Sign in to follow this  
Followers 0
Grayhat

Possible Way to secure Au3 Exes

12 posts in this topic

I was just thinking, and even tried to do but unsuccessful.

I compiled and au3 sctipt into exe.

Then, I got the a3x part (real encrypted script appended to autoItSC.bin file) and encrypted it.

Then, I Injected a DLL into the AutoItSc.bin to hook the "ReadFile" function, and don't just read the file, but Read, Decrypt and run script.

It didn't work with big scripts, but, for my own surprise, did with a simple "MsgBox()" that wouldn't be decompiled!

This fact gives me hope, for, maybe onde day, we can possibly secure the autoIt Compiled exe files :)

Best regards,

busTer

Share this post


Link to post
Share on other sites



If the code has to be decrypted to be run then it's insecure, period.

Encryption is not the solution.

Share this post


Link to post
Share on other sites

If the code has to be decrypted to be run then it's insecure, period.

Encryption is not the solution.

Yes, it isn't but, is so harder to get the pass from a CPP Dll than an au3 script that you just drag into a 3rd party decompiler and get all source in a sec.

Share this post


Link to post
Share on other sites

Yes, it isn't but, is so harder to get the pass from a CPP Dll than an au3 script that you just drag into a 3rd party decompiler and get all source in a sec.

No it isn't. It only appears harder because somebody hasn't taken 5 minutes to write a tool to do it.

Share this post


Link to post
Share on other sites

Valik is right. That dll you injected would be the key to pull out and redirect the output to a standard AutoIt decompiler. It would not even require having to figure out the encryption scheme used by the dll.

Share this post


Link to post
Share on other sites

Rather than trying to work around the problem, attack the problem at its root.

And it's root is?

Share this post


Link to post
Share on other sites

[.. try to realize the truth ..] There is no compiler.

Your movie quotes won't save you now.

Share this post


Link to post
Share on other sites

Does anyone besides me ever get tired of "SECURITY" comments/percieved issues?

Give it to a dedicated hacker long enough for him to put it through a hex editor and your security went right out the door anyway; it makes no difference what method you used. The best that can happen is you can make yourself feel your code is safer.


George

Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.

Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.***

The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.

Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else.

"Old age and treachery will always overcome youth and skill!"

Share this post


Link to post
Share on other sites

I grow weary. I especially grow weary of everything trying to tell us how to secure our software or telling us our software is insecure.

Share this post


Link to post
Share on other sites

H**l, it's no more insecure than any other software.


George

Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.

Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.***

The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.

Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else.

"Old age and treachery will always overcome youth and skill!"

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0