Sign in to follow this  
Followers 0
EndGame2013

Find/Replace unknown strings

9 posts in this topic

What I need to do:

Open a file and read it into a variable

Search that variable for any instance of "$A" and replace every "$A" plus 4 characters after that with an encrypted version. The encryption should use the same key every time.

For example the file contains:

$A1234 = "something"

$A2351 = "something"

$A0572 = "something"

$A2000 = "something"

I want to replace all of those variable names with an encrypted version. Including the dollar sign, which when replacing should be appended back on.

How do I do this?

Share this post


Link to post
Share on other sites



$sFileContent = FileRead("C:\temp\test.txt")

$sFileContent = StringReplace($sFileContent, "$A1234 = ", "$YourNewVariableName = ")

; .. Repeat for every variable

FileWrite("C:\temp\testNew.txt", $sFileContent)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

$sFileContent = FileRead("C:\temp\test.txt")

$sFileContent = StringReplace($sFileContent, "$A1234 = ", "$YourNewVariableName = ")

; .. Repeat for every variable

FileWrite("C:\temp\testNew.txt", $sFileContent)

There are thousands of variables of which I do not know the name of, I only know they start with $A.

This is what I came up with which seems to do the trick:

#include <String.au3>
$fh = FileOpen(@workingdir &"\obfuscated.au3",0)
$file = FileRead($fh)
FileClose($fh)
$i = 0
$a = 0
while $i < 5000
$found = StringMid($file,StringInStr($file, "$A")+1, 6)
$file = StringReplace($file,$found,_StringEncrypt(1,$found,'somekey',1))
$i = $i +1
$a = $a +1
if $a >= 25 then
$percent = round(($i/5000)*100,2)
ConsoleWrite($percent&@CRLF)
$a = 0
EndIf
wend
$fh = FileOpen(@workingdir&"\crypt_obfu.au3",2)
FileWrite($fh,$file)
FileClose($fh)
ConsoleWrite("DONE!")

What it does is search for 5000 strings that start with $A and replaces the 6 characters after $ with an encrypted version of that string. Put a little bit of console write stuff in there to track the progress, save to a new file and done!

I wanted this so I could encrypt the variable names of an obfuscated script and still have it function properly. The only reason to do this is to further confuse someone if they get to the source code, and possibly confuse a deobfuscator.

EDIT* By the way this is in no way fast if you have thousands of variables, which is likely. Patience is key I suppose :D

Edited by SkybotGaming

Share this post


Link to post
Share on other sites

  • declarate the array-variable
  • Read the File into the Array _FilereadToArray
  • Generate the Key from your Passwort _Crypt_DeriveKey
  • Loop through the array For ...

    • using the "&" Operator,
    • _Crypt_EncryptData
    • StringMid to manipulate the array-element
  • ... Next
  • Write the array back to a File _FileWriteFromArray
  • destroy the key _Crypt_DestroyKey

Just have a look to the functionnames in the helfile. With the needed include-File it's a script in 9 Lines

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

There are thousands of variables of which I do not know the name of, I only know they start with $A.

Sorry, I didn't read you original post carefully enough :D

Please use obfuscator on your file as Jos suggested. Your file contains plain AutoIt code so encrypting the variable names is a job for obfuscator - and I'm sure it's faster.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Sorry, I didn't read you original post carefully enough :D

Please use obfuscator on your file as Jos suggested. Your file contains plain AutoIt code so encrypting the variable names is a job for obfuscator - and I'm sure it's faster.

Yes but I am making the variable names even longer. Also, I do not know how the obfuscator works.

* removed *

Edited by Jos

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Wait! You did what? Read the forum rules first, you've just broken the number one rule of AutoIt, congratulations.

As well as studying the rules intensively, look at the FAQ on decompiling too and come back when you've learnt them by heart. Also your username is little suggestive of what your program probably does.

Reported.

Edited by guinness

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

For the record: The variable and Func naming can not be de-obfuscated as the information isn't available anywhere.

Other than that: all that needs to be said is said about it so don't start a new topic on this because this only triggers attention to it and you basically are doing it to yourself.

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0