Jump to content
Sign in to follow this  
ileandros

How to prevent decompile script

Recommended Posts

ileandros

Hello,

Lately a script i uploaded on internet was decompiled and i can say i didn't really liked it.

Any ideas how can i prevent a compiled script to be decompiled???


I feel nothing.It feels great.

Share this post


Link to post
Share on other sites
BrewManNH

Have you done a search of the forums? This question gets asked at least once or twice a month. There are ways to make it harder to decompile, but there's nothing that can protect it 100%.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites
Nessie

There is no really a true way to fully protect your script from decompilation. You can use a exe protector (packer) but its hard to find one that work with autoit, and even if this will work, this make only harder the things to the person that want your code ;).

Hi!


My UDF: NetInfo UDF Play with your network, check your download/upload speed and much more! YTAPI Easy to use YouTube API, now you can easy retrive all needed info from a video. NavInfo Check if a specific browser is installed and retrive other usefull information. YWeather Easy to use Yahoo Weather API, now you can easily retrive details about the weather in a specific region. No-IP UDF Easily update your no-ip hostname(s).

My Script: Wallpaper Changer Change you wallpaper dinamically, you can also download your wallpaper from your website and share it with all!   My Snippet: _ImageSaveToBMPConvert an image to bmp format. _SciteGOTO Open a file in SciTE at specific fileline. _FileToHex Show the hex code of a specified file

Share this post


Link to post
Share on other sites
ileandros

In the script i use personal informations as email accounts etc. In case it is compiled i am f****ed...

I was thinking of setting a part of the script reading informations from internet and set them.

Got no idea how though. I want some part of it to be invisible even if the script gets decompiled. Any ideas how?


I feel nothing.It feels great.

Share this post


Link to post
Share on other sites
Nessie

Remember a computer will have to "understand" what the human want from it". So you will have always include in your exe a function for the decription of that "invisible part", so how will the pc understand what to do?

Now what is the scope of your personal info in this exe? Why you have to include this info? Tell us what is the purpose of this personal info, so we can see if there is a way to set up a part of the script on internet (like a php page o something like that).

Hi!

Edited by Nessie

My UDF: NetInfo UDF Play with your network, check your download/upload speed and much more! YTAPI Easy to use YouTube API, now you can easy retrive all needed info from a video. NavInfo Check if a specific browser is installed and retrive other usefull information. YWeather Easy to use Yahoo Weather API, now you can easily retrive details about the weather in a specific region. No-IP UDF Easily update your no-ip hostname(s).

My Script: Wallpaper Changer Change you wallpaper dinamically, you can also download your wallpaper from your website and share it with all!   My Snippet: _ImageSaveToBMPConvert an image to bmp format. _SciteGOTO Open a file in SciTE at specific fileline. _FileToHex Show the hex code of a specified file

Share this post


Link to post
Share on other sites
ileandros

After ruinning some part of the code the project stores all informations, e mails them for verification and the gives confirm back.

If you remember i was working on an e mail project. Email send functions contains personal infos as password, email etc...

What i was thinking about is:

Setting up this part of script on internet so it wouldn't be inside the script in case of decompilation. But i have no idea of php pages and can't say if it would be safer... If i would have to provide and url inside the script with the php page then again after decompilation all personal infos will be revealed

Edit:

An other thing i was thinking about is to upload this part of the project on internet, download it when the script will run, run the downloaded code and then delete it again. Even like this i will have to provide a dl url which is dangerous.

Edited by ileandros

I feel nothing.It feels great.

Share this post


Link to post
Share on other sites
corgano

1: Sandbox yourself! Do not use ANY personal information inside the script. Instead, make a new email / password just for this script

2: Autoit has a obfuscator option, that makes it much more difficult to use uncompiled scripts. tools -> compile... check the obfuscator option

3: Nothing you can really do past this point. If people want your code bad enough, the'll find a way.


0x616e2069646561206973206c696b652061206d616e20776974686f7574206120626f64792c20746f206669676874206f6e6520697320746f206e657665722077696e2e2e2e2e

Share this post


Link to post
Share on other sites
Nessie

@ileandros

Yes i remember. So if your only problem is the email seding function, you can do this with a simple .php page. Then send the info (to email, object, message, etc..) to your .php page and then read the output from the php page. In this way do not have to insert your personal info in the exe, and the user can't read the sorce of .php page ;)

Hi!

