 380, 330)

; Creates main edit

$radioRc = GUICtrlCreateRadio("RC", 10, 340, 50, 20)

$radioAes = GUICtrlCreateRadio("AES", 70, 340, 50, 20)

GUICtrlSetState($radioRc, $GUI_CHECKED)

$zeit = GUICtrlCreateLabel("0,00000", 280, 340,40,20)

$InputPass = GUICtrlCreateInput('', 5, 360, 100, 20, 0x21)

; Creates the password box with blured/centered input

$InputLevel = GUICtrlCreateInput(1, 110, 360, 50, 20, 0x2001)

$UpDownLevel = GUICtrlSetLimit(GUICtrlCreateUpdown($InputLevel), 10, 1)

; These two make the level input with the Up|Down ability

$EncryptButton = GUICtrlCreateButton('Encrypt', 170, 360, 105, 35)

; Encryption button

$DecryptButton = GUICtrlCreateButton('Decrypt', 285, 360, 105, 35)

; Decryption button

GUICtrlCreateLabel('Password', 5, 385)

GUICtrlCreateLabel('Level', 110, 385)

; Simple text labels so you know what is what

GUISetState()

; Shows window

_AESInit()

While 1

Switch GUIGetMsg()

Case $GUI_EVENT_CLOSE

ExitLoop

Case $EncryptButton

GUISetState(@SW_DISABLE, $WinMain) ; Stops you from changing anything

$string = GUICtrlRead($EditText) ; Saves the editbox for later

GUICtrlSetData($EditText, 'Please wait while the text is Encrypted/Decrypted.') ; Friendly message

$Timer = TimerInit()

if GUICtrlRead($radioRc) = $GUI_CHECKED then

GUICtrlSetData($EditText, _StringEncrypt(1, $string, GUICtrlRead($InputPass), GUICtrlRead($InputLevel)))

; Calls the encryption. Sets the data of editbox with the encrypted string

; The encryption starts with 1/0 to tell it to encrypt/decrypt

; The encryption then has the string that we saved for later from edit box

; It then reads the password box & Reads the level box

endif

if GUICtrlRead($radioAES) = $GUI_CHECKED then

;msgBox(0,"","AES")

GUICtrlSetData($EditText, _AESEncrypt(GUICtrlRead($InputPass),$string))

endif

$time = Timerdiff($timer)

GuiCtrlsetData($Zeit,$time)

GUISetState(@SW_ENABLE, $WinMain) ; This turns the window back on

Case $DecryptButton

GUISetState(@SW_DISABLE, $WinMain) ; Stops you from changing anything

$string = GUICtrlRead($EditText) ; Saves the editbox for later

GUICtrlSetData($EditText, 'Please wait while the text is Encrypted/Decrypted.') ; Friendly message

$Timer = TimerInit()

if GUICtrlRead($radioRc) = $GUI_CHECKED then

GUICtrlSetData($EditText, _StringEncrypt(0, $string, GUICtrlRead($InputPass), GUICtrlRead($InputLevel)))

; Calls the encryption. Sets the data of editbox with the encrypted string

; The encryption starts with 1/0 to tell it to encrypt/decrypt

; The encryption then has the string that we saved for later from edit box

; It then reads the password box & Reads the level box

endif

if GUICtrlRead($radioAES) = $GUI_CHECKED then

;msgBox(0,"","AES")

GUICtrlSetData($EditText, binarytoString(_AESDecrypt(GUICtrlRead($InputPass),$string)))

endif

$time = Timerdiff($timer)

GuiCtrlsetData($Zeit,$time)

GUISetState(@SW_ENABLE, $WinMain) ; This turns the window back on

EndSwitch

WEnd ; Continue loop untill window is closed

Exit

EndFunc ;==>_Main

#cs ------------- General USE of AES ---------------------------------

; To encrypt/decrypt memory block or string:

$Encrypted = _AesEncrypt("Key", "Plantext")

$Decrypted = _AesDecrypt("Key", $Encrypted)

$Result = BinaryToString($Decrypted)

; To encrypt/decrypt file

_AesEncryptFile("Key", $PlantextFilename, $ChipertextFilename)

_AesDecryptFile("Key", $ChipertextFilename, $PlantextFilename)

#ce

Edited December 15, 2009 by ReFran