AutoCamo - 98.18b

[willichan]

A little later than planned but AutoIt3Camo Updated to 0.16.2.0

Works great! Icon inclusion works, and I only have to check "Strip default interpreter resources" to get past the antivirus. (I submitted a false positive report with Symantec, but we all know how wonderfully responsive they are.)

[Mobius]

Works great! Icon inclusion works, and I only have to check "Strip default interpreter resources" to get past the antivirus. (I submitted a false positive report with Symantec, but we all know how wonderfully responsive they are.)

Thanks willichan,

I don't think you need me to tell you to be careful when stripping all the interpreter resources. , I would do this by default were there not so many possible implications.

I would not hold my breath on that Symantic FP report but It is worth a try.

A3C now strips the tail bytes from the a3x by default unless you disable the build (or camouflage) or enable post build camouflage. I was toying with this idea before but your earlier report cemented the decision.

Ed: arg spelling

Edited May 3, 2011 by Mobius

[bogQ]

i like it, i like it alot,

5 * 4 it

Only one request, try `not` to provide alot of info about what and how exactly do it do the things it do, less info the safer itl b

[Mobius]

Only one request, try `not` to provide alot of info about what and how exactly do it do the things it do, less info the safer itl b

Understood Edited May 5, 2011 by Mobius

[Warmonger]

Besides most people don't use packers (like upx - mpress ...) for security reasons dude because it is futile, they merely want to reduce the overall size of the output binary which is something that bloaters like armadillo or themida certainly cannot do.

Im sorry but you are wrong. Obfuscate and packing a executable is the only thing that stands between them, and your source code. Would I rather have a executable 900kb in size that is quite difficult to unpack, or one thats 300kb that people can easily reverse. Giving the size of todays hard drives, and network speed. I see no gain in the file size being a tad bit smaller. Edited May 7, 2011 by Warmonger

[Mobius]

Im sorry but you are wrong. Obfuscate and packing a executable is the only thing that stands between them, and your source code.

I'm not sorry that you are wrong, the only thing stalling a would be interrogator is Obfuscation and AutoIt3Camo, and maybe the use of a bloater of some kind.

An exception to this would be a packer or crypter that can also intercept the interpreters overlay (a3x) detection and reading api and thus allow them to include an overlay in their packing / crypting process.

Would I rather have a executable 900kb in size that is quite difficult to unpack, or one thats 300kb that people can easily reverse. Giving the size of todays hard drives, and network speed. I see no gain in the file size being a tad bit smaller.

Quite difficult to reverse if your search engine is broken perhaps.

You are of course not wrong to embrace your own opinion concerning what should be deemed an acceptable size of an executable.

Edited May 8, 2011 by Mobius

[MyDream]

What this?

Did I miss anything good during my absent.

The camo name remind me of another project of yours,Mobius.

Does it perform the same protection on autoit too?

Sorry, to drop in like this, but I thought the regulations regarding... amending the autoit files...etc. Or did the rules change, and Mobius back in business, doing the protection stuff.

[Mobius]

Yo MyDream, good to see you dude.

The camo name remind me of another project of yours,Mobius.

Imaginative yes?

Seriously though A3C is twice the program HkC currently is.(I'll update it one day or just merge the two)

Does it perform the same protection on autoit too?

Aye, my own special brand of n00bfuscation.

Sorry, to drop in like this, but I thought the regulations regarding... amending the autoit files...etc. Or did the rules change, and Mobius back in business, doing the protection stuff.

The rules of engagement have not changed, I guess it was our interpretation of them that was jaunty. Only time will tell.

Same as before tho dude, don't put too much faith in these lightweight methods, is still an essential deterrent in my opinion.

Respect

Vlad

[Mobius]

Updated to 17.3

Reasonably happy with this revision hence the lack of beta, those of you familiar with A3XPE's (something I gabbled tangentially about a couple of years ago) will find that they are back and use / creation of them has been made even easier through AutoIt3Camo.

As always bug reports and ideas are most welcome.

Thankyou all for your support thus far.

Respect

Ed:

The download just had to be changed after a quick update that was necessary after trying to use A3C in a full recent install of AutoIt3 (for the first time) told me that the Compiler directory is no longer used, A3C now supports the compiler directory or the Aut2Exe directory when searching for build files. Glad I found that in time

Edited March 26, 2012 by Mobius

[Mobius]

The shell integration script (too add an entrance for AutoIt3Camo for .au3 files) had a silly bug, repaired and added to first post should it be required.

[Mobius]

Updated the shell integration script again to compensate for .cfg & .a3c extensions as well as .au3, It also adds start menu entrances for AutoIt3Camo in the AutoIt v3 section.

Edited March 26, 2012 by Mobius

[WhiteLion]

amazing work!

still a little buggy:

after I protected my files I got this problems:

- the GUI looked like the old style on XP with no rounded corners and so (its like the screenshot of 1st post/AutoIt3Camo) ... okey its not nice but I could life with that.