Edited by Nessie

My UDF: NetInfo UDF Play with your network, check your download/upload speed and much more! YTAPI Easy to use YouTube API, now you can easy retrive all needed info from a video. NavInfo Check if a specific browser is installed and retrive other usefull information. YWeather Easy to use Yahoo Weather API, now you can easily retrive details about the weather in a specific region. No-IP UDF Easily update your no-ip hostname(s).

My Script: Wallpaper Changer Change you wallpaper dinamically, you can also download your wallpaper from your website and share it with all!   My Snippet: _ImageSaveToBMPConvert an image to bmp format. _SciteGOTO Open a file in SciTE at specific fileline. _FileToHex Show the hex code of a specified file

Share this post


Link to post
Share on other sites
ileandros

@ileandros

Yes i remember. So if your only problem is the email seding function, you can do this with a simple .php page. Then send the info (to email, object, message, etc..) to your .php page and then read the output from the php page. In this way do not have to insert your personal info in the exe, and the user can't read the sorce of .php page ;)

Hi!

Sounds good. Where do i start? :o

I feel nothing.It feels great.

Share this post


Link to post
Share on other sites
Nessie

So only one question, your problem is only the email sending? Or your personal info have other scope in the script?

Hi!


My UDF: NetInfo UDF Play with your network, check your download/upload speed and much more! YTAPI Easy to use YouTube API, now you can easy retrive all needed info from a video. NavInfo Check if a specific browser is installed and retrive other usefull information. YWeather Easy to use Yahoo Weather API, now you can easily retrive details about the weather in a specific region. No-IP UDF Easily update your no-ip hostname(s).

My Script: Wallpaper Changer Change you wallpaper dinamically, you can also download your wallpaper from your website and share it with all!   My Snippet: _ImageSaveToBMPConvert an image to bmp format. _SciteGOTO Open a file in SciTE at specific fileline. _FileToHex Show the hex code of a specified file

Share this post


Link to post
Share on other sites
ileandros

Since it is gonna be used for only one certain account personal infos will be included in the email send function.

They have no global scope

Edit: I have been searching for some help but hard to find i find

Edited by ileandros

I feel nothing.It feels great.

Share this post


Link to post
Share on other sites
Nessie

Try this php script that i made for you, not tested but should work:

<?php

/**
* @author Nessie
* php Email Sender
*/

$sender_email = "youremail@youremail.com"; //Your email here

if (empty($_GET))
{
echo "No get variable";
exit();
}

if (!isset($_GET['to']) || !isset($_GET['subject']) || !isset($_GET['message']))
{
echo "We are sorry, but there appears to be a problem with the form you submitted.";
exit();
}

if (!filter_var($_GET['to'], FILTER_VALIDATE_EMAIL))
{
echo "Wrong email address.";
exit();
}

if (strlen(clean_string($_GET['subject'])) <= 0)
{
echo "Wrong subject name.";
exit;
}

if (strlen(clean_string($_GET['message'])) <= 0)
{
echo "Wrong message text.";
exit();
}

$to = $_GET['to'];
$subject = $_GET['subject'];
$message = $_GET['message'];

$headers = 'From: ' . $sender_email . "\r\n" . 'Reply-To: ' . $sender_email . "\r\n" .
'X-Mailer: PHP/' . phpversion();


$email_send = mail($to, $subject, $message, $headers);

if (!$email_send)
{
echo "Unable to send the email.";
exit();
}


function clean_string($string)
{
$bad = array(
"content-type",
"bcc:",
"to:",
"cc:",
"href"); //Not allowed tag
return str_replace($bad, "", $string);
}

?>

You have only to set your email in the variable $sender_email and then save the code in a .php file. To send an email just call your php page like that:

http://www.YOURHOSTING.COM/YOURSCRIPT.php?to=TOEMAIL@EMAIL.COM&subject=YOURSUBJECT&message=YOURMESSAGE

You need a web hosting that support php5 with mail function enabled.

Hi!

Edited by Nessie

My UDF: NetInfo UDF Play with your network, check your download/upload speed and much more! YTAPI Easy to use YouTube API, now you can easy retrive all needed info from a video. NavInfo Check if a specific browser is installed and retrive other usefull information. YWeather Easy to use Yahoo Weather API, now you can easily retrive details about the weather in a specific region. No-IP UDF Easily update your no-ip hostname(s).

