Jump to content

CodeCrypter - Encrypt your Script


RTFC
 Share

Recommended Posts

Hi !

I just test it and i don't know how you did it, but that's simply amazing !!

I didn't change the key since I have to understand better how it works and how to create

a script that would run ok on another environnements :)

For an advice, maybe you could put every needed files in one zip,

and some Tools to automate the crypt process.

last advice, it's not easy to use codescanner ( treeview click interface ), a little more explanation would be interesting :)

but at last, that's amazing. How much security can we guess with this ? Does it prevent decompilation ?

i'll test with bigger script I have and try to report you.

Hope some users will test it too, maybe afraid of all needed scripts, but as you said, once understood, it's easy :)

Great job !

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Link to comment
Share on other sites

Hi arcker,

Read many of your posts in the past; your Service UDF is outstanding, I use it almost daily! :thumbsup:

Thanks very much for responding so positively and your helpful suggestions! :)

A single zip package is easily set up, but a bit of a pain to maintain afterwards (whenever any of the pieces change, I'd have to update every bundle too). But it's probably an additional threshold for people who might be mildly interested, but don't want to have to jump through lots of hoops to get it working. So I can definitely set that up now.

Tools to automate the crypt process?  CodeCrypter was supposed to take care of that (see Presets). Or do you mean selecting/setting up a new key definition? Interesting suggestion, I'll have to think about that.

Codescanner is as you say kind of sparsely explained, it's true. :think: But I don't see how a tutorial pdf or FAQ is going to help much. I suppose I could make a short flash video tutorial (and maybe another one for CodeCrypter?), to show that it really can all be done in a few clicks. People don't have to program a single line to obfuscate and heavily encrypt  their script, I guess I need to clarify this. If any Moderator is reading this, how would posting a video work? Would I post a YouTube link or should I upload an .flv directly, or do it some other way? Any suggestions welcome (I'm still a complete noob on all this posting stuff).

How much security?

A determined, skilful attacker would be able through decompilation to figure out how you obtain your decryption key, but not what it is, unless they have access to the full environment (host machine, User ID, and whatever else you use as key(s)) where the script is intended to run. So your script is safe to the extent to which the key is protected. No amount of decompilation can reveal what is not present to begin with, and the key itself is never stored anywhere. But if an attacker can install hidden spying software on a legitimate user's machine and/or fake-personify the user, there's not much I can do against that. Nothing is 100% secure, and people are usually the weakest link in any crypto.

To give an example: an attacker can figure out by analysing the code that you're using (for example) keytype 1, which queries the user for a password at startup. They could of course also figure this out if they can watch a legitimate user start the script. So then it's simply a question of whether the real user can keep their password safe without taping a note of it to their keyboard or screen. I suggested in CodeCrypter's Q&A pdf to create a more secure key by maybe combining something user-specific, something machine-specific and your own web server's response to the script's unique serial number (you'd have to put that serial number in yourself, I'm afraid, and define an InetGet() keytype in MCFinclude).

The encryption itself is currently using Ward's AES, which AFAIK even the NSA has trouble with (no obvious backdoor in the algorithm, like DES for example), but you can use whatever algorithm you want (just replace the few encryption calls in MCF and one decrpytion call in MCfinclude).

I've tried to give people as much control as possible.

Thanks again for your encouragements! I'll see if I can make things easier...

RT

Link to comment
Share on other sites

Hi there!

I just started looking into scripting, and chose AutoIt since my boss thought it was simply amazingly easy to understand once you get the hang of it.

Although I am indeed at the bottom of the knowledge tree, i understand what you have done here and I must say it is rather impressive.

Personally, I have only made small installers, using different multi install sources like Ninite.com (for Client and Internal machines) and it is working perfectly fine.

I am looking to expand my knowledge, which is why I am commenting on this post - I hope brilliant people like yourself and your commenters keep this up :)

Lastly, i wish to thank the community for posting examples like this, I have read alot of examples and posts in the "GUI help" sections to get ideas and expand my understanding.

