Jump to content
Sign in to follow this  
isosmart

Autoit anti decompiler

Recommended Posts

isosmart

Hi my Friends!

I present Protect IT!

Download Link = http://www.sendspace.com/file/sgkwii (If The Download link is Dead, PM me)

This is a very good French software that can obfuscate your program.

   -User-friendly

   - Prevents the user to decompile your program.

   - Need the .Net Framework 4 to Use ProtectIT (Already on 70% of Windows PC)

   - Coded in C#

   - Need Winrar to open this .exe

Your Original Code

AutoIt Version: 3.3.6.1
 Author:         COB

 Script Function:
    TEST AUFUSCOB

#ce ----------------------------------------------------------------------------

; Script Start - Add your code below here
test()
test2()
Func test()
    If (1 = 1) Then
        If (0 = 0) Then
            Local $Atrue = 'Condition toujour vrai'
        Else
            $Atrue = "Erreur"
        EndIf
        MsgBox(0, Default, $Atrue)
    EndIf
    Local $msg
    $msg = "Test"
    $msg &= " Msg"
    $msg &= "Box"
    MsgBox(0, Default, $msg)
EndFunc   ;==>test
Func test2()
    $autrevar = "Autre fonction";
    MsgBox(0, "", $autrevar)
EndFunc   ;==>test2

Your obfuscated code

$13470001 = 1363015899
While 1
    Switch $13470001
        Case 311482959
            F30343235363833313939()
            ExitLoop
        Case 1363015899
            F31353334373932303838()
            $13470001 = 311482959
    EndSwitch
WEnd
Func F31353334373932303838()
    If (1 = 1) Then
        If (0 = 0) Then
            Local $13470002 = 'Condition toujour vrai'
        Else
            $13470002 = "Erreur"
        EndIf
        MsgBox(0, Default, $13470002)
    EndIf
    $13470000 = 1363015899
    While 1
        Switch $13470000
            Case 311482959
                $13470004 = "Test"
                $13470000 = 1994086612
            Case 1330278011
                MsgBox(0, Default, $13470004)
                ExitLoop
            Case 1363015899
                Local $13470004
                $13470000 = 311482959
            Case 1994086612
                $13470004 &= " Msg"
                $13470000 = 2018228120
            Case 2018228120
                $13470004 &= "Box"
                $13470000 = 1330278011
        EndSwitch
    WEnd
EndFunc   ;==>F31353334373932303838
Func F30343235363833313939()
    $13470001 = 1363015899
    While 1
        Switch $13470001
            Case 311482959
                MsgBox(0, "", $13470003)
                ExitLoop
            Case 1363015899
                $13470003 = "Autre fonction"
                $13470001 = 311482959
        EndSwitch
    WEnd
EndFunc   ;==>F30343235363833313939

ProtectIt_0.1_le_03-08-2012.rar

Edited by isosmart

Share this post


Link to post
Share on other sites
Emiel Wieldraaijer

Hi Isosmart,

Did you write it yourself?

Still able to decompile scripts made with versions below 3.3.9.x


Best regards,Emiel Wieldraaijer

Share this post


Link to post
Share on other sites
legend

Please delete this tool, it's against the terms of services of autoit, modified the orginal AutoIt3.exe

Share this post


Link to post
Share on other sites
DW1

Please delete this tool, it's against the terms of services of autoit, modified the orginal AutoIt3.exe

The ToS is about modifying the AutoIt3.exe file, not the executable you compile yourself.

If you think there is an issue with a thread, please report it and allow a moderator to take action.

I tried running this but every time I would obfuscate a file with it, my AV would kill it (EDIT: The resulting executable and the tool).  Could be a false positive.

Edited by danwilli

Share this post


Link to post
Share on other sites
michaelslamet

Why dont just use Jos's obfuscator?

It's well written and well maintained

Share this post


Link to post
Share on other sites
Mobius

Hi Isosmart, Did you write it yourself?Still able to decompile scripts made with versions below 3.3.9.x

I would be careful mentioning that you personally checked its validity against decompilers Emiel ;) , its an obfuscator I believe the op means that it might delay reverse engineering a little.

Ed: After checking it out it is way more than just an obfuscator.

Vlad

Edited by Mobius

Share this post


Link to post
Share on other sites
Mobius

Why dont just use Jos's obfuscator? It's well written and well maintained

Yes this is true, but there is nothing wrong with a user writing alternatives to existing solutions. Edited by Mobius
  • Like 1

Share this post


Link to post
Share on other sites
Belini

@Mobius i agree with you, the more options the better.
@Isosmart the executable you posted did not work here.

Share this post


Link to post
Share on other sites
iamtheky

therein lies the riddle:

If posts on obfuscation are encouraged and allowed but mentioning the word decompile gets you chastised and threatened, then how do you test and relay the effectiveness of such a solution?


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
Melba23

boththose,

There is no riddle.

Obfuscation (as practiced by Obfuscator and as demonstrated in the snippets posted above by the OP) has never and will never be a problem. All that is changed is the script itself. :)

Altering an already compiled exe to prevent decompilation is also not a problem - several threads have been allowed showing how this might be done. However, we are certainly not going to to give official blessing to anything which might act in such a manner - it is for the individual to test them and decide whether they are suitable. And as has been already been pointed out, mentioning decompilation is best avoided here - a good reason for the results of any such tests to remain private. ;)

What is a problem is altering the AutoIt3.exe or Aut2Exe.exe executables - that is against the EULA. :naughty:

We are still testing this particular offering to decide where it falls in the spectrum. :)

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Emiel Wieldraaijer

hahahahahahahahahahaha sorry Vlad... :sweating:  i forgot you are a MVP

Cheer M8


Best regards,Emiel Wieldraaijer

Share this post


Link to post
Share on other sites
Mobius

hahahahahahahahahahaha sorry Vlad... :sweating:  i forgot you are a MVP Cheer M8

My bad Emiel ;)

I was wrong to say it was merely an obfuscator, it does much more than that.

You were right in what you said in your original post, it is version specific because its patch mechanism works through offsets, so to enable the tool to work for versions other than 3.3.6.1 and 3.3.8.1 you would have to make your own offset map profile for the version you want.

Vlad

Share this post


Link to post
Share on other sites
FaridAgl

Well, the good news is the opcode patterns are in the XML files.

I will take a look, byte patterns can easily be updated to whatever version,

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×