My Script: Wallpaper Changer Change you wallpaper dinamically, you can also download your wallpaper from your website and share it with all!   My Snippet: _ImageSaveToBMPConvert an image to bmp format. _SciteGOTO Open a file in SciTE at specific fileline. _FileToHex Show the hex code of a specified file

Share this post


Link to post
Share on other sites
Melba23

ileandros,

You have been here long enough to know that discussion of this sort of thing is frowned upon and always ends up getting locked - so why start yet another thread on the subject? :huh:

However, as Nessie seems to be offering a solution for your particular problem which does not involve any "forbidden" stuff, I will leave the thread open so that the pair of you can work on it. :)

All readers,

Please read the Forum rules (there is also a link at bottom right of each page) and do NOT start threads which are obviously against the rules. It makes more work for the Mods, gets you a bad reputation, and in the case of this particular topic leads absolutely nowhere as you can find out from the many locked threads on the subject that you will find on the forum. ;)

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
ileandros

M23

Ok, thanks

Nessie

hmmmm... I did it but i think it is more work for nothing.

I compiled the part of the script and uploaded on internet. But since in both cases i have to provide an url in the script it is not safe.

I will try encrypting the url.

Cheers


I feel nothing.It feels great.

Share this post


Link to post
Share on other sites
Nessie

It's useless to encrypt and url, if a user can decript your source, he can understand how have encrypted your link. And BTW is always possibile to "intercept" the url using a network protocol analyze software like Wireshark.

But with the .php that i have provided to you, your email will not appear in the .exe, and the user can't read the php source ;)

When you call the php, the only "sensible" data will be the "to email".

Hi!


My UDF: NetInfo UDF Play with your network, check your download/upload speed and much more! YTAPI Easy to use YouTube API, now you can easy retrive all needed info from a video. NavInfo Check if a specific browser is installed and retrive other usefull information. YWeather Easy to use Yahoo Weather API, now you can easily retrive details about the weather in a specific region. No-IP UDF Easily update your no-ip hostname(s).

My Script: Wallpaper Changer Change you wallpaper dinamically, you can also download your wallpaper from your website and share it with all!   My Snippet: _ImageSaveToBMPConvert an image to bmp format. _SciteGOTO Open a file in SciTE at specific fileline. _FileToHex Show the hex code of a specified file

Share this post


Link to post
Share on other sites
Spiff59

threads which are obviously against the rules

Just curious...

Are threads discussing script-protection against the rules?

Because the thread simply contains the word "decompiler"?

I'm being sincere, I don't see what is verboten about this thread?

Share this post


Link to post
Share on other sites
Melba23

Spiff59,

The usual way to beat the existing "decompiler" is to reverse-engineer the compile process or the interpreter stub itself which is contrary to the EULA and so not open to discussion. This has been explained far too often and even the most cursory search will show multiple threads with various forms of words saying the same thing. Even though the rules prohibit discussion of "decompilation" in general, from time to time people post reverse-engineered solutions - these are locked and the code removed. However, you can find a certain number of threads which offer other ways of enhancing the protection of scripts - these have been accepted by the Devs as not being contrary to the EULA and were very sensibly offered for scrutiny by the authors before being posted on the forum. If anyone does come up with what they believe to be a legal idea for protecting scripts, I would encourage them to do the same.

As I explained above, this particular thread appears to be dealing with a way of protecting sensitive data outside the compiled script itself - hence it remains open as it does not touch on any prohibited areas that I can see.

So the answer to your question is "No", but as usual there is always a "...but" at the end. Happy with that explanation? :)

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
UEZ

You can try as a variant, too.

br,

UEZ


Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites
Melba23

UEZ,

Exactly what I was refering to above. ;)

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Spiff59

Happy with that explanation? :)

Yes, I'm happy.

I have to assume that many more posts are deleted from the Examples forum that were posted without any sort of review process, than those submitted by someone with enough experience in the forums to even know that such a process would be advisable. And, I'd suppose that many scripts that remain in the forum today remain there due to the content of the script, rather than if it had gone through some sort of pre-approval.

Anyway, that was not the gist of your reply...

You're basically saying "It takes one to know one".

If a thread begins to discuss the specifics of defeating a decompiler, it will basically also be describing how to build one.

So the management (yourself included) has to watch for, and head off, such threads.

Makes perfect sense to me.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×