Thank you!

Link to comment
Share on other sites

Hi Siggassen, and welcome to the AutoIT forums!

Thanks for your comments, very much appreciated!

I only started using AutoIt less than a year ago myself (did have previous programming experience though). The great thing about this language (to me at least) is that it is not only incredibly simple and intuitive to get started with, but it also keeps growing with you; as your own knowledge expands, you discover new, powerful ways to use it (Dll calls, for example). And I've benefited greatly from other people's amazing UDFs (code annotations also clarify a lot) and their helpful replies to queries. Not at all like some other forums I know...

Best of luck with your projects! :bye:

RT

Link to comment
Share on other sites

Hi RTFC,

Thx for your word about Services UDF, even if I really fixed it early ( you learn so much in 5 years Oo )

I try to pass more time here on community to help since autoit has served me well in the past years in my carrier :)

For your project, no problem for the automatization of the crypt process.

I would just post a screenshot about codescanner and how to program it, even if I love this interface, it's original and

all information we need is here.

I've another question : I've seen a lot of execute, so I wonder about performance, even if I know that's not the point here.

if you have just some bench on it :)

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Link to comment
Share on other sites

Hi again arcker,

Thanks re. the interface, it was the first time I used TreeViews, so I thought, might as well see how else it could be useful aside from showing includes and calls.

Screenshots would be quick and easy to do, I'll see if I can rustle something up when I have a spare moment.

Benchmarks I haven't done yet. I suspect it's very reliant on your baseline, i.e., the kinds of commands your script is using. As a rough rule of thumb (mentioned in my Q & A / FAQ pdf in the CodeCrypter thread), I guesstimated a factor 2 for single encryption (keytype visible in MCFCC calls) and a factor 3 for nested encryption (keytype hidden), but that may be wide off the mark. You can reduce the processing load by enabling subset encryption, so under the Tab Encrypt you would enable the subset checkbox and set the proportion (or percentage) to less than 1 (c.q. <100%); the encryption then only affects a proportion (selected at random). If you enter an integer number N larger than one, CodeCrypter will sequentially encrypt only every N-th line (of the total number of encryptable lines). So you can reduce the extra processing load that way if you're not too worried about your code design and ideas being partly legible.

You can also encypt specific lines (well, phrases) you select yourself, for example a particular bunch of UDFs you need to protect, leaving the GUI part in clear code. See the Q & A pdf for instructions how to do this. (Basically you run a full encrypt pass first, then rebuild the phrasesNew array the way you want from phrasesUsed and phraseEncryp, then call CreateNew.)

Finally, the simplest way to reduce the processing load is to move the location where you include MCFinclude.au3 in your script. If this is your first line, then all other includes that follow it will be encrypted too, and since these #includes are publicly available anyway, it may be a waste of time to shield that. So I tend to make MCFinclude the last include before my main code starts, so only my own stuff is protected. (I would however obfuscate everything, since it costs nothing extra in processing power).

Slowdown is definitely an issue, you're right. I tested CodeCrypter on a few AutoIt games, and unless you reduce the encryption to a subset of about 10%, games like Mario and Autoiteroids become so slow that they're unplayable; same story with trancexx's XMplayer, which just fails altogether if more than a tiny fraction is encrypted. If slowdown is an issue, you'll have to do some fine-tuning to decide which parts of your code need protection most. It can be a difficult trade-off.

BTW I updated CodeScanner this morning, still version 2.0, but fixed a small bug.

Link to comment
Share on other sites

Hello nullschritt,

Nope, not using key pairs. It works like this:

  • you include the supplied file MCFinclude.au3 in your script
  • this file contains an initialisation function called MCFCC_Init()
  • this function contains various optional calls and macros that when invoked, return some string from the environment. You can use one (or more) of the pre-supplied ones, or add new calls (to existing functions or your own UDF) yourself. One of the supplied defaults (option 1) is for example the old chestnut of the user password query dialog box at startup. The important part is, these calls all extract some information from the run-time environment (the user, the host machine, the network, the internet, whatever).

