CodeCrypter - Encrypt your Script

[radienergos]

actually , right now , i am using a license for the exe (match encrypted hardid then script runs) , so i want just a "protection" for the code

With Au3Stripper (so actually it isn't a problem i guess for scanner/crypter)

for sqlite , first warning (i don't know if it matters or not) is from au3stripper

sqlite.au3(594,1): Warning for line:$iCbRval = Call($sCallBack, $aDataRow) 

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Run_Au3Stripper=y
#Au3Stripper_Parameters=/sf /sv
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <SQLite.au3>
#include <SQLite.dll.au3>

_SQLite_Startup("sqlite3.dll", False, 1)
_SQLite_Open("test.db")
_SQLite_Exec(-1, "CREATE TABLE `customer` ( " & _
        "`cust_id`  INT NOT NULL," & _
        "`cust_lname`   VARCHAR(100) DEFAULT NULL," & _
        "`cust_name`    VARCHAR(50) DEFAULT NULL," & _
        "`cust_address` VARCHAR(100) DEFAULT NULL," & _
        "`cust_phone1`  VARCHAR(10) DEFAULT NULL," & _
        "`cust_phone2`  VARCHAR(10) DEFAULT NULL," & _
        "`cust_date`    VARCHAR(10) DEFAULT NULL," & _
        "PRIMARY KEY(cust_id));")

MsgBox(0, "", "_SQLite_LibVersion=" & _SQLite_LibVersion() & @CRLF)

_SQLite_Close()
_SQLite_Shutdown()

 then i take the _stripped version of above script and from codecrypter (if i use obfs + encryption) i get an 

error: __SQLite_ConsoleWrite(): undefined function.

so i have create a new sqlite.au3 without the console write function and everything seems ok (and fast enough)

 

Without Au3stripper , "mfcinclude.au3" below other includes

PRossecing time = too much if you have a lot of includes (just add winapiex.au3 and you will see )

i don't know if i make a mistake but i got a lot of errors (obfs + encryption)

error: _???????????() previously called with Const and others

so i guess the scanner also adds the includes from mcfinclude and if you have an include which uses aes.au3 or memory.au3 then you get duplicate things 

 

 

 

[RTFC]

20 minutes ago, radienergos said:

error: __SQLite_ConsoleWrite(): undefined function

Maybe this is because SQlite uses callback to define the hookup for its internal consolewrite (and CodeScanner currently does not officially support callback; I may look into this in future). For now I suppose you could try patching this in manually afterwards, if it's desperately needed:

Func __SQLite_ConsoleWrite($sText)
    ConsoleWrite($sText)
EndFunc   ;==>__SQLite_ConsoleWrite

Alternatively, you could uncheck the CodeCrypter Single-Build options "Skip redundant UDF definitions" and "Remove Orphaned Globals and UDFs" (default: checked).

22 minutes ago, radienergos said:

so i guess the scanner also adds the includes from mcfinclude and if you have an include which uses aes.au3 or memory.au3 then you get duplicate things 

Yeah, if you start removing includes and patching UDFs manually, and then stick in new includes, you're likely to run into such duplicate definition issues, if you're not very, very careful. Obviously , MCFinclude.au3 needs to #include AES.au3, and it itself relies on a few subsidiary ones. But if you add these in advance to your meta-include and then remove these #includes in MCFinclude.au3, it should work (CodeScanner produces nice lists to help you do this). However, your set-up sidesteps the various advantageous of a full CodeScanner pass that leaves all #includes as-is, so I would argue that to some extent you're creating these difficulties yourself, just because you consider CodeScanner's generic preprocessing too slow. Well, that's fine, and entirely up to you, of course, but don't hold your breath for me to wave my magic wand and make your troubles disappear. Moreover, I reckon your code may become quite unstable (for example, what happens when a new AutoIt Release comes along with changes in the #includes?).

CodeScanner is relatively slow because it performs a long list of tasks, and generates lots of outputs. The idea was that you finalise your script, do a CodeScanner pass on it once, and thereafter can generate as many dedicated encrypted versions as you desire (with CodeCrypter running much faster than CodeScanner, because MCF is mainly a search-and-replace engine). I haven't encountered scenarios where I had to keep repeating the Scanning part of the process all the time, only the Crypting part. I haven't seen your full script, but I would suggest to aim for a design (if possible) that allows you to achieve a single finalised source (to CodeScan once); at the moment it sounds a bit as if you're generating a new script for each new user, or something. Then again, your reasons/set-up may be perfectly valid. In either case, I cannot resolve this quandary for you.

