Jump to content
Sign in to follow this  
gil900

I found a security hole in the compiler

Recommended Posts

gil900

hello,

i found a security hole in the compiler..

the hole is that there is a easy way to know on which programing language the script/software is written and this info is a good start point for haker..

Assuming we deleted the autoit icon and any other identifying mark in the exe file, there is a still way to know the programing language!

this is the security hole:

after the exe file was built:

1) open the exe file with NotePad++ (text editor)

2) Change an ordinary letter to a different letter like i did it this example:

2rhy629.jpg

2v2xe7p.jpg

3) Save the exe file

now if you will run the exe file, you will get this error massage:

9ar37o.jpg

the error massage notes that the exe file was Written in Autolt.

i think that this is a security hole because it gives a starting point about on which programing language the exe was written..

is there a way to fix it?

Share this post


Link to post
Share on other sites
iamtheky

you didnt see AU3! in plain text while in notepad++


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
FireFox

You still have many things to detect it's an autoit executable...


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
willichan

I didn't think there was any attempt intended to hide AutoIt as the source of the EXE.

Share this post


Link to post
Share on other sites
gil900

You still have many things to detect it's an autoit executable...

So what should be done to hide this information completely?

Share this post


Link to post
Share on other sites
FireFox

So what should be done to hide this information completely?

You can't is the answer.

 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
Melba23

gil900,

Why are some people so mad keen on protecting their compiled executables? What on earth do you code that you all feel needs so much protection? :huh:

Once again: AutoIt is not and never will be secure - which is also true for any other language. Being interpreted just makes AutoIt an easier target. And the "hole" you point to above is not really that useful to a hacker - I would suggest that having the entire interpreter in each executable is a much bigger giveaway than a simple MsgBox. ;)

And could I also point out that doing what you say you have done ("deleted the autoit icon and any other identifying mark in the exe file") could be considered in contravention of the EULA: :naughty:

 

"Reverse engineering. You may not reverse engineer or disassemble the SOFTWARE PRODUCT or compiled scripts that were created with the SOFTWARE PRODUCT"

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
JLogan3o13

If only the world were filled with hackers who thought they'd stumbled on something big by opening a script in Notepad++, we'd all be safe! :)

  • Like 1

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
FireFox

If only the world were filled with hackers who thought they'd stumbled on something big by opening a script in Notepad++, we'd all be safe! :)

Yeah I think I have decrypted the source code corresponding to the first line...  :geek:


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
Edano

but a more neutral error messagebox would be nice. like: scriptname error, abnormal termination. it's on my autoit wish list ;)

  • Like 1

[color=rgb(255,0,0);][font="'comic sans ms', cursive;"]FukuLeaks[/color][/font]

Share this post


Link to post
Share on other sites
gil900

but a more neutral error messagebox would be nice. like: scriptname error, abnormal termination. it's on my autoit wish list ;)

I agree with him.

Share this post


Link to post
Share on other sites
JLogan3o13

And I would ask the same question as Melba. Why that level of paranoia? If you are coding something that super-secret, AutoIt shouldn't be your language of choice in the first place.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
Edano

And I would ask the same question as Melba. Why that level of paranoia? If you are coding something that super-secret, AutoIt shouldn't be your language of choice in the first place.

.

i am not paranoid. i just wish that my compiled exe would give out a different error notification. a user of my script may be surprised that he gets an "AutoIt error" instead a "MyProgram error", because he did not expect to have started an Autoit application.

  • Like 1

[color=rgb(255,0,0);][font="'comic sans ms', cursive;"]FukuLeaks[/color][/font]

Share this post


Link to post
Share on other sites
JohnOne

.

i am not paranoid. i just wish that my compiled exe would give out a different error notification. a user of my script may be surprised that he gets an "AutoIt error" instead a "MyProgram error", because he did not expect to have started an Autoit application.

There is a udf for that.

But I doubt it covers the compiled script having been tampered with.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites
gil900

And I would ask the same question as Melba. Why that level of paranoia? If you are coding something that super-secret, AutoIt shouldn't be your language of choice in the first place.

I understand ..

I knew I could not secure the software.

But I did not think it would be're so easy to get the name "autoit" ..

But you know what? It does not really matter to me.

But I still prefer that it will be like Edano said

Share this post


Link to post
Share on other sites
FireFox

This answer will be extreme: If your code is well written, no AutoIt Error messagebox will ever show up.

  • Like 4

 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
gil900

This answer will be extreme: If your code is well written, no AutoIt Error messagebox will ever show up.

even if i will do the trick with NotePad++ ?

Share this post


Link to post
Share on other sites
FireFox

even if i will do the trick with NotePad++ ?

Sure, because everyone enjoy doing this.

Try with another application and this one will also have an unexpected behavior.

Edited by FireFox
  • Like 1

 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
Edano

This answer will be extreme: If your code is well written, no AutoIt Error messagebox will ever show up.

.

yes that is true, but still the wish is valid.


[color=rgb(255,0,0);][font="'comic sans ms', cursive;"]FukuLeaks[/color][/font]

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×