The returned string is your decryption key for the encrypted code lines.

Now the trick is that you can tell Codecrypter when you encrypt to use either:

  • a direct call to your chosen initialisation function (in this case the target will work only in your own environment), OR
  • an "expected response" you enter yourself, that matches some other environment (so the target will only work there).

CodeCrypter uses the response as key to encrypt your code, and edits the dummy call to MCFCC_Init to initialise with your defined function call, and the moment you exit CodeCrypter, the key is gone. When the encrypted script is started, MCFCC_Init calls your selected function, this returns some string, which is used as decryption key. If the returned string does not match your original key, only garbage is returned, and the programme won't run.

Hope that clarifies matters! ;)

For more information, see the Remarks section inside the CodeCrypter script.

Edited by RTFC
Link to comment
Share on other sites

First I give you my special thanks for sharing this useful tool! Nice to see in this forum that kind of tools which are trying to protect our work!

I have a little issue or I can't understand very well but .... I use autoit-v.3.3.8.1 and:

1. I have a simple script in which I placed the MCFinclude.au3

2. I place the requared include AES.au3, MCF.au3, MCFinclude.au3, readCSdatadump.au3

3. Furst I run CodeScanner ( with WriteMetaCode=True ). It create folder myscript.au3.CS_DATA

4. Then codecrypter.exe which create MCF0test.au3

All this is ok but my new script give this error:

#include _MCFCC("0x04E69DA809736DCB6752B39D3C6CF669184CBAD8C44FABBB9456EF6E3673E1AC487",3)

MCF0test.au3(2,10) : ERROR: illegal character in include directive.
#include _

I make something wrong.. the help file is not helping me ;)

Thanks!

Link to comment
Share on other sites

Hello TonyBriscoe,

Firstly ,thanks for your comments.

Re. your issue, something definitely went very wrong because your new script should no longer contain any includes.

My first suggestion would be to create a BackTranslated testMCF0.au3 (either from CodeScanner or from CodeCrypter) from your original script. If this script still contains lines that start with #include ... then that would be very odd. In that case, I would love to analyse your script to see how that could possibly have happened.

Secondly,  maybe I've misunderstood, but your point 2 seems to suggest that you've included MCF.au3 etc in your script?? If that's the case, that would be a mistake, because you should only include MCFinclude.au3 (which automatically includes AES.au3). Under no circumstance should any of the other includes you mention in point 2 be explicitly incorporated in your script.

Thanks for pointing this out, I will amend the instructions to clarify this.

So 1) remove all MCF-related #includes from your script except MCFinclude.au3, and 2) do a BackTranslate, and check that all #include lines are removed from your testMCF0.au3 output. If not, then please let me know.

Best of luck,

RT

Link to comment
Share on other sites

No, my simple script contain only MCFinclude.au3 include.

#include <MCFinclude.au3>

Local $Is = 1
While $Is<11
    Sleep(1)
    MsgBox(-1,"Count Up to 10",".. and the count is: " &$Is,1)
    $Is+=1
WEnd

All other necessery file (AES.au3, MCF.au3, MCFinclude.au3, readCSdatadump.au3) I placed in the include folder of the autoit program.

