Jump to content
RTFC

CodeCrypter - Encrypt your Script

Recommended Posts

actually , right now , i am using a license for the exe (match encrypted hardid then script runs) , so i want just a "protection" for the code

With Au3Stripper (so actually it isn't a problem i guess for scanner/crypter)

for sqlite , first warning (i don't know if it matters or not) is from au3stripper

sqlite.au3(594,1): Warning for line:$iCbRval = Call($sCallBack, $aDataRow) 

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Run_Au3Stripper=y
#Au3Stripper_Parameters=/sf /sv
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <SQLite.au3>
#include <SQLite.dll.au3>

_SQLite_Startup("sqlite3.dll", False, 1)
_SQLite_Open("test.db")
_SQLite_Exec(-1, "CREATE TABLE `customer` ( " & _
        "`cust_id`  INT NOT NULL," & _
        "`cust_lname`   VARCHAR(100) DEFAULT NULL," & _
        "`cust_name`    VARCHAR(50) DEFAULT NULL," & _
        "`cust_address` VARCHAR(100) DEFAULT NULL," & _
        "`cust_phone1`  VARCHAR(10) DEFAULT NULL," & _
        "`cust_phone2`  VARCHAR(10) DEFAULT NULL," & _
        "`cust_date`    VARCHAR(10) DEFAULT NULL," & _
        "PRIMARY KEY(cust_id));")

MsgBox(0, "", "_SQLite_LibVersion=" & _SQLite_LibVersion() & @CRLF)

_SQLite_Close()
_SQLite_Shutdown()

 then i take the _stripped version of above script and from codecrypter (if i use obfs + encryption) i get an 

error: __SQLite_ConsoleWrite(): undefined function.

so i have create a new sqlite.au3 without the console write function and everything seems ok (and fast enough)

 

Without Au3stripper , "mfcinclude.au3" below other includes

PRossecing time = too much if you have a lot of includes (just add winapiex.au3 and you will see :) )

i don't know if i make a mistake but i got a lot of errors (obfs + encryption)

error: _???????????() previously called with Const and others

so i guess the scanner also adds the includes from mcfinclude and if you have an include which uses aes.au3 or memory.au3 then you get duplicate things 

 

 

 

Share this post


Link to post
Share on other sites
20 minutes ago, radienergos said:

error: __SQLite_ConsoleWrite(): undefined function

Maybe this is because SQlite uses callback to define the hookup for its internal consolewrite (and CodeScanner currently does not officially support callback; I may look into this in future:huh2:). For now I suppose you could try patching this in manually afterwards, if it's desperately needed:

Func __SQLite_ConsoleWrite($sText)
    ConsoleWrite($sText)
EndFunc   ;==>__SQLite_ConsoleWrite

Alternatively, you could uncheck the CodeCrypter Single-Build options "Skip redundant UDF definitions" and "Remove Orphaned Globals and UDFs" (default: checked).

22 minutes ago, radienergos said:

so i guess the scanner also adds the includes from mcfinclude and if you have an include which uses aes.au3 or memory.au3 then you get duplicate things 

Yeah, if you start removing includes and patching UDFs manually, and then stick in new includes, you're likely to run into such duplicate definition issues, if you're not very, very careful.:mellow: Obviously , MCFinclude.au3 needs to #include AES.au3, and it itself relies on a few subsidiary ones. But if you add these in advance to your meta-include and then remove these #includes in MCFinclude.au3, it should work (CodeScanner produces nice lists to help you do this). However, your set-up sidesteps the various advantageous of a full CodeScanner pass that leaves all #includes as-is, so I would argue that to some extent you're creating these difficulties yourself, just because you consider CodeScanner's generic preprocessing too slow. Well, that's fine, and entirely up to you, of course, but don't hold your breath for me to wave my magic wand and make your troubles disappear.;) Moreover, I reckon your code may become quite unstable (for example, what happens when a new AutoIt Release comes along with changes in the #includes?).