- on "GUICtrlCreateCombo" I couldn´t see more than the first line (no selection of the other items possible) .. (I am sure this it a real bug caused by AutoIt3Camo)

- for some reasons "ShellExecute" is not executed after your wrapper. (may be related to another reason... I ll check that out)

I used a protector AFTER your tool so I am unsure if the bugs are rly caused by your tool, but I ll continue testing. (btw: in helpfile you wrote to protect by command-line before AutoIt3Camo will do its work ? or did I got that wrong ? - maybe you can tell me how to protect before AutoIt3Camo will do his work, cause most protectors wouldnt support command-line. Is it okey to use a protector after AutoIt3Camo or will this cause errors ? )

thx - whitelion

EDIT: The bugs still appear if I leave the app unprotected.

Edited June 28, 2011 by WhiteLion

[FireFox]

@whitelion

I think that you have checked the Resource checkbox on the Options tab. This disable all autoit resoures including the gui style, the bug of the combobox and much more.

I suggest you this config :

[A3C_RES]
MANIFEST=24}1}1033}#@BIN>

And remove this line from your config :

A3C_NO_RESOURCES=1

Mobius will explain your problem better than me

Br, FireFox.

Edited June 28, 2011 by FireFox

[WhiteLion]

@firefox thanx for your fast reply!

I didnt checked the resources checkbox. I didnt change anything on the options tab. I let it by default.

I tested if its the fault of the protector, but the problems are still the same without protector (if I just use AutoIt3Camo)

any other ideas ?

What I still not got is if I should use the protector after AutoIt3Camo or if there is a way to use before/while AutoIt3Camo.

the help file confused me a little about that.

[Mobius]

amazing work!

still a little buggy:

after I protected my files I got this problems:

- the GUI looked like the old style on XP with no rounded corners and so (its like the screenshot of 1st post/AutoIt3Camo) ... okey its not nice but I could life with that.

- on "GUICtrlCreateCombo" I couldn´t see more than the first line (no selection of the other items possible) .. (I am sure this it a real bug caused by AutoIt3Camo)

- for some reasons "ShellExecute" is not executed after your wrapper. (may be related to another reason... I ll check that out)

Yo WhiteLion,

First of all post (or pm me if sensitive) the config file options you are using.

AutoIt3Camo strips the default resource table of the interpreter by default, so just like a real build of a product the user needs to add certain resources that are required by the interpreter and thier product respectively.

In your case (as FireFox has already mentioned) the problem lies with the xml manifest, which among other things tells windows that your product can use enhanced visual styles. A lack of one will mean that your products graphic interface will look a bit ghetto and even certain udf's and AutoIt3 internals that depend on the visual styles expansion will not work as expected.

There are two similar solutions to your problem:

(1)

You could either save the xml manifest to a file local to your script or AutoIt3Camo with a tool such as resource hacker. Or create it from scratch after googling what one is and what it is for.

Then add an A3C resource config item for its inclusion similar to this (assuming manifest is in the directory of your script):

;
[A3C_RES]
My Manifest=24}1}1033}mymanifest.xml

During construction the local manifest file will be added and if the xml is correctly formatted your gui woes should be resolved.

(2)

You could tell AutoIt3Camo to preserve the manifest that exists in the interpreter with a similar resource config item:

;
[A3C_RES]
Snag Manifest=24}1}1033}#@BIN>

In the above for the file parameter you will see #@BIN>

• # token tells A3C that the target file is a pe file you want to grab the resource item from.
• @BIN> Internal macro that points the path of the temporary interpreter currently being used

This is the easy method which would also resolve your gui woes, plus no extra separate resource file. The downside is that you cannot change this default Au3 manifest to suit the needs of your product.

In the ETC directory of AutoIt3Camo you will fiind a file called ORGRES.cfg, this has a couple of resource config references relevant to AutoIt 3.3.6.1 that you can use in a similar manner to the above to preserve other default interpreter resource items, it looks like this:

;
[A3C_RES]
TRAY_MNU=4}166}2057}#@BIN>
INPUTBOX_DLG=5}1000}2057}#@BIN>
STR_TBL=6}7}2057}#@BIN>
STR_TBL=6}8}2057}#@BIN>
STR_TBL=6}9}2057}#@BIN>
STR_TBL=6}10}2057}#@BIN>
STR_TBL=6}11}2057}#@BIN>
STR_TBL=6}12}2057}#@BIN>
STR_TBL=6}313}2057}#@BIN>
MANIFEST=24}1}1033}#@BIN>

(3)

Alternatively and only for debugging because of serious problems with the icons you could add this config option to the top of your main config to tell A3C not to delete the default resources. (there is no gui option for this anymore)

A3C_KOR=1

I used a protector AFTER your tool so I am unsure if the bugs are rly caused by your tool, but I ll continue testing. (btw: in helpfile you wrote to protect by command-line before AutoIt3Camo will do its work ? or did I got that wrong ? - maybe you can tell me how to protect before AutoIt3Camo will do his work, cause most protectors wouldnt support command-line. Is it okey to use a protector after AutoIt3Camo or will this cause errors ? )

thx - whitelion

EDIT: The bugs still appear if I leave the app unprotected.