The BackTranslated give me this ( again it have includes inside ):

; CODE SCANNER Output
;
; Source Language: AutoIt
; Extracted from : D:\test\myscript.au3
; on             : 2013-10-29, at 21:15:08
; CodeScanner was itself running AutoIt version: 3.3.8.1
;
; This Single-Build was generated on 2013-10-29, at 21:15:45
;===========================================================

#include "MemoryConstants.au3"       ; {file:4}{line:3}
#include "StructureConstants.au3"       ; {file:4}{line:4}
#include "ProcessConstants.au3"       ; {file:4}{line:5}

#include "SecurityConstants.au3"       ; {file:5}{line:3}
#include "StructureConstants.au3"       ; {file:5}{line:4}

#include "StructureConstants.au3"       ; {file:7}{line:3}
#include "FileConstants.au3"       ; {file:7}{line:4}

Global $__gaWinList_WinAPI[64][2] = [[0, 0]]       ; {file:7}{line:19}{ref637}
Global Const $__WINAPICONSTANT_GW_HWNDNEXT = 2       ; {file:7}{line:47}{ref658}
Global Const $__WINAPICONSTANT_GW_CHILD = 5       ; {file:7}{line:48}{ref659}

Func __WinAPI_EnumWindowsAdd($hWnd,$sClass="")       ; {file:7}{line:1898}
    If $sClass="" Then $sClass=_WinAPI_GetClassName($hWnd)       ; {file:7}{line:1899}
    $__gaWinList_WinAPI[0][0]+= 1       ; {file:7}{line:1900}
    Local $iCount=$__gaWinList_WinAPI[0][0]       ; {file:7}{line:1901}
  ..............................................................................................................

And this is given potential issues:

issues_zpsc6421d21.jpg

I think that there is something wrong with my included files. I uploaded them here if you want to take a look:

https://mega.co.nz/#!E80RRI7Z!BzH6YTGXd40gumABGuiDTCvqweZckTpjFDQX4XGwFBU

Thanks for your reply and trying to help!

Link to comment
Share on other sites

Hi again,

Sorry to hear you're still having trouble with this. I've tried unsuccessfully to reproduce your problem, first with my own test scripts, then (when you posted your code) with yours.

That CodeScanner output is nothing to worry about; those includes are flagged quite often as redundant (depends on which WinAPI functions are actually called), and regardless of whether CodeScanner considers files redundant, the MCF writer processes them anyway, so in CodeCrypter you can still decide to keep everything in.

I have trouble downloading from your posted link; FF requests my permission to download large files, but offers no way of giving it (apparently lots of people are struggling with the same problem on the web). I've been playing with the permissions, but nothing I tried lifts the block.

I did however copy your test script, ran it, CodeScanned it, BackTranslated it, encrypted it.

I can't find anything wrong with it, and everything works as normal at this end.

I've attached my copy of your script (weird.au3), the single build (MCF0.txt), the backtranslation (MCF0.au3), and the encrypted version (MCf0test.au3) using default settings.

weird.zip (apologies for the renaming, I have too many "test" scripts/dirs already)

The encrypted version uses password "test" all lower-case

Some questions:

  • Does this happen only with this script or with every script you try?
  • Are your original scripts ASCII or UniCode? (bit of a long shot)
  • What happens when you process my copy of your original script (weird.au3)?
  • Can you do a file compare between your version and my copy?

 

Codescan + CreateMCF0 + Backtranslation is enough (don't forget to call Create Single Build before each Backtranslation; a newer version of MCF (not yet uploaded) will do this automatically, but this one still requires manual labour (well, an extra click). If the Backtranslate still has #includes in it then it failed.

I must say I'm baffled :unsure: , and not being able to reproduce the error makes it difficult for me to help you, I'm sorry to say. If my copied version is essentially the same as yours, then I suspect there's something peculiar in your AutoIt environment (as we are running the same version, it can't be that). and could you perhaps just attach your own version of your script to your next post here (the web code paste in the post may hide some low-level differences)? Thanks.

 

Edited by RTFC
Link to comment
Share on other sites

@TonyBriscoe

I finally managed to download your includes, hooked them up, reran your test script, and it all works flawlessly here.

