Jump to content
RTFC

CodeCrypter - Encrypt your Script

Recommended Posts

Thanks for posting your test code. I'll have a look at it, and see if I can figure out why it's not working for you. I hope it's something simple, but I won't be able to tell until I've gotten my hands dirty myself. Thanks for your efforts in any case.

BTW, forgot in my previous post to thank you for reporting on Win8 issues. Unfortunately, I don't have any machines with Win8 OS versions, and will likely skip straight to Win10 anyway. So it might be a long time before I can determine what the problem might be in that OS.

Edited by RTFC

Share this post


Link to post
Share on other sites

Alrighty, I'm happy to report that you made a classic mistake, :P which is trivial to fix.

Let me give you a hint by way of a question; how carefully did you read my comments immediately below the line

#endregion Encryption2 in MCFinclude.au3? More specifically, the last two lines of this first paragraph:

; Anything below this region will be encrypted twice (when nested encryption is set):
;1) runtime-encryption using your selected keytype, itself nested inside:
;  2) a fixed-key encryption (using the contents of $CCkey[0] as key)
; If nested encryption is disabled, anything below this region will be encrypted with
;       runtime-encryption using your selected keytype.

Now think about where you placed your hashing functions. Do you see the problem here? You've placed the function that generates your runtime decryption key inside the region that is itself encrypted with the very key it is supposed to generate; an ever so slightly circular argument. :lol:

So it's easily fixed, by placing your hashing functions anywhere above _MCFCC_Init(). Anywhere within #endregion Encryption2 will do; its contents will then be encrypted with the additional fixed encryption key, which is available at startup. Now, a determined hacker may stilll be able to reverse-engineer your hashing function itself, but as long as its inputs are extracted from the runtime environment outside of the script/exe, that won't matter, because those data are never stored inside the programme. So as long as the proverbial hacker can only steal the exe, and has no permanent access to the full environment from which they stole it (to run a dynamic debugger there), your code is safe.

In my test environment your hash function decrypts without a hitch. Please let me know if you encounter additional problems.

RT B)

Edited by RTFC

Share this post


Link to post
Share on other sites

@kaisies: a little addendum (feeling generous this morning) :)

For your automation needs, it's worth mentioning that CodeScanner (not Crypter) can also handle encryption, and can be controlled by cmdline switches. The only drawback is that the current version does not have a switch (yet) for skipping the scanning part, but this is just two calls in the cmdline section that you would have to disable:

_AnalyseCode()          ; run the engine
        _WriteCSDataDump($fulldump) ; dump CS data

At some point I'll update the bundle again, and the next version of CodeScanner will have a switch (/x) to skip scanning and just encrypt with your chosen encryption settings.

Secondly, if the code is to be tied to a specific physical location, then you may be able to get away with implementing a single encryption if you have an internet server running 24/7. In that case, you could let your encrption function send machine- or other specs to your server, your server matches those against the WAN IP it is supposed to come from (or some other transmission feature that it does not explicitly send, but is unique), and if so, sends back some other data specific to the target location that your code uses together with other data specific to that particular environment (that it has not sent) to generate the universal hash used as decryption key. But this may be too complicated or unfeasible (due to DHCP, for example); dunno, just thinking out loud. :geek:

Edited by RTFC

Share this post


Link to post
Share on other sites

Hah! after moving the hash function to the correct section, it is now working..

I do notice two things:

When using UDF's with #forceref <var> and obfuscate, the <var> does not change to the obfuscate'd var name.  Is there a option i'm missing?

Also, when running codescanner+crypter, one of them likes to leave out the __SQLite_ConsoleWrite, it doesn't obfuscate or encrypt anything related to it, so I've just been manually copying the function back into the final au3.

; #INTERNAL_USE_ONLY# ===========================================================================================================
; Name...........: __SQLite_ConsoleWrite
; Description ...: write an ANSI or UNICODE String to Console
; Syntax.........: __SQLite_ConsoleWrite ( $sText )
; Parameters ....: $sText - Unicode String
; Return values .: none
; Author ........: jchd
; Modified.......: jpm
; ===============================================================================================================================
Func __SQLite_ConsoleWrite($sText)
    ConsoleWrite($sText)
EndFunc   ;==>__SQLite_ConsoleWrite

Perhaps it's related to the fact it has two underscore at the start of it's name.  Who knows, just a guess.

 

I'm still having problems getting my program started, but I think its related to the way I'm getting the hash, and exiting if anything doesn't come out right.

Share this post


Link to post
Share on other sites

Glad to hear it. ^_^

Regarding #forceref; Codescanner currently ignores any line starting with "#" that is not followed by some specific directives such as #cs/#ce; I'll see if I can make an exception for #forceref in the next release.

Regarding  __SQLite_ConsoleWrite, thanks for letting me know; I'll have to investigate why that might be happening.

