Sign in to follow this  
Followers 0
falconv

Can't decompile? lost source!

18 posts in this topic

Before anything else, I *know* I should have backed up. Please don't flame me for that, I'm getting more than enough of that at work for us all.

Now that we have that behind, I have a program that's been months in the making, and often needs slight tweaking to adjust for the changes in the product we're selling (managers want something else shown, or hidden, or want it displayed in a different way, etc). Anywho, I have the source on my hard drive, and the compiled .exe's on the server for all employees to use... until my hard drive got the click-of-death suddenly and unexpectedly. Not even enough time for me to grab the few files I should have had backed up.

Getting to the point: I have the compiled files, and I swore I passworded them for decompilation just to be safe. But when I used the exe to au3 converter, it tells me I got the wrong password!! I know this is asking a lot (not only of time, but trust also), but could one of the developers possibly decompile it without a password? I don't know if you have the resources to do that. Or if for some reason the last time I compiled it I might have forgotten to check the decompileable box, is it possible to decompile? even by a developer?

I'm going to be spending the next week trying to get the HD working at least enough to hopefully extract those files, I really would rather not ask my boss to fork out a couple hundred for data-extraction services if possible.

I hope there's *something* someone can do to help. Again, I don't need flames. If you don't think it's possible please don't reply unless you're a developer and *know* it can't be done.

Thanks in advance, and hopefully I'll be able to do this myself with the data extraction, but just in case that doesn't work, this is my only other option (besides starting from scratch, but that's a LOT of work to redo!)

Share this post


Link to post
Share on other sites



with which version of autit was it compiled?

Jon did a change to have only one decompiler but perhaps there is a bug!!!

You could try to use the decompiler associated with the autoit version you compile with. :">

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I was just about to post about that, I forgot to mention I compiled with the beta (I think it was .70, but I don't remember), and trying to decompile with the stable decompiler. Is there a new release of the decompiler I can try?

Edit:

oh yeah, it was compiled in beta to be able to use M$ Word objects.

Edited by falconv

Share this post


Link to post
Share on other sites

I was just about to post about that, I forgot to mention I compiled with the beta (I think it was .70, but I don't remember), and trying to decompile with the stable decompiler.  Is there a new release of the decompiler I can try?

Edit:

oh yeah, it was compiled in beta to be able to use M$ Word objects.

<{POST_SNAPBACK}>

I you compile without changing the version number You can know for sure with which autoit version you compile with.

What I can add is the current compiler was introduce in .61. I don't if it has an importance but it get change in .66 and .67 with the version of August 5 of the compiler. Now it is back to the .61 version with a version dated July 14

For the decompiler the change occured in .66 version with a Aug 8 version.

I hope I didn't did a mistake which make the decompilation impossible.

THe only one which can confirm is Jon.

Sorry not helping more :">

Share this post


Link to post
Share on other sites

I you compile without changing the version number You can know for sure with which autoit version you compile with.

What I can add is the current compiler was introduce in .61. I don't if it has an importance but it get change in .66 and .67  with the version of August 5 of the compiler. Now it is back to the .61 version with a version dated July 14

For the decompiler the change occured in .66 version with a Aug 8 version.

I hope I didn't did a mistake which make the decompilation impossible.

THe only one which can confirm is Jon.

Sorry not helping more :">

<{POST_SNAPBACK}>

It was compiled with .68

Is there any possible way for you or another developer to make a temporary decompiler that ignores the password, and I'll send you the file to decompile and you send me back the source code? If the decompiler keeps the comments, you'll know it was made by me, if not, I could show you some snippets of code I posted in the forum so you can see it was made by me and I'm not trying to steal someone else's script.

I'll be busy this weekend working on getting the original source off the dead hard drive, but I'll check back to see if Jon might have seen this post and can help.

Thank you so much jpm for helping!

Share this post


Link to post
Share on other sites

*bump*

Is there some way I could get Jon's attention on this? I've researched, and it would cost at minimum $500 for data recovery. I think my company would rather make me rebuild the program than fork out that kind of cash, so I'm going to have to get started again from the beginning.

If there is *ANY* way to decompile my .exe's, please help me out here dev's if you can! Anything is appreciated. Thanks in advance!

Share this post


Link to post
Share on other sites

well not that unpacking things can really help but im pretty good with Olly id try it for you.


http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]

Share this post


Link to post
Share on other sites

I'm not familiar with Olly, what does it do?

I know decompiling it won't get my files exactly as they were, but it would at least get somewhat of a skeleton for me to work on, and cut a lot off of my workload.

Thanks for trying, please let me know if you get anything. I've put up the file for download from the link below:

<a href="http://www.traveltogo.com/~gwillis/ttgwebbuilder.zip">Click Here</a>

or http://www.traveltogo.com/~gwillis/ttgwebbuilder.zip

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

attach the exe here, maybe i could run a script to try to guess the password... lol makes em laugh the concept of using an autoit script to crack an autoit script lol.

oops didn't see that you put the file up :">

as for the source, you could try making a barts PE cd available: http://www.nu2.nu/pebuilder/

should be able to recover it from the hard drive if its not a hard drive hardware problem.