If the tests in my previous post don't clarify matters, you could edit your MCF.au3 (maybe save a copy of the original first) around line 795, in recursive UDF _WriteMCF0()  where the very first metacode checked for is "{incl". I suspect that somehow, in your environment, for whatever reason, that stringtest fails. If you have a hex editor, you may also wish to check "#include ..." lines in metacode files MCF1-MCF* for 00h, FFh, or other "empty" characters that are not 09h or 20h. If the StringinStr fails to find the  {incl#} metacode tag because of some file corruption, then the converter would treat it as a normal compiler directive, and copy it verbatim.

You could perhaps add a Msgbox(0,"",$curline), if $pos1<1 And stringleft($curline,8)="#include" to determine which lines are skipped, that will help you focus on whatever is tripping up the StringinStr test.

Link to comment
Share on other sites

So sorry for the trouble that I've created for you by downloading the files.. This was my mistake to not upload them here..

Thank you very much for taking your time and given me enough examples and explanations to help me with solving the problem, but it still persist :( .

Some answers:

  • Does this happen only with this script or with every script you try? - This happen with every script.
  • What happens when you process my copy of your original script (weird.au3)? - it works fine.
  • Can you do a file compare between your version and my copy? - Yes, the only difference is in the beggining where my script begin with some includes and some missing Globals..

I think that the codescanner miss some includes, so after that the codecrypter can't do his wokr correct.

I attach the files that you need to compare and I'll try again to see what is wrong with me according your suggestions.

Wishing you all the best!

Tony

myscript.rar

Link to comment
Share on other sites

I am a 24-carat, industrial strength moron. :doh:

What do all your retained includes have in common? They are all Constants files.

Your latest upload allowed me to check your CodeScanner settings. What do you have switched off? Include constants files.

Now I haven't figured out how CodeScanner was able to process MetaCode with this switch off; it's automatically switched on whenever you set WriteMetaCode on. You didn't edit your CodeScanner.ini file by hand inbetween, did you?

Anyway, I'll add some additional checks in CodeScanner to ensure that this will be impossible in future; expect an update in the near future.

For now, just make sure you've got "Include Constants files" switched on in the Settings before you process your target source. That should fix it.

Link to comment
Share on other sites

Thank you so mutch!

    In the beginning I changed only the WriteMetaCode to be True in the CodeScanner settings and I did not pay attention that IncludeConstants was False ! Now all works PERFECT and I can continue using it in my main projects! I will continue to give my feedback here.

  Once again Thank You for your excellent work!

Respectfully,

Tony

Link to comment
Share on other sites

Glad I could help! :)

Thanks for persisting, the output shows that I need to build in some extra settings checking in CodeScanner (working on it...) I guess because writemetacode and includeconstants are normally synced, I failed to consider the notion of them becoming unsynced later. It's not supposed to happen, but Murphy's Law always applies. My bad. :idiot:

Link to comment
Share on other sites

CodeScanner updated to version 2.1 (MCF-related bug fixes), updated in bundle, and FAQ updated.

Link to comment
Share on other sites

  • 4 weeks later...

Hi RTFC,

first I want to say thank you for your nice tool-package.

I have some problems to get SetError() to work with an encrypted script.

Take the following example-script and then encrypt it with codecrypter:

#include "..\CodeScannerCrypterBundle\MCFinclude.au3"

Func _Test($test)
    If $test == "" Then
        Return SetError(1, 0, "")
    EndIf
    Return $test
EndFunc

Local $test = _Test("test")
If @error Then
    ConsoleWrite("1st call Error: " & @error & @CRLF)
Else
    ConsoleWrite("1st call Value: " & $test & @CRLF)
EndIf

$test = _Test("")
If @error Then
    ConsoleWrite("2nd call Error: " & @error & @CRLF)
Else
    ConsoleWrite("2nd call Value: " & $test & @CRLF)
EndIf

The (unencoded) original output after run the script is:

1st call Value: test
2nd call Error: 1

But after encryption the console output is:

1st call Value: test
2nd call Error: 0

Do you have an idea, how to overcome this?

Thanks in advance.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...