[radienergos]

6 minutes ago, RTFC said:

Alternatively, you could uncheck the CodeCrypter Single-Build options "Skip redundant UDF definitions" and "Remove Orphaned Globals and UDFs" (default: checked).

1)Yeah, if you start removing includes and patching UDFs manually, and then stick in new includes, you're likely to run into such duplicate definition issues, if you're not very, very careful. Obviously , MCFinclude.au3 needs to #include AES.au3, and it itself relies on a few subsidiary ones. But if you add these in advance to your meta-include and then remove these #includes in MCFinclude.au3, it should work (CodeScanner produces nice lists to help you do this). However, your set-up sidesteps the various advantageous of a full CodeScanner pass that leaves all #includes as-is, so I would argue that to some extent you're creating these difficulties yourself, 2)just because you consider CodeScanner's generic preprocessing too slow. Well, that's fine, and entirely up to you, of course, but don't hold your breath for me to wave my magic wand and make your troubles disappear. Moreover, 3)I reckon your code may become quite unstable (for example, what happens when a new AutoIt Release comes along with changes in the #includes?).

CodeScanner is relatively slow because it performs a long list of tasks, and generates lots of outputs. The idea was that you finalise your script, do a CodeScanner pass on it once, and thereafter can generate as many dedicated encrypted versions as you desire (with CodeCrypter running much faster than CodeScanner, because MCF is mainly a search-and-replace engine). I haven't encountered scenarios where I had to keep repeating the Scanning part of the process all the time, only the Crypting part. I haven't seen your full script, but I would suggest to aim for a design (if possible) that allows you to achieve a single finalised source (to CodeScan once); at the moment it sounds a bit as if you're generating a new script for each new user, or something. Then again, your reasons/set-up may be perfectly valid. In either case, I cannot resolve this quandary for you.

for sqlite 

Global $__g_hPrintCallback_SQLite = "";__SQLite_ConsoleWrite

and from _sqlite_startup 

;If $hPrintCallback = Default Then $hPrintCallback = __SQLite_ConsoleWrite

and it seems ok (well needs test of course) 

(every single build options are unchecked) 

 

if you saw the previous example i had duplicate definition issues because i didn't changed anything from the test script  (sqlite.au3 is standard i think)

(i also tried some combinations of removing memory.au3 from aes , removing aes from mcfinclude and adding to original script etc, maybe i forgot something)

 

and for the bold parts

1)if i understand correctly (my english is not good sorry ) your answer is actually for my first "attempt" (first comment) , where i had added the includes after the scanning. but now i don't do that, i am scanning the stripped script which of course has the consts/functions from includes except the unnecessary ones

2)i don't "accuse" you or anything , neither i want a magic solution , i'm saying that is slow for me (10+ minutes) and the problem is that i don't have i final source , i want to make changes / updating , etc to script(s)

3)i am using right now au3stripper so it doesn't matter if new release make changes (you use au3stripper everytime you make changes to your original script)

 

my only "suggestion" is  to have codescanner , somehow, cooperate with au3stripper

(i don't want you to do that "for me" , i already did it externally, somehow)

 

[RTFC]

@radienergos: please don't get the wrong idea, I wasn't annoyed or trying to be defensive. I just tried to convey that there are no easy solutions for your problem.

The issue here is that CodeScanner/Crypter do not work with Au3stripper because Crypter performs its own stripping pass, based upon its own assessment of what is needed and what is not (which users can partially control as well). That's why there's no ready-made fix for the slowness issue, as CodeScanner assesses everything to start with (it has to, that's its job). If you're going to rely on Au3stripper, I would suggest you use it once (prior to CodeScanning), and use the resulting composite as your template in which to make further edits down the line. That way you keep control over the exclusion of all redundant parts. So remove all includes once (by patching in all the bits in your main script), and never return to the original version with #includes.

As far as the callback construct is concerned, CodeScanner does not currently support this type of "raw" function assignment (I may look into this, actually, so thanks), but it's easily patched in any case.

Edited December 7, 2016 by RTFC

[legend]

something like this would be very useless for using it as encryption key in my opinion:

_WinAPI_UniqueHardwareID(BitOR($UHID_CPU, $UHID_BIOS))

[legend]

On 08/12/2016 at 10:56 PM, legend said:

something like this would be very useless for using it as encryption key in my opinion:

_WinAPI_UniqueHardwareID(BitOR($UHID_CPU, $UHID_BIOS))

I meant useful....

