michaelslamet Posted February 21, 2011 Share Posted February 21, 2011 Hi, I'm going to build a small application using AutoIT to support the sales department. I need to put the MYSQL username and password on the code to connect to office's database. My main concern is somebody at the office can copy the exe files, decompile (or other way) and find out the username and password. Am I worry too much? Should I concern about this... or not?? Thanks for reading and please reply if you have opinion. Link to comment Share on other sites More sharing options...
Rogue5099 Posted February 21, 2011 Share Posted February 21, 2011 (edited) There are decompilers out there but not to the mass public (AutoIt's newer releases are safer).You can use Obfuscator to disguise your code also. Edited February 21, 2011 by rogue5099 My projects: Inventory / Mp3 Inventory, Computer Stats Link to comment Share on other sites More sharing options...
water Posted February 21, 2011 Share Posted February 21, 2011 This has been discussed many times. Please search the forum for "secure source code" and you'll find a lot of discussions. The conclusion is: Nothing you put in a AutoIt script or exe is save. My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
Chimaera Posted February 21, 2011 Share Posted February 21, 2011 Well it depends how important in the real world sense your program is as to whether someone will take the time to crack it open. There is code to stop this happeneing available for eg http://www.autoitscript.com/forum/topic/19370-autoit-wrappers/page__view__findpost__p__199600 Maybe tie the software to something on your machine so it wont work anywhere but your machine I sometimes make a fake .dll and add the name of it in the code as a Fileexists search so without the file it wont start Im sure others will offer more advanced solutions for you Chimaera If Ive just helped you ... miracles do happen. Chimaera CopyRobo() * Hidden Admin Account Enabler * Software Location From Registry * Find Display Resolution * _ChangeServices() Link to comment Share on other sites More sharing options...
michaelslamet Posted February 21, 2011 Author Share Posted February 21, 2011 This has been discussed many times.Please search the forum for "secure source code" and you'll find a lot of discussions.The conclusion is: Nothing you put in a AutoIt script or exe is save.Thanks for your reply At least can I hide a information about what compiler I use for the exe files? My current AutoIT apps, when I right click, choose "properties", on "version" tab, the compiler including what version is display. Everyone can see what the language is. I'm using Windows XPCompilesScript: AutoIt v3 Script: 3. 3. 6. 1 Link to comment Share on other sites More sharing options...
water Posted February 21, 2011 Share Posted February 21, 2011 Please have a look in the SciTE help -> Extra utilities -> AutoIt3Wrapper. With directive #AutoIt3Wrapper_Res_ProductVersion=you can set the version. My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
michaelslamet Posted February 21, 2011 Author Share Posted February 21, 2011 Please have a look in the SciTE help -> Extra utilities -> AutoIt3Wrapper.With directive #AutoIt3Wrapper_Res_ProductVersion=you can set the version.Thanks, Water Can I hide the "AutoIT" text? So nobody will know what programming language I use to create the app. By that I hope it will more difficult to decompile the code. Link to comment Share on other sites More sharing options...
water Posted February 21, 2011 Share Posted February 21, 2011 I use #AutoIt3Wrapper_Res_Fileversion=1 #AutoIt3Wrapper_Res_Description=Test and the AutoIt info is gone (on Windows XP SP 3). My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
Juvigy Posted February 21, 2011 Share Posted February 21, 2011 You can Encrypt or Hash the Usernames/Passwords in your code so if someone de compiles it will see nothing. It is not completely safe but increases security quite a bit. Link to comment Share on other sites More sharing options...
michaelslamet Posted February 21, 2011 Author Share Posted February 21, 2011 I use #AutoIt3Wrapper_Res_Fileversion=1 #AutoIt3Wrapper_Res_Description=Test and the AutoIt info is gone (on Windows XP SP 3). I test it with Windows XP SP2 (I'm using SP2), the information is about the same. Is there any other way that working in SP2 or previous version? Thanks a lot Link to comment Share on other sites More sharing options...
water Posted February 21, 2011 Share Posted February 21, 2011 I'm not sure if SP2 or SP3 makes that much difference. In SciTE use Ctrl+F7 and switch to the "Resource Update" tab. F1 gives you the SciTE help file. Test the different Wrapper settings and see if you get the desired results. You can post your settings (found in the header of the script between "#Region ;**** Directives created by AutoIt3Wrapper_GUI ****" and "#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****") for us to test. My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
jvanegmond Posted February 21, 2011 Share Posted February 21, 2011 Create accounts on the Offices SQL database for each of your users. Then have your users log in with their own username/password in order to use the application. If a password is then lost to an attacker, it's not because it was stored plain-text in your program but because your user is an idiot (pleonasm intended). github.com/jvanegmond Link to comment Share on other sites More sharing options...
michaelslamet Posted February 21, 2011 Author Share Posted February 21, 2011 I'm not sure if SP2 or SP3 makes that much difference.In SciTE use Ctrl+F7 and switch to the "Resource Update" tab.F1 gives you the SciTE help file.Test the different Wrapper settings and see if you get the desired results.You can post your settings (found in the header of the script between "#Region ;**** Directives created by AutoIt3Wrapper_GUI ****" and "#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****") for us to test.Hi water,Honestly I dont understand what you were saying But i will find out Thanks a lot Link to comment Share on other sites More sharing options...
michaelslamet Posted February 21, 2011 Author Share Posted February 21, 2011 Create accounts on the Offices SQL database for each of your users. Then have your users log in with their own username/password in order to use the application. If a password is then lost to an attacker, it's not because it was stored plain-text in your program but because your user is an idiot (pleonasm intended).Wow, this is a great idea! I think I'm going to use you solution for this mysql app.Thanks a lot Link to comment Share on other sites More sharing options...
DigitalDave99 Posted February 21, 2011 Share Posted February 21, 2011 (edited) When I needed to use a secure password I stored it within another file then encrypted it with aes. Then anyone that just copied the script then decompiled it would only get your encryption key, that you can change as many times as your like. Code below should it be of use to anyone. AES crypto I used can be found here #Include "aes.au3" #include <file.au3> Func Decript() $File = FileOpen("X:\fox2.ini", 16) $Data = FileRead($File) FileClose($File) $Key = "yourkey" $PlainText = _AesDecrypt($Key, $Data) ;ConsoleWrite($PlainText) ; Its a Binary encripted string we need to convert it then split the seprate values out with , seperating $StringDeEncripted = StringSplit(BinaryToString(_AesDecrypt($Key, $Data)), ",") $OldPass=$StringDeEncripted[2] EndFunc Func Encript() ; Part 1 - To save the password $Enable="True," $PlainText = $Enable&$NewPass ;ConsoleWrite($PlainText) $Key = "yourkey" $Data = _AesEncrypt($Key, $PlainText) $File = FileOpen("X:\fox2.ini", 2) FileWrite($File, $Data) FileClose($File) EndFunc Wow, this is a great idea! I think I'm going to use you solution for this mysql app. Thanks a lot Edited February 21, 2011 by DigitalDave99 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now