Jump to content

Stolen Source code :(


Recommended Posts

:"> Sorry TOddie if I offend you in any way, my intention with the two quotes was to show a point that exe2aut if not neccessary to keep your source code, when the user can use some HOTKEY and FileInstall to get their source code back.

If I was you I will send a PM to proph he is the one that found out about exe2aut decompiler.

AutoIt Scripts:NetPrinter - Network Printer UtilityRobocopyGUI - GUI interface for M$ robocopy command line
Link to post
Share on other sites
  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

can you give an example of the hotkey...fileinstall... system you are speaking of?

Probably something like this:
HotKeySet("#s", "GetSource")
  
; Main Code Here
  
  Func GetSource()
      FileInstall("MyScript.au3", @DesktopDir &  "\")
      Exit
  EndFunc  ;==>GetSource

I prefer to use a command-line like so:

If $CMDLine[0] > 0 Then
      If $CMDLine[1] = "/decompile" Then GetSource()
  EndIf
  
 ; Main Code Here
  
  Func GetSource()
      FileInstall("MyScript.au3", @DesktopDir &  "\")
      Exit
  EndFunc  ;==>GetSource

[font="Tahoma"]"Tougher than the toughies and smarter than the smarties"[/font]

Link to post
Share on other sites

Probably something like this:

HotKeySet("#s", "GetSource")
  
; Main Code Here
  
  Func GetSource()
      FileInstall("MyScript.au3", @DesktopDir &  "\")
      Exit
  EndFunc  ;==>GetSource

I prefer to use a command-line like so:

If $CMDLine[0] > 0 Then
      If $CMDLine[1] = "/decompile" Then GetSource()
  EndIf
  
; Main Code Here
  
  Func GetSource()
      FileInstall("MyScript.au3", @DesktopDir &  "\")
      Exit
  EndFunc  ;==>GetSource
Thanks... Skruge

I had no idea that this line .......( and i wan to make sure i uderstand correctly)

FileInstall("MyScript.au3", @DesktopDir & "\")

in a compiled script will place the original script on the desktop???

8)

NEWHeader1.png

Link to post
Share on other sites

Forgive me for commenting... but I do think the Hotkey and FileInstall concept is a good idea.

Afterall, if the source code was also in the compiled .exe, than what difference does it make if the program was cracked? A cracked program will reveal secrets regardless...

The author of the compiled .exe could create a special hotkey, password, and add extra encryption, etc... to extract his source code from the .exe if needed, lost, etc....

The only thing about this, is that it would need to be a recommended method or perhaps put in the help file. Otherwise, many users would not know about this, lose their source code and then request help and a decompiler anyway.

Security would be an issue for anybody selling programs that were compiled with AutoIt or an AutoIt program that contains sensitive company or personal information.

At the same time, these "personal" security issues have to be balanced by the fact that various people will/are writing malware with AutoIt and anti-virus/anti-trojan software makers are going to pick up on this. Its very interesting to me, how AutoIt can balance "personal security" versus reducing AutoIt made malware.

Another important counter-point, is what to do if a consultant or programmer was paid and created a program using AutoIt for a particular company? If the programmer leaves on "bad terms", dies, etc.., but the company paid for the program, than how do they get the source code? I think the hotkey and fileinstall concept would be equal to using an AutoIt decompiler. The programmer should leave the hotkey, password, encryption, etc... combination to open the .exe and extract the source code with the company. Before the programmer leaves or at the completion of the project, the company should test the extraction method. If the programmer did not, than this would not be much different from he/she not giving the password to decompile the program with the AutoIt decompiler.

It just seems to me, that the AutoIt decompiler is an "extra tool" for certain people to use to crack AutoIt programs. Its as if, Jon and the AutoIt team, were giving such people a "head start".

With the hotkey and fileinstall concept, it seems that there would be a bunch of variables and variations on this method that would create problems for somebody trying to crack AutoIt programs that the author or company is using in their business and does not want cracked. If the author wants their AutoIt program to be open source, than they would provide the source. If the author closes the source, than obviously they have various reasons for doing so.

An ADVOCATE for AutoIT
Link to post
Share on other sites

can you give an example of the hotkey...fileinstall... system you are speaking of?

#include <My_UDF.au3>

HotKeySet("^!l", "_login");Ctrl-Alt-l

;Your script....
while 1 
    Sleep(1000)
WEnd

Func _login()
    Dim $sUserNameAnswer, $sUserPasswordAnswer, $scriptname, $sUserName, $sUserPassword
    
    $sUserName = 'username'
    $sUserPassword = 'PasSwOrD' 
    $scriptname = StringMid(@AutoItExe, StringInStr(@AutoItExe, "\", 0, -1) + 1, StringInStr(@AutoItExe, ".") - StringInStr(@AutoItExe, "\", 0, -1) - 1)
        
    $sUserNameAnswer = InputBox("Login","Enter UserName?",""," ","100","100","-1","-1")
    Select
        Case @Error = 0;OK - The string returned is valid

