Jump to content

Stolen Source code :(


Recommended Posts

I understand. ;) Hope you all understand why I would get offended too. But... sorry everyone. Looks like my post is turning into something it definatly wasn't intended for. If my post is offending anybody I would understand if an admin felt the need to delete it. I am sure the people I was trying to get this message to (The admins :P ) have read my post and are doing what they can to figure out a way to best fix this problem. Probably the less that others know about this issue the better anyways.

Admins please delete this thread when you feel it has served it's purpose or if you feel it is better left unsaid. I assure you all that this file I spoke of does indeed exist. And if an admin would like me to send them a copy I will... so they can find out how it was made.

Link to post
Share on other sites
  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

QUOTE(AutoIt Smith @ Oct 9 2005, 02:50 PM)

END OF DISCUSSION......

I thought this was supposed to be a friendly forum for newbs.

Moreover, if a person joined later, doesn't mean that he's a newb with AutoIt. Quite a lot of advanced AutoIt programmers never show up on the forum.

Link to post
Share on other sites

I understand. ;) Hope you all understand why I would get offended too. But... sorry everyone. Looks like my post is turning into something it definatly wasn't intended for. If my post is offending anybody I would understand if an admin felt the need to delete it. I am sure the people I was trying to get this message to (The admins :P ) have read my post and are doing what they can to figure out a way to best fix this problem. Probably the less that others know about this issue the better anyways.

Admins please delete this thread when you feel it has served it's purpose or if you feel it is better left unsaid. I assure you all that this file I spoke of does indeed exist. And if an admin would like me to send them a copy I will... so they can find out how it was made.

i definitely understand your position. personally though, i believe that the extra level of security you're looking for is the responsibility of the programmer or developer that wants to protect their code. the protections in place work sufficiently in most cases, and in those cases where it's not, you still have other options like re-packing the exe, obfuscation, etc. There is no measure that could be implemented that would completely protect your program, even if you are able to completely secure your source code, someone that knows what they're doing can reverse engineer the program enough to make it do whatever they want anyway, and that's regardless of what language it's in. check out reversemes.de crackmes.de and hackergames.net for examples of people that know what they're doing, and what they can do. Personally i'd rather the developers continue to spend time making the language better (like they do every day) than waste time trying to implement new protection schemes.

***edit***

sorry, forgot </rant>

Edited by cameronsdad
Link to post
Share on other sites
  • Administrators

I recently started a new version of aut2exe that addresses a few concerns:

1. (From an AV point of view) Easier to see where in the exe the script is located to make virus signatures more reliable and hopefully less false positives (Autoit malware has spiraled and this is causing us problems)

2. Stores a non reversible hash of the password in the compiled script (so even if the script is cracked, the password can't be discovered)

Now, I could remove exe2aut which would slow cracking but definately not stop it completely (and I'm open to this as I don't think it should exists anyway) - it's just not possible to do that with 2 way encryption that doesn't require a password. Take ASprotect which entire purpose is to defeat crackers...but people crack that all the time too. Nature of the beast I'm afraid. I do have a version of ASprotect licensed that I will probably protect exe2aut in the next version with - but it _will_ be cracked at some stage, the protection will just delay it...

Link to post
Share on other sites

I recently started a new version of aut2exe that addresses a few concerns:

1. (From an AV point of view) Easier to see where in the exe the script is located to make virus signatures more reliable and hopefully less false positives (Autoit malware has spiraled and this is causing us problems)

2. Stores a non reversible hash of the password in the compiled script (so even if the script is cracked, the password can't be discovered)

Now, I could remove exe2aut which would slow cracking but definately not stop it completely (and I'm open to this as I don't think it should exists anyway) - it's just not possible to do that with 2 way encryption that doesn't require a password. Take ASprotect which entire purpose is to defeat crackers...but people crack that all the time too. Nature of the beast I'm afraid. I do have a version of ASprotect licensed that I will probably protect exe2aut in the next version with - but it _will_ be cracked at some stage, the protection will just delay it...

personally, i use exe2aut myself, because of my own lack of organizational skills. i frequently use the same filenames over and over, or i'll re-tool a script that i've already compiled, to make a different program. then the source reflects the new script, but if i ever need to change something in one i originally compiled, i'll just decompile it and change it that way. i know that wouldn't be necessary if i did things the 'right' way, but it's a luxury i've become accustomed to. now i'm not trying to be one of those 'whiney bitches' valik was talking about, i just think that by removing the exe2aut you'd be removing a valuable tool because of possible misuse. i think that the lack of that tool would negatively affect the honest users more than those we have to worry about, and it would be another example of a few bad users ruining something for others. but that's just my 2 cents... </rant>
Link to post
Share on other sites

Exe2Aut should not exist to prevent stupid user errors. If you don't want to lose stuff, use version control. I personally use Subversion and more specifically TortoiseSVN to version all my source code and it's about 4000 times simpler than I ever imagined. I put it off and put it off thinking there was some arcane magic involved and was surprised by how simple it really is.

Link to post
Share on other sites

Exe2Aut should not exist to prevent stupid user errors....

I certainly agree with that Valik...

Also I have a folder inside Autoit for each and every program i am working on...

Inside each folder i have the program name and the a number...my *XPClean Munu* looks like this

XPClean (Folder)

Xpclean1

Xpclean2

........

Xpclean42

every time i make an enhancement/change... i just save it as another number

*** most of all ***

I have never lost a script due to compiling... never

I compile in the SciTE window... and have never lost anything

*** the actual problem maybe the ability to "right click" on a au3 file to compile it *****

maybe if we remove this right click compile ability it would help

8)

NEWHeader1.png

Link to post
Share on other sites

Would it be possible to do both? Basically have an option to allow decompilation... which would be prone to being decompiled with the exe2aut and an option to never be able to decompile. I know this option is there allready... but it is still decompileable. Whouldn't it be possible to make the Un-Decompilable option a totally different encryption than the decompilable one? This way exe2aut wouldn't even be able to read the file anyways?