CodeScanner is relatively slow because it performs a long list of tasks, and generates lots of outputs. The idea was that you finalise your script, do a CodeScanner pass on it once, and thereafter can generate as many dedicated encrypted versions as you desire (with CodeCrypter running much faster than CodeScanner, because MCF is mainly a search-and-replace engine). I haven't encountered scenarios where I had to keep repeating the Scanning part of the process all the time, only the Crypting part. I haven't seen your full script, but I would suggest to aim for a design (if possible) that allows you to achieve a single finalised source (to CodeScan once); at the moment it sounds a bit as if you're generating a new script for each new user, or something.:think: Then again, your reasons/set-up may be perfectly valid. In either case, I cannot resolve this quandary for you.

Share this post


Link to post
Share on other sites
6 minutes ago, RTFC said:

Alternatively, you could uncheck the CodeCrypter Single-Build options "Skip redundant UDF definitions" and "Remove Orphaned Globals and UDFs" (default: checked).

1)Yeah, if you start removing includes and patching UDFs manually, and then stick in new includes, you're likely to run into such duplicate definition issues, if you're not very, very careful.:mellow: Obviously , MCFinclude.au3 needs to #include AES.au3, and it itself relies on a few subsidiary ones. But if you add these in advance to your meta-include and then remove these #includes in MCFinclude.au3, it should work (CodeScanner produces nice lists to help you do this). However, your set-up sidesteps the various advantageous of a full CodeScanner pass that leaves all #includes as-is, so I would argue that to some extent you're creating these difficulties yourself, 2)just because you consider CodeScanner's generic preprocessing too slow. Well, that's fine, and entirely up to you, of course, but don't hold your breath for me to wave my magic wand and make your troubles disappear.;) Moreover, 3)I reckon your code may become quite unstable (for example, what happens when a new AutoIt Release comes along with changes in the #includes?).

CodeScanner is relatively slow because it performs a long list of tasks, and generates lots of outputs. The idea was that you finalise your script, do a CodeScanner pass on it once, and thereafter can generate as many dedicated encrypted versions as you desire (with CodeCrypter running much faster than CodeScanner, because MCF is mainly a search-and-replace engine). I haven't encountered scenarios where I had to keep repeating the Scanning part of the process all the time, only the Crypting part. I haven't seen your full script, but I would suggest to aim for a design (if possible) that allows you to achieve a single finalised source (to CodeScan once); at the moment it sounds a bit as if you're generating a new script for each new user, or something.:think: Then again, your reasons/set-up may be perfectly valid. In either case, I cannot resolve this quandary for you.

for sqlite 

Global $__g_hPrintCallback_SQLite = "";__SQLite_ConsoleWrite

and from _sqlite_startup 

;If $hPrintCallback = Default Then $hPrintCallback = __SQLite_ConsoleWrite

and it seems ok (well needs test of course) 

(every single build options are unchecked) 

 

if you saw the previous example i had duplicate definition issues because i didn't changed anything from the test script  (sqlite.au3 is standard i think)

(i also tried some combinations of removing memory.au3 from aes , removing aes from mcfinclude and adding to original script etc, maybe i forgot something)

 

and for the bold parts

1)if i understand correctly (my english is not good sorry :) ) your answer is actually for my first "attempt" (first comment) , where i had added the includes after the scanning. but now i don't do that, i am scanning the stripped script which of course has the consts/functions from includes except the unnecessary ones

2)i don't "accuse" you or anything :) , neither i want a magic solution , i'm saying that is slow for me (10+ minutes) and the problem is that i don't have i final source , i want to make changes / updating , etc to script(s)

3)i am using right now au3stripper so it doesn't matter if new release make changes (you use au3stripper everytime you make changes to your original script)

 

my only "suggestion" is  to have codescanner , somehow, cooperate with au3stripper

(i don't want you to do that "for me" , i already did it externally, somehow)

 

Share this post


Link to post
Share on other sites

@radienergos: please don't get the wrong idea, I wasn't annoyed or trying to be defensive.:) I just tried to convey that there are no easy solutions for your problem.

