Jump to content

CodeCrypter - Encrypt your Script


RTFC
 Share

Recommended Posts

Thanks for posting your test code. I'll have a look at it, and see if I can figure out why it's not working for you. I hope it's something simple, but I won't be able to tell until I've gotten my hands dirty myself. Thanks for your efforts in any case.

BTW, forgot in my previous post to thank you for reporting on Win8 issues. Unfortunately, I don't have any machines with Win8 OS versions, and will likely skip straight to Win10 anyway. So it might be a long time before I can determine what the problem might be in that OS.

Edited by RTFC
Link to comment
Share on other sites

Alrighty, I'm happy to report that you made a classic mistake, :P which is trivial to fix.

Let me give you a hint by way of a question; how carefully did you read my comments immediately below the line

#endregion Encryption2 in MCFinclude.au3? More specifically, the last two lines of this first paragraph:

; Anything below this region will be encrypted twice (when nested encryption is set):
;1) runtime-encryption using your selected keytype, itself nested inside:
;  2) a fixed-key encryption (using the contents of $CCkey[0] as key)
; If nested encryption is disabled, anything below this region will be encrypted with
;       runtime-encryption using your selected keytype.

Now think about where you placed your hashing functions. Do you see the problem here? You've placed the function that generates your runtime decryption key inside the region that is itself encrypted with the very key it is supposed to generate; an ever so slightly circular argument. :lol:

So it's easily fixed, by placing your hashing functions anywhere above _MCFCC_Init(). Anywhere within #endregion Encryption2 will do; its contents will then be encrypted with the additional fixed encryption key, which is available at startup. Now, a determined hacker may stilll be able to reverse-engineer your hashing function itself, but as long as its inputs are extracted from the runtime environment outside of the script/exe, that won't matter, because those data are never stored inside the programme. So as long as the proverbial hacker can only steal the exe, and has no permanent access to the full environment from which they stole it (to run a dynamic debugger there), your code is safe.

In my test environment your hash function decrypts without a hitch. Please let me know if you encounter additional problems.

RT B)

Edited by RTFC
Link to comment
Share on other sites

@kaisies: a little addendum (feeling generous this morning) :)

For your automation needs, it's worth mentioning that CodeScanner (not Crypter) can also handle encryption, and can be controlled by cmdline switches. The only drawback is that the current version does not have a switch (yet) for skipping the scanning part, but this is just two calls in the cmdline section that you would have to disable:

_AnalyseCode()          ; run the engine
        _WriteCSDataDump($fulldump) ; dump CS data

At some point I'll update the bundle again, and the next version of CodeScanner will have a switch (/x) to skip scanning and just encrypt with your chosen encryption settings.

Secondly, if the code is to be tied to a specific physical location, then you may be able to get away with implementing a single encryption if you have an internet server running 24/7. In that case, you could let your encrption function send machine- or other specs to your server, your server matches those against the WAN IP it is supposed to come from (or some other transmission feature that it does not explicitly send, but is unique), and if so, sends back some other data specific to the target location that your code uses together with other data specific to that particular environment (that it has not sent) to generate the universal hash used as decryption key. But this may be too complicated or unfeasible (due to DHCP, for example); dunno, just thinking out loud. :geek:

Edited by RTFC
Link to comment
Share on other sites

Hah! after moving the hash function to the correct section, it is now working..

I do notice two things:

When using UDF's with #forceref <var> and obfuscate, the <var> does not change to the obfuscate'd var name.  Is there a option i'm missing?

Also, when running codescanner+crypter, one of them likes to leave out the __SQLite_ConsoleWrite, it doesn't obfuscate or encrypt anything related to it, so I've just been manually copying the function back into the final au3.

; #INTERNAL_USE_ONLY# ===========================================================================================================
; Name...........: __SQLite_ConsoleWrite
; Description ...: write an ANSI or UNICODE String to Console
; Syntax.........: __SQLite_ConsoleWrite ( $sText )
; Parameters ....: $sText - Unicode String
; Return values .: none
; Author ........: jchd
; Modified.......: jpm
; ===============================================================================================================================
Func __SQLite_ConsoleWrite($sText)
    ConsoleWrite($sText)
EndFunc   ;==>__SQLite_ConsoleWrite

Perhaps it's related to the fact it has two underscore at the start of it's name.  Who knows, just a guess.