[RTFC]

Yeah, I thought the original remark was a bit odd. Thanks for the amendment.

[Deye]

Hello RTFC & members of the board!,

I've been trying to figure out a couple of things :
* How secure is it to use a static predefined $CCkey[#] 
if  I will be trying to send an hwid value over to a @php -encrypt.script so I can then match the return with _AesDecrypt = predefined $CCkey[#] at runtime

* Looking at the example from: http://php.net/manual/en/function.mcrypt-encrypt.php
Is there a way to adjust this php file (engine) to encrypt a value, so it can then be used with _AesDecrypt()
see:

* I know that I will need to use the $CCkey[#] value in the php file for making the encryption 
Not so sure how safe or where I should host the file or what other ways\layers\adjustments can be made
I have no past experience with these utilities ..

To all :  please share your expertise and advice

Thanks
 

Edited December 17, 2016 by Deye

[RTFC]

@Deye: Hello there.

6 hours ago, Deye said:

* How secure is it to use a static predefined $CCkey[#] 

Not.

This area of MCFinclude can itself only be encrypted with a static key, which means a determined attacker may be able to decrypt these lines (which precede your actual script content), so they can (in a worst-case scenario) figure out *how* you define your key (e.g., through a password query, obtaining a hardware ID, server response, etc). Note that the actual content is not (and cannot) be revealed, as only an "evil maid attack" on a machine running in the sanctioned environment could conceivably be vulnerable in that respect (so anyone copying your exe/script and running it elsewhere will never get useful data out). So if you're thinking of using a HWID, it would make more sense to use that as your key, and define the CCkey entry as a call to a function that directly retrieves that HWID from its runtime environment (or server interaction, or combination). Placing a decryption key raw in $CCkey (rather than using a function call or macro to generate at dynamically at runtime) defeats the purpose of runtime decryption.

6 hours ago, Deye said:

Is there a way to adjust this php file (engine) to encrypt a value

Sorry, can't help you there; I'm a total noob with regard to php (pretty-hopeless-parsing? parrots-helping-people? poignant-but-hapless-punctuation? panting-hush-puppies?)

Edited December 17, 2016 by RTFC

[rootx]

hello I would like to ask you a question, I used your UDF with many of my script without problems, I reported to Avira as false positives and I have confirmed that they do not contain viruses, very well. Now I have a script that is always seen as a virus, you could tell me what it does alert the antivirus you think. Are there any functions or calls that create problems, what do you think about? THX

#include "MCFinclude.au3"
#include <Misc.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <EditConstants.au3>
#include <ListBoxConstants.au3>
#include <GuiListBox.au3>
#include <GuiListView.au3>
#include <MsgBoxConstants.au3>
#include <Array.au3>
#include <File.au3>
#include <FileConstants.au3>
#include <StaticConstants.au3>
#include <GuiImageList.au3>
#include <GuiStatusBar.au3>
#include <WinAPI.au3>
#include <GDIPlus.au3>
#include <Date.au3>
#include <IE.au3>

 

[RTFC]

@rootx: So the way to proceed would be; create a dummy script with these includes and confirm your AV flags it up. Disable all includes and start re-enabling them one by one to identify what parts (there may be multiple, or perhaps it's a combination?) your AV doesn't like. Since you have other encrypted scripts that do not trip up your AV, it's not the decryption engine itself. You may be able to narrow it down to a single UDF (which you may not even need in your app). I've never had false positives myself, so I cannot quickly point the finger at any particular include for you. Alternatively, the problem may lie in your own code (once encrypted); in that case, try disabling large chunks of (inserting immediate returns in UDFs and commenting out the rest) and see what that does. This kind of hunt can actually be quite fun.

 

[rootx]

58 minutes ago, RTFC said:

@rootx: So the way to proceed would be; create a dummy script with these includes and confirm your AV flags it up. Disable all includes and start re-enabling them one by one to identify what parts (there may be multiple, or perhaps it's a combination?) your AV doesn't like. Since you have other encrypted scripts that do not trip up your AV, it's not the decryption engine itself. You may be able to narrow it down to a single UDF (which you may not even need in your app). I've never had false positives myself, so I cannot quickly point the finger at any particular include for you. Alternatively, the problem may lie in your own code (once encrypted); in that case, try disabling large chunks of (inserting immediate returns in UDFs and commenting out the rest) and see what that does. This kind of hunt can actually be quite fun.