The issue here is that CodeScanner/Crypter do not work with Au3stripper because Crypter performs its own stripping pass, based upon its own assessment of what is needed and what is not (which users can partially control as well). That's why there's no ready-made fix for the slowness issue, as CodeScanner assesses everything to start with (it has to, that's its job). If you're going to rely on Au3stripper, I would suggest you use it once (prior to CodeScanning), and use the resulting composite as your template in which to make further edits down the line. That way you keep control over the exclusion of all redundant parts. So remove all includes once (by patching in all the bits in your main script), and never return to the original version with #includes.

As far as the callback construct is concerned, CodeScanner does not currently support this type of "raw" function assignment (I may look into this, actually, so thanks;)), but it's easily patched in any case.

Edited by RTFC

Share this post


Link to post
Share on other sites

something like this would be very useless for using it as encryption key in my opinion:

_WinAPI_UniqueHardwareID(BitOR($UHID_CPU, $UHID_BIOS))

Share this post


Link to post
Share on other sites
On 08/12/2016 at 10:56 PM, legend said:

something like this would be very useless for using it as encryption key in my opinion:

_WinAPI_UniqueHardwareID(BitOR($UHID_CPU, $UHID_BIOS))

I meant useful.... :)

Share this post


Link to post
Share on other sites

Hello RTFC & members of the board!,

I've been trying to figure out a couple of things :
* How secure is it to use a static predefined $CCkey[#] 
if  I will be trying to send an hwid value over to a @php -encrypt.script so I can then match the return with _AesDecrypt = predefined $CCkey[#] at runtime

* Looking at the example from: http://php.net/manual/en/function.mcrypt-encrypt.php
Is there a way to adjust this php file (engine) to encrypt a value, so it can then be used with _AesDecrypt()
see:

* I know that I will need to use the $CCkey[#] value in the php file for making the encryption 
Not so sure how safe or where I should host the file or what other ways\layers\adjustments can be made
I have no past experience with these utilities ..

To all :  please share your expertise and advice

Thanks
 

Edited by Deye

Share this post


Link to post
Share on other sites

@Deye: Hello there.:bye:

6 hours ago, Deye said:

* How secure is it to use a static predefined $CCkey[#] 

Not.:mellow:

This area of MCFinclude can itself only be encrypted with a static key, which means a determined attacker may be able to decrypt these lines (which precede your actual script content), so they can (in a worst-case scenario) figure out *how* you define your key (e.g., through a password query, obtaining a hardware ID, server response, etc). Note that the actual content is not (and cannot) be revealed, as only an "evil maid attack" on a machine running in the sanctioned environment could conceivably be vulnerable in that respect (so anyone copying your exe/script and running it elsewhere will never get useful data out). So if you're thinking of using a HWID, it would make more sense to use that as your key, and define the CCkey entry as a call to a function that directly retrieves that HWID from its runtime environment (or server interaction, or combination). Placing a decryption key raw in $CCkey (rather than using a function call or macro to generate at dynamically at runtime) defeats the purpose of runtime decryption.

6 hours ago, Deye said:

Is there a way to adjust this php file (engine) to encrypt a value

:idiot: Sorry, can't help you there; I'm a total noob with regard to php (pretty-hopeless-parsing? parrots-helping-people? poignant-but-hapless-punctuation? panting-hush-puppies?):blink:

Edited by RTFC

Share this post


Link to post
Share on other sites

hello I would like to ask you a question, I used your UDF with many of my script without problems, I reported to Avira as false positives and I have confirmed that they do not contain viruses, very well. Now I have a script that is always seen as a virus, you could tell me what it does alert the antivirus you think. Are there any functions or calls that create problems, what do you think about? THX

#include "MCFinclude.au3"
#include <Misc.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <EditConstants.au3>
#include <ListBoxConstants.au3>
#include <GuiListBox.au3>
#include <GuiListView.au3>
#include <MsgBoxConstants.au3>
#include <Array.au3>
#include <File.au3>
#include <FileConstants.au3>
#include <StaticConstants.au3>
#include <GuiImageList.au3>
#include <GuiStatusBar.au3>
#include <WinAPI.au3>
#include <GDIPlus.au3>
#include <Date.au3>
#include <IE.au3>

 

