Jump to content

Stolen Source code :(


Proph
 Share

Recommended Posts

I agree AutoIt source code should be more secure. I have developed so far 3 programs for a school. I dont want just anyone being able to get ahold of my source code as that would prove pointless in my being able to update the program myself, and so on.

Thanks,

JS

AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Link to comment
Share on other sites

  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

As Jon and others have mentioned, no matter what type of protections are implemented to secure the source code for compiled AutoIT scripts, SOMEONE out there will be able to reverse engineer/decompile your EXE if it has any intrinsic value to them. But, there should be something in place to at least be able to keep the average user from obtaining your source code.

And for those that argue about losing your source code, and need a way to recover by decompiling.....

If you're not intelligent enough to backup it up, then you shouldn't be using a computer. B)

Link to comment
Share on other sites

I'm just curious about the approach AutoIt actually uses to secure the source when you specify a password. I don't want to know the details and don't think they should be posted publicly. I'm just curious whether there's any type of encryption going on, or if the source is stored as-is inside the compiled executable.

If it's the latter, then what about using some sort of encryption based on the password. Give the compiler its own key that's embedded in the compiled executable so it can run the script, but to decompile the script you'd need to know the password. I'm not all that familiar with the inner workings of encryption, so I'm asking whether something like this is possible.

My UDFs: ExitCodes

Link to comment
Share on other sites

Just a thought and I don't know how practicable it would be, but how about making a compiler that strips all comments, blank lines, code tidying and CRLF's (where able) and compresses the code to such an extent that it would make it a real, real pain in the butt to try and rip code from?

Of course this means that you would have to be extra careful with your .au3 source files because it means you would no longer be able to decompile the exe to obtain your source using Exe2Aut (because any commented out lines of code would be gone) but the added benefit of compressed code is smaller exe's and possibly faster execution. In truth, I was quite surprised to find Aut2Exe didn't do this already as most other compilers I'm familiar with, do this as standard.

I realise that this still allows code ripping for the real serious hacker, however, it makes their job a truck-load harder. I guess this could also be used as a form of invisible watermarking because your source has the reasons why you coded something the way you did while your exe doesn't have that info.

And for those that argue about losing your source code, and need a way to recover by decompiling.....

If you're not intelligent enough to backup it up, then you shouldn't be using a computer. B)

I couldn't agree more, anyone who relies on their compiled exe for their .au3 source is just foolish.

Link to comment
Share on other sites

Stripping out all non-essential comments would be good. I'm surprised that the AutoIT3 compiler doesn't do that. Not that I've actually decompiled anything with EXE2AUT yet.

Perhaps if there was some way to add some type of SHA2.3 (SHA-512) password hash or randomly generated key to encrypt the EXE after it's been compiled. Any which way you do it, if the program knows how to decrypt and run itself, then anyone who knows what to look for could find a way to decrypt it. It's a catch-22. I personally, wouldn't want to have to input a password every time I want to execute one of my scripts. That's the point of automating things with AutoIT.

Link to comment
Share on other sites

Can you guys just drop the topic? It's old. None of you have anything new to say that hasn't been said thrice before in various threads. Discussing the matter and coming up with all kinds of ideas is pointless. We already know what the problems are and we also know how to provide solutions to them. Having everybody with an opinion chime in and inform us of their's isn't doing any good at all.

Personally, I'm sick of seeing threads like this and I'm tired of seeing people's ignorant opinions on it. I've seen a lot of stupid ideas and stupid assumptions about AutoIt's architecture made in threads like this. Can't you all just clam up and leave the problem-fixing to the people who know how AutoIt works or to the people who know how languages work in general?

Link to comment
Share on other sites

Can you guys just drop the topic? It's old. None of you have anything new to say that hasn't been said thrice before in various threads. Discussing the matter and coming up with all kinds of ideas is pointless. We already know what the problems are and we also know how to provide solutions to them. Having everybody with an opinion chime in and inform us of their's isn't doing any good at all.

Personally, I'm sick of seeing threads like this and I'm tired of seeing people's ignorant opinions on it. I've seen a lot of stupid ideas and stupid assumptions about AutoIt's architecture made in threads like this. Can't you all just clam up and leave the problem-fixing to the people who know how AutoIt works or to the people who know how languages work in general?

I agree and I don't have a problem with dropping it, but before seeing a post like this it would've been nice if WE had been told the developers knew the problems and to keep our panties on because a solution was forthcoming and nothing further needed discussing. My understanding is that this code stealing issue is a relatively new one for AutoIt and nothing had been decided yet (in the way of a fix), hence, the V3 Support forum was a place to discuss things like this. Apologies if this isn't the case.

Link to comment
Share on other sites

not to continue to beat a dead horse, but i have 2 cents on the subject.

i want to work on a project for "jumbling code" but im not sure how practicle it would be.

i need to know a few things before i get started.

i know that no matter what a determined person will always be able to crack ANYTHING.

but as previously mentioned as an idea in this thread, i would like to make it more time consuming.

without changing the compiler, i was thinking i could just make the code more cryptic, but still understandable to the compiler.

i would make a script that will modify the script you want to jumble. it would create a new .au3 file and change all variables names from the original file, to random names in the new file.

and remove all comments, blank lines and spaces where applicable...

it would also create more variables for certain things, like letters a-z and numbers 0-9 and use those instead of plain text everyone can easily read.

after the variable is used it will rename itself also so the second instance of that variable when its used, will have a different name.

also would like to put many lines of code on one line using a line break or pipe

anyways, what i need to know is, how many variables can autoit remember (maximum for a script) and.... will creating (possibly alot) more variables consume a noticable amount of memory?

i know to "clean up" any variables im not using so

i would just do something like $var = "" is this improper? since $var will still exist, it just will have no value

is there a way to remove variables from memory?

just a few thoughts, let me know if i have a good idea and also answer about the variables if possible

thanks all!

Edited by t0ddie

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Link to comment
Share on other sites

  • Moderators

The horse is now officially glue. B)

PS: You're out of change. :)

Now That Just Down Right ----

:o FUNNY!! :graduated:

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...