 

Thanks for your time, I will try

[rootx]

I need help please, I write this code and work, but.... Windows crash if I use encrypt mode. I used option 4 in sigle key id with the name of the script  .exe. I give all you all files I used in this script. THX

PS: I can't upload the files in the post, I'm not sure why but I put them here https://ufile.io/affb

Edited March 30, 2017 by rootx

[RTFC]

@rootx: I've tested your script files (thanks) but both backtranslated and encrypted it works fine on my machine, so I would suggest you take a closer look at your own environment.

[rootx]

I try  but same error at line 828  _JSONIsNull($vv), I think something is wrong with JSON parsing, I uploaded all file and the script. I hope you can see it. Thank you for your time.

https://ufile.io/5a88b1

[RTFC]

Sorry rootx, but that just isn't good enough. As I explained in the FAQ and several times in this thread, in order for me to help you I expect you to do your homework first. That means you have to first narrow down the problem to a reproducer script of a few dozen lines at most, by systematically changing ever smaller sections of your code between encrypted and unencrypted state.  Most of the time, a single function call or statement will turn out to be the problem (your latest post suggests something along those lines, so test your assumption, and if correct, write a tiny reproducer script. I'm not going to download any more extensive, customised environments (especially when these include other files by third parties). Your test script should be stand-alone (you can add a single small(!) dummy data file to illustrate what is going wrong if absolutely necessary). I will also not allow test scripts in my test environment to access the internet, system/OS functionality, or any file outside of its own work directory (other than legitimate AutoIt #includes), so you'll have to find a way to reproduce your error without me having to download youtube videos (or whatever you were trying to achieve).

I'm perfectly happy to help people by fixing bugs in my scripts if I can, but I will simply ignore those that just dump their environment at my door at the first sign of trouble, without showing they have put in the effort to figure out where the issue resides. Did you do a Backtranslation first (see FAQ)? Did you switch of string encryption separately (see FAQ)? Did you switch off encryption for individual UDFs (see FAQ)? Did you try other types of partial encryption (see FAQ)? What test scripts have you written to figure out where the problem lies?

These days I can only spend a very limited amount of time on the forum and on solving issues like yours. That means that the onus for preparing the groundwork is on you.

[Deye]

Hi RTFC,

With some help I got from Melba Here

I have added to the "Encryptable Code Sections" GUI a filter where you can easily find the functions you want as selected
It was real eye pain for me to find the functions I needed ,and so ..
Hope you don't mind me sharing the edits I have included in with codecrypter-mod.au3

Thanks

Edited April 19, 2017 by Deye

[RTFC]

Hey Deye, that's great! First time ever someone published a mod for one of my scripts. Glad to hear you find CodeCrypter useful, and apologies for the original list of encryptable sections not being satsifactory. When I have a spare moment, I'll have a good look at your amendation and see if (with your permission of course; I presume you'd have no objection) I can incorporate it into the next release (this may be a while though; just started a new project and I'm slightly drowning at the moment). In the meantime, thanks a lot for sharing.

[Deye]

HI RTFC, 

A small question :
What execute command can you recommend to detect if the $CCkey[#] criterion isn't met
For example: I'll use :

If @ScriptName <> "My_script.exe" Then Exit MsgBox(0, 'Error', "Component name or key is incorrect")

meaning, only "My_script.exe" needs to be in an encrypted form, leaving the other parts of the line none encrypted, so with the wrong decryption this line still survives ..
So I didn't yet get an idea how to pull "My_script.exe" in encrypted form .. As the _MCFCC strings are entirely one liners

TIA
 

[RTFC]

Hi Deye,

Sorry for the delay in replying; too many plates to keep spinning in the air at the moment; (also deeply ashamed to admit I still haven't studied your mod in detail either ). Okay, so I gather your underlying aim is to provide the user with a graceful exit message rather than just crashing in a non-sanctioned environment. Rather than your somewhat complicated setup, I would suggest you create a simple hashing function of the CCkey(s) you're using, place it above _MCFCC_Init, and call it inside _MCFCC_Init, below the CCkey array definitions. So for example, if encrypting with $CCkey[3]=@UserName, obtain the MD5 hash of @userName and insert it in your check function. That way the contents of the key(s) is/are still secure, but you can check whether they contain what you expect, and perform a graceful exit if not.