What protector are you using? (again pm if sensitive)

It does not matter if your chosen software armoring tool does not have any commandline parameters (just a shame) you can use most tools that support the a3x overlay after AutoIt3Camo has finished if you want to. (your tool obviously works with Au3 binaries otherwise you would not be seeing a ghetto gui)

You cannot armor the interpreter before using AutoIt3Camo because resource interaction and fuzzing (camo) would fail.

I will probably start a commonly asked questions section in the second post of this thread because the deletion of the interpreter resources has caused much confusion (manifest and error message box components most of all).

Vlad

Edited June 28, 2011 by Mobius

[Mobius]

A3C_NO_RESOURCES=1

Mobius will explain your problem better than me

Br, FireFox.

Thanks FireFox you are doing a perfect job

Only one thing is that the A3C_NO_RESOURCES=1 option (top of the options tab) tells AutoIt3Camo to ignore any entrances in A3C_RES group or in gui list box, only a main icon and version info will be added if they are specified.

Respect

Vlad

[WhiteLion]

amazing fast and understandable answer!!! 1000 thanx !

this is my batch-file:

@ECHO off
START C:\Programme\AutoIt3\Aut2Exe\A3C.exe %0%
EXIT
::AutoIt3Camo
A3C_IN=C:\Programme\AutoIt3\AutoIT-eigenerkrams\multitool\IniEditor\mainTool.au3
A3C_OUT=C:\Programme\AutoIt3\AutoIT-eigenerkrams\multitool\IniEditor\Pk-em-Editor.exe
A3C_ICO=C:\Programme\AutoIt3\AutoIT-eigenerkrams\multitool\IniEditor\pk-em-editor.ico
A3C_IRI=99
A3C_SUB=win
A3C_A2E=C:\Programme\AutoIt3\Aut2Exe\Aut2exe.exe
A3C_BIN=C:\Programme\AutoIt3\Aut2Exe\AutoItSC.bin
A3C_VRL=2057
[A3C_VER]
ProductName=Pk em Editor
FileVersion=1.00

:: ----------------------------------
::adding this solved the GUI problems:
[A3C_RES]
TRAY_MNU=4}166}2057}#@BIN>
INPUTBOX_DLG=5}1000}2057}#@BIN>
STR_TBL=6}7}2057}#@BIN>
STR_TBL=6}8}2057}#@BIN>
STR_TBL=6}9}2057}#@BIN>
STR_TBL=6}10}2057}#@BIN>
STR_TBL=6}11}2057}#@BIN>
STR_TBL=6}12}2057}#@BIN>
STR_TBL=6}313}2057}#@BIN>
MANIFEST=24}1}1033}#@BIN>

I am using VM-protect and own a legit pro license ... and it does support command-line, sorry for wrong information. (I always used GUI)

Keep up that work with amazing tool!

Greetings WhiteLion

[Mobius]

Thankyou for the config file WhiteLion (quicklaunch batch no less ), everything seems in order except one question, did you specifically select a path to the build files Aut2Exe and AutoItSC ? or were the A3C_A2E & A3C_BIN config options added by AutoIt3Camo ? (which should not have happened)

If you decide to try and automate the VM-Protect procedure via the commandline using AutoIt3Camo's execution tab / config and run into problems give me a shout.

For your particular problem with the gui you could have just added this line mentioned by FireFox and myself:

;
[A3C_RES]
MANIFEST=24}1}1033}#@BIN>

Respect

Vlad

Edited June 28, 2011 by Mobius

[WhiteLion]

did you specifically select a path to the build files Aut2Exe and AutoItSC ? or were the A3C_A2E & A3C_BIN config options added by AutoIt3Camo ? (which should not have happened)

I selected the path to aut2exe and a3c setted path to autotsc by self (GUI). after that I made exported as batch-file.

If you decide to try and automate the VM-Protect procedure via the commandline using AutoIt3Camo's execution tab / config and run into problems give me a shout.

thank you! - its easy to use cause it needs project-files configurated by GUI/expert mode in its commandline.

For your particular problem with the gui you could have just added this line mentioned by FireFox and myself:

;
[A3C_RES]
MANIFEST=24}1}1033}#@BIN>

Respect

Vlad

thanx again !

[Mobius]

I selected the path to aut2exe and a3c setted path to autotsc by self (GUI). after that I made exported as batch-file.

Phew that is alright then A3C is doing what it is supposed to, Just thought I would mention that the way you have A3C installed (in the directory of the compiler) you do not have to specify the path to the compiler or interpreter.

thank you! - its easy to use cause it needs project-files configurated by GUI/expert mode in its commandline.

No I meant some are having trouble with A3C's execution tab / config when trying to get tools they know how to use to run, not that I felt you would have difficulty with VM-Protect.