Share this post


Link to post
Share on other sites

@rootx: So the way to proceed would be; create a dummy script with these includes and confirm your AV flags it up. Disable all includes and start re-enabling them one by one to identify what parts (there may be multiple, or perhaps it's a combination?) your AV doesn't like. Since you have other encrypted scripts that do not trip up your AV, it's not the decryption engine itself. You may be able to narrow it down to a single UDF (which you may not even need in your app). I've never had false positives myself, so I cannot quickly point the finger at any particular include for you. Alternatively, the problem may lie in your own code (once encrypted); in that case, try disabling large chunks of (inserting immediate returns in UDFs and commenting out the rest) and see what that does. This kind of hunt can actually be quite fun.:)

 

Share this post


Link to post
Share on other sites
58 minutes ago, RTFC said:

@rootx: So the way to proceed would be; create a dummy script with these includes and confirm your AV flags it up. Disable all includes and start re-enabling them one by one to identify what parts (there may be multiple, or perhaps it's a combination?) your AV doesn't like. Since you have other encrypted scripts that do not trip up your AV, it's not the decryption engine itself. You may be able to narrow it down to a single UDF (which you may not even need in your app). I've never had false positives myself, so I cannot quickly point the finger at any particular include for you. Alternatively, the problem may lie in your own code (once encrypted); in that case, try disabling large chunks of (inserting immediate returns in UDFs and commenting out the rest) and see what that does. This kind of hunt can actually be quite fun.:)

 

Thanks for your time, I will try

Share this post


Link to post
Share on other sites

I need help please, I write this code and work, but.... Windows crash if I use encrypt mode. I used option 4 in sigle key id with the name of the script  .exe. I give all you all files I used in this script. THX

PS: I can't upload the files in the post, I'm not sure why but I put them here https://ufile.io/affb

x.jpg

Edited by rootx

Share this post


Link to post
Share on other sites

@rootx: I've tested your script files (thanks) but both backtranslated and encrypted it works fine on my machine, so I would suggest you take a closer look at your own environment.

Share this post


Link to post
Share on other sites

Sorry rootx, but that just isn't good enough.:angry: As I explained in the FAQ and several times in this thread, in order for me to help you I expect you to do your homework first. That means you have to first narrow down the problem to a reproducer script of a few dozen lines at most, by systematically changing ever smaller sections of your code between encrypted and unencrypted state.  Most of the time, a single function call or statement will turn out to be the problem (your latest post suggests something along those lines, so test your assumption, and if correct, write a tiny reproducer script. I'm not going to download any more extensive, customised environments (especially when these include other files by third parties). Your test script should be stand-alone (you can add a single small(!) dummy data file to illustrate what is going wrong if absolutely necessary). I will also not allow test scripts in my test environment to access the internet, system/OS functionality, or any file outside of its own work directory (other than legitimate AutoIt #includes), so you'll have to find a way to reproduce your error without me having to download youtube videos (or whatever you were trying to achieve).

I'm perfectly happy to help people by fixing bugs in my scripts if I can, but I will simply ignore those that just dump their environment at my door at the first sign of trouble, without showing they have put in the effort to figure out where the issue resides. Did you do a Backtranslation first (see FAQ)? Did you switch of string encryption separately (see FAQ)? Did you switch off encryption for individual UDFs (see FAQ)? Did you try other types of partial encryption (see FAQ)? What test scripts have you written to figure out where the problem lies?

These days I can only spend a very limited amount of time on the forum and on solving issues like yours. That means that the onus for preparing the groundwork is on you.

Share this post


Link to post
Share on other sites

Hi RTFC,

With some help I got from Melba Here

I have added to the "Encryptable Code Sections" GUI a filter where you can easily find the functions you want as selected
It was real eye pain for me to find the functions I needed ,and so ..
Hope you don't mind me sharing the edits I have included in with codecrypter-mod.au3

Thanks

Edited by Deye

Share this post


Link to post
Share on other sites

Hey Deye, that's great! :) First time ever someone published a mod for one of my scripts.:thumbsup: Glad to hear you find CodeCrypter useful, and apologies for the original list of encryptable sections not being satsifactory. When I have a spare moment, I'll have a good look at your amendation and see if (with your permission of course; I presume you'd have no objection) I can incorporate it into the next release (this may be a while though;:( just started a new project and I'm slightly drowning at the moment). In the meantime, thanks a lot for sharing.