 

I'm still having problems getting my program started, but I think its related to the way I'm getting the hash, and exiting if anything doesn't come out right.

Link to comment
Share on other sites

Glad to hear it. ^_^

Regarding #forceref; Codescanner currently ignores any line starting with "#" that is not followed by some specific directives such as #cs/#ce; I'll see if I can make an exception for #forceref in the next release.

Regarding  __SQLite_ConsoleWrite, thanks for letting me know; I'll have to investigate why that might be happening.

Edited by RTFC
Link to comment
Share on other sites

I've thought about loading up a webserver, or tying this into our existing webservers for authentication, but in the end it's probably more trouble than its worth (although it would be worth a lot, since then it's exceptionally hard to break!) for my end use of this program (sparingly)

Link to comment
Share on other sites

It does appear there is also a problem with InputBox (but only in compiled exe's!) This is easily tested by Encrypting a simple script:

$temp = Inputbox(0,'put something here')
msgbox(0,'',$temp)

and then running scanner+crypter.  It will run fine as a au3, but when you run as a compiled EXE the inputbox isn't even shown, and then the script easily breaks from there (in this case, just showing that $temp is empty)

Link to comment
Share on other sites

Sorry, kaisies, can't help you there. :( This has got nothing to do with CodeScannerCrypter, but is an AutoIt bug. :huh:

If you compile the example below, it fails just as hard, with the same error 3 (bad arguments):

$temp=Execute("Inputbox(0,'put something here')")
MsgBox(0,@error,@extended)

Edit: I've submitted a bug report for this.

Furthermore regarding the SQLite_Consolewrite issue, have you tried CodeCrypter with the switch "Skip redundant UDF definitions" off (default = on)? You can find this under the Single-Build Tab.

Edited by RTFC
Link to comment
Share on other sites

Sorry, kaisies, can't help you there. :( This has got nothing to do with CodeScannerCrypter, but is an AutoIt bug. :huh:

If you compile the example below, it fails just as hard, with the same error 3 (bad arguments):

$temp=Execute("Inputbox(0,'put something here')")
MsgBox(0,@error,@extended)

Edit: I've submitted a bug report for this.

Furthermore regarding the SQLite_Consolewrite issue, have you tried CodeCrypter with the switch "Skip redundant UDF definitions" off (default = on)? You can find this under the Single-Build Tab.

 

Ouch. That's unfortunate.  I did think of a pretty simple solution though, which is to wrap the inputbox into a function and have that above the #MCFinclude.  Works like a charm.  I only have one inputbox at the [more or less] beginning to have them type in a password (so not everyone can use the program).  Pretty simple.

I'll try running CodeCrypter with that switch off and see what the results are.   It takes a while to scan my code though :D

Link to comment
Share on other sites

Yep, that would work. I see that you are fast becoming a CodeCrypter expert. :graduated:

I think I'll add these solutions of yours as comments in the next release of MCFinclude.au3; other people are bound to run into these issues. Thanks!

Edit: Hmmm, :ermm:  turns out >#forceref is not actually a compiler directive at all, it just looks like one. And since its omission will trigger only a warning from AU3check, I'll have to think about whether it's worth significant investment in time and effort on my part to handle the extra admin to support it... :unsure:

Edited by RTFC
Link to comment
Share on other sites

@kaisies: Okay, I've done some tests on the SQLite_Consolewrite function, and can report that I can find absolutely nothing wrong with it in my test scripts. It's not skipped by CodeScanner or CodeCrypter, and encrypts and performs encrypted without a problem. So the only reason I can think of why it might be missing in your output is because CodeCrypter by default strips all UDFs it reckons are never called, and as mentioned in the FAQ (MCFQA.pdf, first post), it sometimes throws out UDFs that are needed after all (e.g., if they are called indirectly). If this is causing your problem, then the solution I suggested earlier (unchecking the box under Tab SingleBuild) should solve the issue. If not, then I'd need a small reproducer script to analyse.

