Jump to content
Sign in to follow this  
EndGame2013

Find/Replace unknown strings

Recommended Posts

EndGame2013

What I need to do:

Open a file and read it into a variable

Search that variable for any instance of "$A" and replace every "$A" plus 4 characters after that with an encrypted version. The encryption should use the same key every time.

For example the file contains:

$A1234 = "something"

$A2351 = "something"

$A0572 = "something"

$A2000 = "something"

I want to replace all of those variable names with an encrypted version. Including the dollar sign, which when replacing should be appended back on.

How do I do this?

Share this post


Link to post
Share on other sites
water

$sFileContent = FileRead("C:\temp\test.txt")

$sFileContent = StringReplace($sFileContent, "$A1234 = ", "$YourNewVariableName = ")

; .. Repeat for every variable

FileWrite("C:\temp\testNew.txt", $sFileContent)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
EndGame2013

$sFileContent = FileRead("C:\temp\test.txt")

$sFileContent = StringReplace($sFileContent, "$A1234 = ", "$YourNewVariableName = ")

; .. Repeat for every variable

FileWrite("C:\temp\testNew.txt", $sFileContent)

There are thousands of variables of which I do not know the name of, I only know they start with $A.

This is what I came up with which seems to do the trick:

#include <String.au3>
$fh = FileOpen(@workingdir &"\obfuscated.au3",0)
$file = FileRead($fh)
FileClose($fh)
$i = 0
$a = 0
while $i < 5000
$found = StringMid($file,StringInStr($file, "$A")+1, 6)
$file = StringReplace($file,$found,_StringEncrypt(1,$found,'somekey',1))
$i = $i +1
$a = $a +1
if $a >= 25 then
$percent = round(($i/5000)*100,2)
ConsoleWrite($percent&@CRLF)
$a = 0
EndIf
wend
$fh = FileOpen(@workingdir&"\crypt_obfu.au3",2)
FileWrite($fh,$file)
FileClose($fh)
ConsoleWrite("DONE!")

What it does is search for 5000 strings that start with $A and replaces the 6 characters after $ with an encrypted version of that string. Put a little bit of console write stuff in there to track the progress, save to a new file and done!

I wanted this so I could encrypt the variable names of an obfuscated script and still have it function properly. The only reason to do this is to further confuse someone if they get to the source code, and possibly confuse a deobfuscator.

EDIT* By the way this is in no way fast if you have thousands of variables, which is likely. Patience is key I suppose :D

Edited by SkybotGaming

Share this post


Link to post
Share on other sites
AutoBert

  • declarate the array-variable
  • Read the File into the Array _FilereadToArray
  • Generate the Key from your Passwort _Crypt_DeriveKey
  • Loop through the array For ...

    • using the "&" Operator,
    • _Crypt_EncryptData
    • StringMid to manipulate the array-element
  • ... Next
  • Write the array back to a File _FileWriteFromArray
  • destroy the key _Crypt_DestroyKey

Just have a look to the functionnames in the helfile. With the needed include-File it's a script in 9 Lines

Share this post


Link to post
Share on other sites
water

There are thousands of variables of which I do not know the name of, I only know they start with $A.

Sorry, I didn't read you original post carefully enough :D

Please use obfuscator on your file as Jos suggested. Your file contains plain AutoIt code so encrypting the variable names is a job for obfuscator - and I'm sure it's faster.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-12-03 - Version 1.4.11.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
EndGame2013

Sorry, I didn't read you original post carefully enough :D

Please use obfuscator on your file as Jos suggested. Your file contains plain AutoIt code so encrypting the variable names is a job for obfuscator - and I'm sure it's faster.

Yes but I am making the variable names even longer. Also, I do not know how the obfuscator works.

* removed *

Edited by Jos

Share this post


Link to post
Share on other sites
guinness

Wait! You did what? Read the forum rules first, you've just broken the number one rule of AutoIt, congratulations.

As well as studying the rules intensively, look at the FAQ on decompiling too and come back when you've learnt them by heart. Also your username is little suggestive of what your program probably does.

Reported.

Edited by guinness

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
Jos

For the record: The variable and Func naming can not be de-obfuscated as the information isn't available anywhere.

Other than that: all that needs to be said is said about it so don't start a new topic on this because this only triggers attention to it and you basically are doing it to yourself.

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×