Edited by Bi0haZarD

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

decompressed the exe with UPX125w and used Olly..

heres the result of what i got lol. not much code i can see in there. but not sure how much better you can get.

i'm also not sure how accurate this info is, as it looks like some sort of media player by some of the code. maybe another member maybe able to shed more light onto this.

decompile.zip

Edited by Bi0haZarD

Share this post


Link to post
Share on other sites

i think i can get this open... will let you know progress shortly


1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

i think i can get this open... will let you know progress shortly

<{POST_SNAPBACK}>

i was trying to get it open without bruting it, but it looks like that's the way you're going to have to go man... there's a topic in this forum named 'password guesser' that may help you out getting started on code...

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

yeah, sadly it is a hardware problem on the hard drive, otherwise I would have been able to recover it long ago. it's got the "Click of Death" and won't let me boot fully if it's connected to the computer. I'll try my Ultimate Boot CD for Windows just to cover any possibilities.

I'll also be trying the autoit to crack an autoit script, lol.

Thanks so much for all your help! I just started reprogramming it from the beginning, but it would be SO nice to have the original back to help me out, or even parts of it.

Share this post


Link to post
Share on other sites

*bump*

Is there some way I could get Jon's attention on this?  I've researched, and it would cost at minimum $500 for data recovery.  I think my company would rather make me rebuild the program than fork out that kind of cash, so I'm going to have to get started again from the beginning.

If there is *ANY* way to decompile my .exe's, please help me out here dev's if you can!  Anything is appreciated.  Thanks in advance!

I've got the code, and there doesn't appear to be anything password/sensitive in there, so tell me something about the script and how it works and i'll send it to you.

Share this post


Link to post
Share on other sites

You're the best Jon!!!

If it split it up into files, you'll notice at the bottom of the Functions.au3 file there's a lot of html code, it's writing the results of the input into three different html files (actually .inc files). It places these files in \\192.168.1.1\automation\Script-Temp\Output (defined in the variables.au3 file)

It also looks for a resortsdb (or maybe hotweeksdb?) .ini file on a server at address \\192.168.1.1\automation\Script-Temp\database

If you need more info still, let me know.

I really appreciate this, and also thank you all so much for putting so much effort into trying to help get my code out!

Share this post


Link to post
Share on other sites

Jon, just a question, i know your Administrator and all. but how did you get the source? like... do you just have an Exe2Aut converter that doesn't require a passphrase? or are the exe's more secure then that.

i'm just wondering cause i was thinking about making an autoit script that installs apps after i do a format of my hard drive. and was concerned about the security of having serial/CD-keys in there.

Share this post


Link to post
Share on other sites

I'm no developer, so I can't say this is true for certain, but just a guess, I would think that because he designed the decompiler itself, it wouldn't be hard for him to comment out a few lines in his source code to void the necessity of a password.

I don't know if there's any way to encode parts of the code so that even if you decompile it with the password those portions of your code are "destroyed" so to speak?

It would be nice to see some added security features, but I wonder how much extra work that would add to the developers' current load.

I've used passwords and serial numbers in some of my scripts (all of which were lost in the hard drive death, except for this which doesn't contain passwords, and one other which is similar to, but smaller than this), but I knew from the beginning it wasn't secure, so I kept the files strictly to usage by myself.. if anyone were to get ahold of them, and was some genius, they might be able to extract the sensitive data. We've been warned of this in the AutoIt Help file, under AutoIt -> Using AutoIt -> Compiling Scripts -> Technical Details section, paragraph two states:

Because a compiled script must "run" itself without a password it needs to be able to decrypt itself - i.e., the encryption is two-way. For this reason you should regard the compiled exe as being encoded rather than completely safe. For example, if I wrote a script that contained a username and password (say, for a desktop rollout) then I would be happy using somehting like a workstation-level user/password but I would not consider it safe for a domain/entire network password unless I was sure that the end-user would not have easy access to the .exe file.

So whether or not he or any other developer might have a decompiler that's able to ignore passwords, I'm sure there's other ways for someone to extract any sensitive information held within your script. Not to mention there's a link to the source code on the download page, so anyone with the know-how could compile their own AutoIt decompiler that would unencode or decompile based on the encryption parameters Jon set in the AutoIt program. Correct me if I'm wrong.

Share this post


Link to post
Share on other sites

if you have the right resources, you can decompile anything. in about 30 seconds, a quick google search gave m an exe2aut with no passprases required. there's no guarnteed security, thats just the way it is, AFAIK.


The cake is a lie.www.theguy0000.com is currentlyUP images.theguy0000.com is currentlyUP all other *.theguy0000.com sites are DOWN

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0