Link to comment
Share on other sites

For the inputbox issue use this line to fix it.

#pragma compile(inputboxres, true)

The default is false which specifies that you don't include the resources for inputboxes in a compiled script, which saves space if you're not going to be using an inputbox.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites

Hi BrewManNH,

That's great! Thanks a lot for that; looks like I need to read up on #pragma directives.

Much appreciated!

RT

Edited by RTFC
Link to comment
Share on other sites

Been a few days, and finally got some dev time to look into these issues and respond...

@kaisies: Okay, I've done some tests on the SQLite_Consolewrite function, and can report that I can find absolutely nothing wrong with it in my test scripts. It's not skipped by CodeScanner or CodeCrypter, and encrypts and performs encrypted without a problem. So the only reason I can think of why it might be missing in your output is because CodeCrypter by default strips all UDFs it reckons are never called, and as mentioned in the FAQ (MCFQA.pdf, first post), it sometimes throws out UDFs that are needed after all (e.g., if they are called indirectly). If this is causing your problem, then the solution I suggested earlier (unchecking the box under Tab SingleBuild) should solve the issue. If not, then I'd need a small reproducer script to analyse.

 

Interestingly, I have since installed win7 on my main dev box (windows 8 for some reason got REALLY unstable REALLY quickly for some unknown reason), and now running Scanner+Crypter does not generate this issue.  Very odd.  I was running with all strip functions unchecked before (on my win7 laptop, and another win7 box I had around), and it was still  stripping it.  Who knows, chalk it up to computers.

 

For the inputbox issue use this line to fix it.

#pragma compile(inputboxres, true)

The default is false which specifies that you don't include the resources for inputboxes in a compiled script, which saves space if you're not going to be using an inputbox.

 

Thank you, I have implemented this rather than using a wrapping function, just looks cleaner.

Link to comment
Share on other sites

  • 2 weeks later...

hello RTFC . I am a Vietnam and I'm not proficient in the use of English . I used translate.google to be able to talk  on the web ! I have one script and I tried to follow the instructions encoded but can not . Can you help me?

if you can make me one video clip on youtube for guidance at the beginning?

Thank you

Edited by lovev1
Link to comment
Share on other sites

Hello lovev1, and thanks for your question.

I tested your script; Codescanner has no problems with it, and CodeCrypter has no trouble encrypting it. Since your script changes attributes of various files,  runs/closes processes, moves/deletes files and directories, and otherwise interacts with your specific environment, I am not going to test its functionality (it's potentially far too destructive to let it run outside of a virtual machine, and I'm not going to set one up just for this, sorry). You'll have to test that on your own machine.

I'm sorry I cannot provide translations of the instructions/code annotations in other languages. You could try copy/pasting the contents of MCFQA.pdf in Google Translate, but I can't guarantee that what comes out in Vietnamese will make any sense.

You should start, however, by adding this line below your other includes:

#include "MCFinclude.au3"

then place that script in the CodeScannerCrypter subdirectory, run CodeScanner with setting WriteMetaCode on, close CodeScanner whne it's done, start CodeCrypter, load the script, select the options you want, and press Run. With default settings, it will use macro @username as encryption key, so won't run for users with a different @username.

As far as I can tell, your script does not contain any complications that might cause problems for encryption.

Best of luck. :)

Link to comment
Share on other sites

  • 2 weeks later...

Looks you missed to read the forum rules.

Decompilation is an absolute No, no :naughty:

You will not get help on this!

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Task Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki

Standard UDFs:
Excel - Example Scripts - Wiki
Word - Wiki

Tutorials:
ADO - Wiki
WebDriver - Wiki

 

Link to comment
Share on other sites

  • Moderators

@goravgupta, consider this the only warning you'll receive.  Please adhere to the forum rules.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...