Edited by RTFC

Share this post


Link to post
Share on other sites

I've thought about loading up a webserver, or tying this into our existing webservers for authentication, but in the end it's probably more trouble than its worth (although it would be worth a lot, since then it's exceptionally hard to break!) for my end use of this program (sparingly)

Share this post


Link to post
Share on other sites

It does appear there is also a problem with InputBox (but only in compiled exe's!) This is easily tested by Encrypting a simple script:

$temp = Inputbox(0,'put something here')
msgbox(0,'',$temp)

and then running scanner+crypter.  It will run fine as a au3, but when you run as a compiled EXE the inputbox isn't even shown, and then the script easily breaks from there (in this case, just showing that $temp is empty)

Share this post


Link to post
Share on other sites

Sorry, kaisies, can't help you there. :( This has got nothing to do with CodeScannerCrypter, but is an AutoIt bug. :huh:

If you compile the example below, it fails just as hard, with the same error 3 (bad arguments):

$temp=Execute("Inputbox(0,'put something here')")
MsgBox(0,@error,@extended)

Edit: I've submitted a bug report for this.

Furthermore regarding the SQLite_Consolewrite issue, have you tried CodeCrypter with the switch "Skip redundant UDF definitions" off (default = on)? You can find this under the Single-Build Tab.

Edited by RTFC

Share this post


Link to post
Share on other sites

Sorry, kaisies, can't help you there. :( This has got nothing to do with CodeScannerCrypter, but is an AutoIt bug. :huh:

If you compile the example below, it fails just as hard, with the same error 3 (bad arguments):

$temp=Execute("Inputbox(0,'put something here')")
MsgBox(0,@error,@extended)

Edit: I've submitted a bug report for this.

Furthermore regarding the SQLite_Consolewrite issue, have you tried CodeCrypter with the switch "Skip redundant UDF definitions" off (default = on)? You can find this under the Single-Build Tab.

 

Ouch. That's unfortunate.  I did think of a pretty simple solution though, which is to wrap the inputbox into a function and have that above the #MCFinclude.  Works like a charm.  I only have one inputbox at the [more or less] beginning to have them type in a password (so not everyone can use the program).  Pretty simple.

I'll try running CodeCrypter with that switch off and see what the results are.   It takes a while to scan my code though :D

Share this post


Link to post
Share on other sites

Yep, that would work. I see that you are fast becoming a CodeCrypter expert. :graduated:

I think I'll add these solutions of yours as comments in the next release of MCFinclude.au3; other people are bound to run into these issues. Thanks!

Edit: Hmmm, :ermm:  turns out >#forceref is not actually a compiler directive at all, it just looks like one. And since its omission will trigger only a warning from AU3check, I'll have to think about whether it's worth significant investment in time and effort on my part to handle the extra admin to support it... :unsure:

Edited by RTFC

Share this post


Link to post
Share on other sites

@kaisies: Okay, I've done some tests on the SQLite_Consolewrite function, and can report that I can find absolutely nothing wrong with it in my test scripts. It's not skipped by CodeScanner or CodeCrypter, and encrypts and performs encrypted without a problem. So the only reason I can think of why it might be missing in your output is because CodeCrypter by default strips all UDFs it reckons are never called, and as mentioned in the FAQ (MCFQA.pdf, first post), it sometimes throws out UDFs that are needed after all (e.g., if they are called indirectly). If this is causing your problem, then the solution I suggested earlier (unchecking the box under Tab SingleBuild) should solve the issue. If not, then I'd need a small reproducer script to analyse.

Share this post


Link to post
Share on other sites

For the inputbox issue use this line to fix it.

#pragma compile(inputboxres, true)

The default is false which specifies that you don't include the resources for inputboxes in a compiled script, which saves space if you're not going to be using an inputbox.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Hi BrewManNH,

That's great! Thanks a lot for that; looks like I need to read up on #pragma directives.

Much appreciated!

RT

Edited by RTFC

Share this post


Link to post
Share on other sites

Been a few days, and finally got some dev time to look into these issues and respond...

@kaisies: Okay, I've done some tests on the SQLite_Consolewrite function, and can report that I can find absolutely nothing wrong with it in my test scripts. It's not skipped by CodeScanner or CodeCrypter, and encrypts and performs encrypted without a problem. So the only reason I can think of why it might be missing in your output is because CodeCrypter by default strips all UDFs it reckons are never called, and as mentioned in the FAQ (MCFQA.pdf, first post), it sometimes throws out UDFs that are needed after all (e.g., if they are called indirectly). If this is causing your problem, then the solution I suggested earlier (unchecking the box under Tab SingleBuild) should solve the issue. If not, then I'd need a small reproducer script to analyse.

