Jump to content

Find/Replace unknown strings


Recommended Posts

What I need to do:

Open a file and read it into a variable

Search that variable for any instance of "$A" and replace every "$A" plus 4 characters after that with an encrypted version. The encryption should use the same key every time.

For example the file contains:

$A1234 = "something"

$A2351 = "something"

$A0572 = "something"

$A2000 = "something"

I want to replace all of those variable names with an encrypted version. Including the dollar sign, which when replacing should be appended back on.

How do I do this?

Link to comment
Share on other sites

$sFileContent = FileRead("C:\temp\test.txt")

$sFileContent = StringReplace($sFileContent, "$A1234 = ", "$YourNewVariableName = ")

; .. Repeat for every variable

FileWrite("C:\temp\testNew.txt", $sFileContent)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

$sFileContent = FileRead("C:\temp\test.txt")

$sFileContent = StringReplace($sFileContent, "$A1234 = ", "$YourNewVariableName = ")

; .. Repeat for every variable

FileWrite("C:\temp\testNew.txt", $sFileContent)

There are thousands of variables of which I do not know the name of, I only know they start with $A.

This is what I came up with which seems to do the trick:

#include <String.au3>
$fh = FileOpen(@workingdir &"\obfuscated.au3",0)
$file = FileRead($fh)
FileClose($fh)
$i = 0
$a = 0
while $i < 5000
$found = StringMid($file,StringInStr($file, "$A")+1, 6)
$file = StringReplace($file,$found,_StringEncrypt(1,$found,'somekey',1))
$i = $i +1
$a = $a +1
if $a >= 25 then
$percent = round(($i/5000)*100,2)
ConsoleWrite($percent&@CRLF)
$a = 0
EndIf
wend
$fh = FileOpen(@workingdir&"\crypt_obfu.au3",2)
FileWrite($fh,$file)
FileClose($fh)
ConsoleWrite("DONE!")

What it does is search for 5000 strings that start with $A and replaces the 6 characters after $ with an encrypted version of that string. Put a little bit of console write stuff in there to track the progress, save to a new file and done!

I wanted this so I could encrypt the variable names of an obfuscated script and still have it function properly. The only reason to do this is to further confuse someone if they get to the source code, and possibly confuse a deobfuscator.

EDIT* By the way this is in no way fast if you have thousands of variables, which is likely. Patience is key I suppose :D

Edited by SkybotGaming
Link to comment
Share on other sites

  • declarate the array-variable
  • Read the File into the Array _FilereadToArray
  • Generate the Key from your Passwort _Crypt_DeriveKey
  • Loop through the array For ...

    • using the "&" Operator,
    • _Crypt_EncryptData
    • StringMid to manipulate the array-element
  • ... Next
  • Write the array back to a File _FileWriteFromArray
  • destroy the key _Crypt_DestroyKey

Just have a look to the functionnames in the helfile. With the needed include-File it's a script in 9 Lines

Link to comment
Share on other sites

There are thousands of variables of which I do not know the name of, I only know they start with $A.

Sorry, I didn't read you original post carefully enough :D

Please use obfuscator on your file as Jos suggested. Your file contains plain AutoIt code so encrypting the variable names is a job for obfuscator - and I'm sure it's faster.

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

Sorry, I didn't read you original post carefully enough :D

Please use obfuscator on your file as Jos suggested. Your file contains plain AutoIt code so encrypting the variable names is a job for obfuscator - and I'm sure it's faster.

Yes but I am making the variable names even longer. Also, I do not know how the obfuscator works.

* removed *

Edited by Jos
Link to comment
Share on other sites

Wait! You did what? Read the forum rules first, you've just broken the number one rule of AutoIt, congratulations.

As well as studying the rules intensively, look at the FAQ on decompiling too and come back when you've learnt them by heart. Also your username is little suggestive of what your program probably does.

Reported.

Edited by guinness

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Link to comment
Share on other sites

  • Developers

For the record: The variable and Func naming can not be de-obfuscated as the information isn't available anywhere.

Other than that: all that needs to be said is said about it so don't start a new topic on this because this only triggers attention to it and you basically are doing it to yourself.

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...