Sign in to follow this  
Followers 0
michaelslamet

[ASK] How safe is my code?

15 posts in this topic

Hi,

I'm going to build a small application using AutoIT to support the sales department. I need to put the MYSQL username and password on the code to connect to office's database. My main concern is somebody at the office can copy the exe files, decompile (or other way) and find out the username and password.

Am I worry too much? Should I concern about this... or not??

Thanks for reading and please reply if you have opinion.

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

There are decompilers out there but not to the mass public (AutoIt's newer releases are safer).

You can use Obfuscator to disguise your code also.

Edited by rogue5099

Share this post


Link to post
Share on other sites

This has been discussed many times.

Please search the forum for "secure source code" and you'll find a lot of discussions.

The conclusion is: Nothing you put in a AutoIt script or exe is save.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Well it depends how important in the real world sense your program is as to whether someone will take the time to crack it open.

There is code to stop this happeneing available for eg

http://www.autoitscript.com/forum/topic/19370-autoit-wrappers/page__view__findpost__p__199600

Maybe tie the software to something on your machine so it wont work anywhere but your machine

I sometimes make a fake .dll and add the name of it in the code as a Fileexists search so without the file it wont start

Im sure others will offer more advanced solutions for you

Chimaera

Share this post


Link to post
Share on other sites

This has been discussed many times.

Please search the forum for "secure source code" and you'll find a lot of discussions.

The conclusion is: Nothing you put in a AutoIt script or exe is save.

Thanks for your reply :)

At least can I hide a information about what compiler I use for the exe files? My current AutoIT apps, when I right click, choose "properties", on "version" tab, the compiler including what version is display. Everyone can see what the language is. I'm using Windows XP

CompilesScript: AutoIt v3 Script: 3. 3. 6. 1

Share this post


Link to post
Share on other sites

Please have a look in the SciTE help -> Extra utilities -> AutoIt3Wrapper.

With directive #AutoIt3Wrapper_Res_ProductVersion=you can set the version.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Please have a look in the SciTE help -> Extra utilities -> AutoIt3Wrapper.

With directive #AutoIt3Wrapper_Res_ProductVersion=you can set the version.

Thanks, Water :)

Can I hide the "AutoIT" text? So nobody will know what programming language I use to create the app. By that I hope it will more difficult to decompile the code.

Share this post


Link to post
Share on other sites

I use

#AutoIt3Wrapper_Res_Fileversion=1
#AutoIt3Wrapper_Res_Description=Test

and the AutoIt info is gone (on Windows XP SP 3).


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

You can Encrypt or Hash the Usernames/Passwords in your code so if someone de compiles it

will see nothing. It is not completely safe but increases security quite a bit.

Share this post


Link to post
Share on other sites

I'm not sure if SP2 or SP3 makes that much difference.

In SciTE use Ctrl+F7 and switch to the "Resource Update" tab.

F1 gives you the SciTE help file.

Test the different Wrapper settings and see if you get the desired results.

You can post your settings (found in the header of the script between "#Region ;**** Directives created by AutoIt3Wrapper_GUI ****" and "#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****") for us to test.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create accounts on the Offices SQL database for each of your users. Then have your users log in with their own username/password in order to use the application. If a password is then lost to an attacker, it's not because it was stored plain-text in your program but because your user is an idiot (pleonasm intended).

Share this post


Link to post
Share on other sites

I'm not sure if SP2 or SP3 makes that much difference.

In SciTE use Ctrl+F7 and switch to the "Resource Update" tab.

F1 gives you the SciTE help file.

Test the different Wrapper settings and see if you get the desired results.

You can post your settings (found in the header of the script between "#Region ;**** Directives created by AutoIt3Wrapper_GUI ****" and "#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****") for us to test.

Hi water,

Honestly I dont understand what you were saying :idiot: But i will find out :)

Thanks a lot ;)

Share this post


Link to post
Share on other sites

Create accounts on the Offices SQL database for each of your users. Then have your users log in with their own username/password in order to use the application. If a password is then lost to an attacker, it's not because it was stored plain-text in your program but because your user is an idiot (pleonasm intended).

Wow, this is a great idea! I think I'm going to use you solution for this mysql app.

Thanks a lot :)

Share this post


Link to post
Share on other sites

#15 ·  Posted (edited)

When I needed to use a secure password I stored it within another file then encrypted it

with aes. Then anyone that just copied the script then decompiled it would only get your

encryption key, that you can change as many times as your like. Code below should it be of use to anyone.

AES crypto I used can be found here

#Include "aes.au3"
#include <file.au3>
Func Decript()
    $File = FileOpen("X:\fox2.ini", 16)
    $Data = FileRead($File)
    FileClose($File)
    $Key = "yourkey"
    $PlainText = _AesDecrypt($Key, $Data)
    ;ConsoleWrite($PlainText)
    ; Its a Binary encripted string we need to convert it then split the seprate values out with , seperating
    $StringDeEncripted = StringSplit(BinaryToString(_AesDecrypt($Key, $Data)), ",")
    $OldPass=$StringDeEncripted[2]
EndFunc

Func Encript()
    ; Part 1 - To save the password
    $Enable="True,"
    $PlainText = $Enable&$NewPass
    ;ConsoleWrite($PlainText)
    $Key = "yourkey"
    $Data = _AesEncrypt($Key, $PlainText)
    $File = FileOpen("X:\fox2.ini", 2)
    FileWrite($File, $Data)
    FileClose($File)
EndFunc

Wow, this is a great idea! I think I'm going to use you solution for this mysql app.

Thanks a lot :)

Edited by DigitalDave99

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0