 

Interestingly, I have since installed win7 on my main dev box (windows 8 for some reason got REALLY unstable REALLY quickly for some unknown reason), and now running Scanner+Crypter does not generate this issue.  Very odd.  I was running with all strip functions unchecked before (on my win7 laptop, and another win7 box I had around), and it was still  stripping it.  Who knows, chalk it up to computers.

 

For the inputbox issue use this line to fix it.

#pragma compile(inputboxres, true)

The default is false which specifies that you don't include the resources for inputboxes in a compiled script, which saves space if you're not going to be using an inputbox.

 

Thank you, I have implemented this rather than using a wrapping function, just looks cleaner.

Share this post


Link to post
Share on other sites

hello RTFC . I am a Vietnam and I'm not proficient in the use of English . I used translate.google to be able to talk  on the web ! I have one script and I tried to follow the instructions encoded but can not . Can you help me?

if you can make me one video clip on youtube for guidance at the beginning?

Thank you

Edited by lovev1

Share this post


Link to post
Share on other sites

Hello lovev1, and thanks for your question.

I tested your script; Codescanner has no problems with it, and CodeCrypter has no trouble encrypting it. Since your script changes attributes of various files,  runs/closes processes, moves/deletes files and directories, and otherwise interacts with your specific environment, I am not going to test its functionality (it's potentially far too destructive to let it run outside of a virtual machine, and I'm not going to set one up just for this, sorry). You'll have to test that on your own machine.

I'm sorry I cannot provide translations of the instructions/code annotations in other languages. You could try copy/pasting the contents of MCFQA.pdf in Google Translate, but I can't guarantee that what comes out in Vietnamese will make any sense.

You should start, however, by adding this line below your other includes:

#include "MCFinclude.au3"

then place that script in the CodeScannerCrypter subdirectory, run CodeScanner with setting WriteMetaCode on, close CodeScanner whne it's done, start CodeCrypter, load the script, select the options you want, and press Run. With default settings, it will use macro @username as encryption key, so won't run for users with a different @username.

As far as I can tell, your script does not contain any complications that might cause problems for encryption.

Best of luck. :)

Share this post


Link to post
Share on other sites

Looks you missed to read the forum rules.

Decompilation is an absolute No, no :naughty:

You will not get help on this!


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2020-09-05 - Version 1.5.1.1) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2020-06-27 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (NEW 2020-06-27 - Version 1.3.2.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki, WebDriver - Wiki

 

Share this post


Link to post
Share on other sites

Seems more like a challenge more than a request, although this changes nothing.

Not the best first post GoravGupta.

Ed: Removed conjecture.