Share this post


Link to post
Share on other sites

HI RTFC, 

A small question :
What execute command can you recommend to detect if the $CCkey[#] criterion isn't met
For example: I'll use :

If @ScriptName <> "My_script.exe" Then Exit MsgBox(0, 'Error', "Component name or key is incorrect")


meaning, only "My_script.exe" needs to be in an encrypted form, leaving the other parts of the line none encrypted, so with the wrong decryption this line still survives ..
So I didn't yet get an idea how to pull "My_script.exe" in encrypted form .. As the _MCFCC strings are entirely one liners

TIA
 

Share this post


Link to post
Share on other sites

Hi Deye,

Sorry for the delay in replying; too many plates to keep spinning in the air at the moment;:sweating: (also deeply ashamed to admit I still haven't studied your mod in detail either :>). Okay, so I gather your underlying aim is to provide the user with a graceful exit message rather than just crashing in a non-sanctioned environment. Rather than your somewhat complicated setup, I would suggest you create a simple hashing function of the CCkey(s) you're using, place it above _MCFCC_Init, and call it inside _MCFCC_Init, below the CCkey array definitions. So for example, if encrypting with $CCkey[3]=@UserName, obtain the MD5 hash of @userName and insert it in your check function. That way the contents of the key(s) is/are still secure, but you can check whether they contain what you expect, and perform a graceful exit if not.;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By RTFC
      The CodeScannerCrypterBundle (ca. 2.5 MB unzipped) contains the following UDFs and utilities:
      CodeScanner: analyse AutoIt script structure and content, identify potential issues, generate MCF data files CodeCrypter: front-end GUI for the MCF library, for script encryption (without storing the decryption key(s) in the script!) MetaCodeFile UDF (MCF library): for analysis and user-defined alterations of AutoIt script structure and content MCFinclude.au3: #include this UDF in any AutoIt script that you wish CodeCrypter to process AES.au3, by Ward; machine code UDF for AES encryption (32-bit, patched version) CryptoNG, by TheXman; encryption UDF using Bcrypt dll calls (32/64-bit; various algorithms) StoreCCprofile.au3/readCSdatadump.au3/helloworld.au3: auxiliary utilities and example script HowToCodeCrypt.pdf: a simple guide in five steps CodeCrypterFAQ.pdf: questions and answers, partly based upon exchanges in the CodeCrypter thread. Please follow the links for additional information.
    • By TheXman
      Encryption / Decryption / Hashing
      Purpose
      Cryptography API: Next Generation (CNG) is Microsoft's long-term replacement for their CryptoAPI.  CNG is designed to be extensible at many levels and cryptography agnostic in behavior.  Although the Crypt.au3 UDF that is installed with AutoIt3 still works perfectly, the advapi32.dll functions that it uses have been deprecated.  This UDF was created to offer a replacement for the deprecated functions.  According to Microsoft, deprecated functions may be removed in future release.  Therefore, this UDF will be available when/if that happens.
      Description
      This UDF implements some of Microsoft's Cryptography API: Next Generation (CNG) Win32 API functions.  In its initial release, it implements functions to encrypt text & files, decrypt text and files, generate hashes, and the Password-Based Key Derivation Function 2 (PBKDF2) function.  The UDF can implement any of the encryption/decryption algorithms or hashing algorithms that are installed on the PC in which it is running.  Most, if not all, of the values that you would commonly use to specify that desired algorithms, key bit lengths, and other magic number type values, are already defined as constants or enums in the UDF file.
      To flatten the learning curve, there is an example file that shows examples of all of the major functionality.  This example file is not created to be an exhaustive set of how to implement each feature and parameter.  It is designed to give you a template or guide to help you hit the ground running in terms of using the functions.  I have tried to fully document the headers of all of the functions as well as the code within the functions themselves.    As of v1.4.0, there is also a Help file that includes all of the functions, with examples.
      Current UDF Functions
      _CryptoNG_3DES_CBC_DecryptData _CryptoNG_3DES_CBC_DecryptFile _CryptoNG_3DES_CBC_EncryptData _CryptoNG_3DES_CBC_EncryptFile _CryptoNG_AES_CBC_DecryptData _CryptoNG_AES_CBC_DecryptFile _CryptoNG_AES_CBC_EncryptData _CryptoNG_AES_CBC_EncryptFile _CryptoNG_CreateRSAKeyPair _CryptoNG_DecryptData _CryptoNG_DecryptFile _CryptoNG_EncryptData _CryptoNG_EncryptFile _CryptoNG_EnumAlgorithms _CryptoNG_EnumRegisteredProviders _CryptoNG_GenerateRandom _CryptoNG_HashData _CryptoNG_HashFile _CryptoNG_LastErrorMessage _CryptoNG_PBKDF2 _CryptoNG_Version  
      Related Links
      Cryptography API: Next Generation - Main Page
      Cryptography API: Next Generation - Reference
      Cryptography API: Next Generation - Primitives
      Cryptography API: Next Generation - Cryptographic Algorithm Providers
    • By RTFC
      MetaCode offers a way to:
      separate a script's structure from its content remove all redundant definitions (globals and UDFs) change any content (and some structure) combine (new) structure and (new) content into a new script The most useful applications implemented so far are:
      Fast language translation (not just text strings, also variable names and UDF names) Obfuscation (vars and/or UDFs) Script Encryption (conditionals, calls, and macros) Encryption is powerful because the key is not stored anywhere; you can define it to be a user password, macro, environment spec/variable, server response, something you define yourself, or a combination thereof; anything goes, as long as it's not a fixed string or fixed value. More info in the CodeCrypter thread: ?do=embed' frameborder='0' data-embedContent>'?do=embed' frameborder='0' data-embedContent>>
      ?do=embed' frameborder='0' data-embedContent>
      But MetaCode has more potential than that; it allows you to tinker with any type of content separately, then rebuild a new version. So for example, you can have a single script structure and numerous different language modules you just plug in to create a new version in a different language.
      A brief Tutorial is here: MetaCode Tutorial.pdf
      The MCF library itself can be found in the CodeScannerCrypter bundle.
      And a little example how to use it for translating your GUI into a different language:
       UI_Translator.7z (new version that should work with the new version of Google Translate, see post #13 below)
       