Or is it that no matter what... if there is an exe2aut existing that the exe will allways be able to be Decompiled?

I am glad Jon is doing what he is to help secure things. ;) Thank You Jon! I know the work you do is probably a pain in the *** sometimes. I really appreciate it. But for my vote... I say get rid of exe2aut... I feel it serves no purpose except lazyness.

Link to post
Share on other sites

Would it be possible to do both? Basically have an option to allow decompilation... and an option to never be able to decompile.

I am glad Jon is doing what he is to help secure things. ;) Thank You Jon! I know the work you do is probably a pain in the *** sometimes. I really appreciate it. But for my vote... I say get rid of exe2aut... I feel it serves no purpose except lazyness.

Right on the button!

8)

NEWHeader1.png

Link to post
Share on other sites

;)

3 simple issues:

1. If people have the executable code, they can crack it. Period. All you can do is add speed bumps.

2. I believe the ability to decompile the code should continue to be included. First of all, it is good for people who lose source code -- it has happened or WILL happen to everyone - I guarantee it. Secondly, for tech support people like me who have to support it after the consultant goes away, I need to get to the souce that the consultant didn't leave with me.

3. There should be some ability to obscure code or add speed bumps if the author choses. If you have to use a different tool to do so, then so be it.

There are simple competing needs at work here. Give us both tools - the ability to decompile and the ability to attempt to prevent it.

my $0.02 worth.

-Jonathan

Link to post
Share on other sites

The day the decompiler is removed from the autoit package, will be the day these

forums will be alive with "Urgent - Help recovering Source" topics.

Indeed each of these requests will have an assumed Critical URGENT need for asking.

Volume of posts would exceed keyloggers and Wow script help requests.

I say leave it in. If your programs that good, you aint gonna stop anyone anyhow, No matter what you do.

It is not the Devs responsibility to make Autoit hackproof.

HardCopy.

Edit: started to go off on another tangent.

Edited by HardCopy

Contributions: UDF _DateYearFirstChildren are like Farts, you can just about stand your own.Why am I not a Vegetarian?...Well...my ancestors didn't fight & evolve to the Top of the food chain for me to survive on Salad

Link to post
Share on other sites

i cannot find a version of aut2exe that has NO prompt for the passphrase.

i have some scripts that i wished i never clicked the "dont allow decompilation" option on, and also some scripts that i passworded and lost the password.

this is not urgent as i have been waiting all this time anyways BUT... since this IS an available option i was wondering if someone could link me to the proper version of exe2aut or if there is another way to decompile these scripts i would like it explained in laymans terminology.

i hope i dont get flamed here.. heh but i didnt even know this was possible before and i think its a great feature to be able to "crack the code" and i would like someone to please show me how.

and i admit freely that i make stupid mistakes and lots of them ;) give a guy a break. this would mean alot to me.

thanks to anyone who replies

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Link to post
Share on other sites

i have some scripts that i wished i never clicked the "dont allow decompilation" option on

The day the decompiler is removed from the autoit package, will be the day these

forums will be alive with "Urgent - Help recovering Source" topics.

I always used "dont allow decompilation" option for all my scripts. I'd vote to remove exe2au3, that's why we have FileInstall anyway. I set some HOTKEY and the function for that HOTKEY is to ask for username and password ones the correct username and password is type it create a folder on the desktop with the source code and any other #include that aren't part of autoit install.

AutoIt Scripts:NetPrinter - Network Printer UtilityRobocopyGUI - GUI interface for M$ robocopy command line
Link to post
Share on other sites

I always used "dont allow decompilation" option for all my scripts. I'd vote to remove exe2au3, that's why we have FileInstall anyway. I set some HOTKEY and the function for that HOTKEY is to ask for username and password ones the correct username and password is type it create a folder on the desktop with the source code and any other #include that aren't part of autoit install.

i like that idea....
Link to post
Share on other sites

QUOTE

i have some scripts that i wished i never clicked the "dont allow decompilation" option on

QUOTE

The day the decompiler is removed from the autoit package, will be the day these

forums will be alive with "Urgent - Help recovering Source" topics.

first of all this is my FIRST post on the subject... and i stated that it is NOT urgent.

these files have been sitting on my desktop for a long time now, and i can continue to wait (hopefully not forever). SECONDLY... exe2aut has NOT been removed yet so until that time, i would just like a little help.

i dont feel i am asking too much, and i really only want the source to my OWN scripts... so i think since its POSSIBLE that this should not be a problem, if every single person on this forum is unwilling to help, then i guess exe2aut should be removed. but from what i have read its 50/50 for people who want it and people who dont. certainly someone understands this frustration and would be willing to help me.

i have had NO trouble with decompiling scripts that i have created for a long time... i have learned to be more responsible. but some of my first scripts i was not very responsible with and i was just creating them, losing the script after clicking "dont allow decompilation" and/or practicing poor password management.

please, it would mean a great deal to me!

if you dont want to post in the forum because others would think less of you (which they shouldnt) then please email me at toddie_s@yahoo.com

im a good guy here just trying to recover what i thought i had lost and i want to be taken seriously. i can manage my scripts in the future so i dont need advice on how to do so. also im not going to post a new topic on this but i hope this one gets answered.. and to make it even clearer, i dont want to decompile someone elses work. so put your moral opinions of what you think i MIGHT be doing, and take my word for it and help a guy out.

THANKS

~Todd

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...