Edited by Mobius

wtfpl-badge-1.png

Share this post


Link to post
Share on other sites

@goravgupta, consider this the only warning you'll receive.  Please adhere to the forum rules.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By RTFC
      The CodeScannerCrypterBundle (ca. 2.5 MB unzipped) contains the following UDFs and utilities:
      CodeScanner: analyse AutoIt script structure and content, identify potential issues, generate MCF data files CodeCrypter: front-end GUI for the MCF library, for script encryption (without storing the decryption key(s) in the script!) MetaCodeFile UDF (MCF library): for analysis and user-defined alterations of AutoIt script structure and content MCFinclude.au3: #include this UDF in any AutoIt script that you wish CodeCrypter to process AES.au3, by Ward; machine code UDF for AES encryption (32-bit, patched version) CryptoNG, by TheXman; encryption UDF using Bcrypt dll calls (32/64-bit; various algorithms) StoreCCprofile.au3/readCSdatadump.au3/helloworld.au3: auxiliary utilities and example script HowToCodeCrypt.pdf: a simple guide in five steps CodeCrypterFAQ.pdf: questions and answers, partly based upon exchanges in the CodeCrypter thread. Please follow the links for additional information.
    • By TheXman
      Encryption / Decryption / Hashing
      Purpose
      Cryptography API: Next Generation (CNG) is Microsoft's long-term replacement for their CryptoAPI.  CNG is designed to be extensible at many levels and cryptography agnostic in behavior.  Although the Crypt.au3 UDF that is installed with AutoIt3 still works perfectly, the advapi32.dll functions that it uses have been deprecated.  This UDF was created to offer a replacement for the deprecated functions.  According to Microsoft, deprecated functions may be removed in future release.  Therefore, this UDF will be available when/if that happens.
      Description
      This UDF implements some of Microsoft's Cryptography API: Next Generation (CNG) Win32 API functions.  In its initial release, it implements functions to encrypt text & files, decrypt text and files, generate hashes, and the Password-Based Key Derivation Function 2 (PBKDF2) function.  The UDF can implement any of the encryption/decryption algorithms or hashing algorithms that are installed on the PC in which it is running.  Most, if not all, of the values that you would commonly use to specify that desired algorithms, key bit lengths, and other magic number type values, are already defined as constants or enums in the UDF file.
      To flatten the learning curve, there is an example file that shows examples of all of the major functionality.  This example file is not created to be an exhaustive set of how to implement each feature and parameter.  It is designed to give you a template or guide to help you hit the ground running in terms of using the functions.  I have tried to fully document the headers of all of the functions as well as the code within the functions themselves.    As of v1.4.0, there is also a Help file that includes all of the functions, with examples.
      Current UDF Functions
      _CryptoNG_3DES_CBC_DecryptData _CryptoNG_3DES_CBC_DecryptFile _CryptoNG_3DES_CBC_EncryptData _CryptoNG_3DES_CBC_EncryptFile _CryptoNG_AES_CBC_DecryptData _CryptoNG_AES_CBC_DecryptFile _CryptoNG_AES_CBC_EncryptData _CryptoNG_AES_CBC_EncryptFile _CryptoNG_CreateRSAKeyPair _CryptoNG_DecryptData _CryptoNG_DecryptFile _CryptoNG_EncryptData _CryptoNG_EncryptFile _CryptoNG_EnumAlgorithms _CryptoNG_EnumRegisteredProviders _CryptoNG_GenerateRandom _CryptoNG_HashData _CryptoNG_HashFile _CryptoNG_LastErrorMessage _CryptoNG_PBKDF2 _CryptoNG_Version  
      Related Links
      Cryptography API: Next Generation - Main Page
      Cryptography API: Next Generation - Reference
      Cryptography API: Next Generation - Primitives
      Cryptography API: Next Generation - Cryptographic Algorithm Providers
    • By RTFC
      MetaCode offers a way to:
      separate a script's structure from its content remove all redundant definitions (globals and UDFs) change any content (and some structure) combine (new) structure and (new) content into a new script The most useful applications implemented so far are:
      Fast language translation (not just text strings, also variable names and UDF names) Obfuscation (vars and/or UDFs) Script Encryption (conditionals, calls, and macros) Encryption is powerful because the key is not stored anywhere; you can define it to be a user password, macro, environment spec/variable, server response, something you define yourself, or a combination thereof; anything goes, as long as it's not a fixed string or fixed value. More info in the CodeCrypter thread: ?do=embed' frameborder='0' data-embedContent>'?do=embed' frameborder='0' data-embedContent>>
      ?do=embed' frameborder='0' data-embedContent>
      But MetaCode has more potential than that; it allows you to tinker with any type of content separately, then rebuild a new version. So for example, you can have a single script structure and numerous different language modules you just plug in to create a new version in a different language.
      A brief Tutorial is here: MetaCode Tutorial.pdf
      The MCF library itself can be found in the CodeScannerCrypter bundle.
      And a little example how to use it for translating your GUI into a different language:
       UI_Translator.7z (new version that should work with the new version of Google Translate, see post #13 below)
       
       
      MCF.au3 is just the library plus the MCFinclude.au3 file you need to include in any script you wish to encrypt.
      There is no GUI here. However, I did write a separate front-end for it called CodeCrypter, which you can find here:
      ?do=embed' frameborder='0' data-embedContent>'?do=embed' frameborder='0' data-embedContent>>
      ?do=embed' frameborder='0' data-embedContent>
      MCF uses output generated by my CodeScanner version 2.8+, which you can find here:
      '?do=embed' frameborder='0' data-embedContent>>
      CodeScanner also depends on MCF.au3 now, as it can now call a few of its functions.
      I should also mention Ward's excellent AES.au3 UDFs used for the encryption and decryption calls,  which is now included in the CodeScannerCrypter bundle (thanks to Ward for allowing to include it). You can find the original (unpatched) version here:
      '?do=embed' frameborder='0' data-embedContent>>
      Note: you can replace the encryption/decryption calls with whatever algorithm you like (hint: the native <Crypt.au3> library is too slow for most purposes, better stick to machine code routines)
      So just to be clear:
      CodeScanner (v2.8+) needs MCF (earlier versions won't work!) CodeCrypter needs MCF (plus anything that MCF needs) MCF itself needs MCFinclude (part of MCF zip) MCF also needs readCSdatadump (part of the CodeScanner package, you need the latest version packaged with CodeScanner v2.8; earlier versions won't work!) both MCF and MCFinclude currently rely on AES.au3 by Ward So you basically need to download the whole bundle for any of it to work.
       
      If you have any questions, please start by reading the MCF Tutorial and the CodeCrypter FAQ (you can download the latter separately from the CodeCrypter thread).
      Next, read the extensive Remarks sections in MCF.au3, MCFinclude.au3, and CodeCrypter.au3
      If still no joy, then please post. However, I'm not online that often, and logged in to the forum even less, so response may take a while).
      RT
×
×
  • Create New...