       
      MCF.au3 is just the library plus the MCFinclude.au3 file you need to include in any script you wish to encrypt.
      There is no GUI here. However, I did write a separate front-end for it called CodeCrypter, which you can find here:
      ?do=embed' frameborder='0' data-embedContent>'?do=embed' frameborder='0' data-embedContent>>
      ?do=embed' frameborder='0' data-embedContent>
      MCF uses output generated by my CodeScanner version 2.8+, which you can find here:
      '?do=embed' frameborder='0' data-embedContent>>
      CodeScanner also depends on MCF.au3 now, as it can now call a few of its functions.
      I should also mention Ward's excellent AES.au3 UDFs used for the encryption and decryption calls,  which is now included in the CodeScannerCrypter bundle (thanks to Ward for allowing to include it). You can find the original (unpatched) version here:
      '?do=embed' frameborder='0' data-embedContent>>
      Note: you can replace the encryption/decryption calls with whatever algorithm you like (hint: the native <Crypt.au3> library is too slow for most purposes, better stick to machine code routines)
      So just to be clear:
      CodeScanner (v2.8+) needs MCF (earlier versions won't work!) CodeCrypter needs MCF (plus anything that MCF needs) MCF itself needs MCFinclude (part of MCF zip) MCF also needs readCSdatadump (part of the CodeScanner package, you need the latest version packaged with CodeScanner v2.8; earlier versions won't work!) both MCF and MCFinclude currently rely on AES.au3 by Ward So you basically need to download the whole bundle for any of it to work.
       
      If you have any questions, please start by reading the MCF Tutorial and the CodeCrypter FAQ (you can download the latter separately from the CodeCrypter thread).
      Next, read the extensive Remarks sections in MCF.au3, MCFinclude.au3, and CodeCrypter.au3
      If still no joy, then please post. However, I'm not online that often, and logged in to the forum even less, so response may take a while).
      RT
×
×
  • Create New...