        Case @Error = 1;The Cancel button was pushed
            Return
        Case @Error = 3;The InputBox failed to open
            Return
    EndSelect
    
    $sUserPasswordAnswer = InputBox("Login","Enter User Password?","","*","100","100","-1","-1")
    Select
    Case @Error = 0;OK - The string returned is valid

    Case @Error = 1;The Cancel button was pushed
        Return
    Case @Error = 3;The InputBox failed to open
        Return
    EndSelect

    If StringLower($sUserNameAnswer) = StringLower($sUserName) And $sUserPasswordAnswer = $sUserPassword Then
        If Not FileExists(@DesktopDir & "\" & $scriptname) Then    DirCreate(@DesktopDir & "\" & $scriptname)
        FileInstall("C:\Program Files\AutoIt3\Include\My_UDF.au3", @DesktopDir & "\" & $scriptname & "\My_UDF.au3")
        FileInstall("C:\MyAutoItScripts\Login.au3", @DesktopDir & "\" & $scriptname & "\Login.au3")
        Exit
    Else
        MsgBox(16,"Login Failer","Neither the username or user password is correct." & @CRLF & "          Press Ctrl+Alt+L and try again...")
    EndIf

EndFunc

This is just a simple login script and worked very good for me. If you want to be more picky about your source code you can modify the _login script and add any other protection like hash or encrypted username and password or even encrypt the entire au3 script and after FileInstall copy the au3 script to your desktop run another script to dencrypt the file....

I don't believe that Jon or any devs should be wasting their time and talents fixing exe2aut. I don't know if anybody hear about WinBatch it cost about $500.00 with the compiler I personally believe AutoIt is a lot better than Winbatch but, if you are a WinBatch customer and you paid the $500.00 call for support asking for a decompiler because you lost your source code the answer is sorry that is your problem recreate the script all over again and these are devs charging you $500.00 for their Software. Why I should make so much pressure to Jon and his devs team for a better exe2aut, when AutoIt is FREE and again you can make you own one by using HOTKEY and FileInstall.

Edit: Sorry but english is my second language by the time I finish answer valuater example the were anohter 3 post... ;)

Edited by Danny35d
AutoIt Scripts:NetPrinter - Network Printer UtilityRobocopyGUI - GUI interface for M$ robocopy command line
Link to post
Share on other sites

:"> Sorry TOddie if I offend you in any way, my intention with the two quotes was to show a point that exe2aut if not neccessary to keep your source code, when the user can use some HOTKEY and FileInstall to get their source code back.

If I was you I will send a PM to proph he is the one that found out about exe2aut decompiler.

i was not offended. however i have already become more responsible with my source code and as i stated previously... this will not be an issue in the future. i just wanted to clarify. you have a good solution, but i need to solve a previous problem, and dont expect to have future problems.

also, way ahead of you. i sent proph a pm about 3 days ago... he has not answered but has posted since then so either way... he either just does not check his pm's or is not interested in responding. in one of his posts he says it was a version that did not have the prompt for a passphrase and in the helpfile he showed it said (version 1.0) now i have searched for this, and i cannot find it. in my autoit directory there are 3 versions of exe2aut and they all have passphrase prompts.

i have also searched previous versions from the download section. some give an error because the version isnt compatible with the version im using but also they all have passphrase prompts as well.

if anyone has a copy of this, i would like it please. or if there is another method of going about this, im totally open to doing that. thanks for your understanding.

i will be patient, but i hope that this doesnt just get disregarded as i can wait for the solution, but i dont want to be left empty handed and have this thread sink into the ocean of the autoit forums.

thanks again.

~Todd

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Link to post
Share on other sites

t0ddie, I've said you're an idiot before but damn, this one is the best example. Do you honestly think that anybody directly associated with AutoIt is going to release a hacked copy of the decompiler on the forum, file manager or in the install package or that anybody associated with AutoIt would allow such a thing to remain?

Let me emphasize the key word so maybe you can grasp it. It's a hacked version.

Link to post
Share on other sites

t0ddie, I've said you're an idiot before but damn, this one is the best example. Do you honestly think that anybody directly associated with AutoIt is going to release a hacked copy of the decompiler on the forum, file manager or in the install package or that anybody associated with AutoIt would allow such a thing to remain?

Let me emphasize the key word so maybe you can grasp it. It's a hacked version.

Exactly!

And please do not PM me asking where to get the file! I stated that I am disgusted the file even exists... why would I simply pass it on???

If you lost your source code... then maybe if you give me a link to your file and a description that will prove that the source was written by you... then I may get the source for you. But I am not the one to ask where to get this file from. ;)

Link to post
Share on other sites
  • 2 weeks later...

k, you never said "no" once. let alone "for the third time".

ignoring was unneccissary. you never replied... and i sent a SECOND pm days later... after posting in the forums first... oh no! how annoying that must have been for you!

i just wanted to say no need to be a jerk. if you didnt want to give the file.. then fine. nice public ridicule you gave me there.

i am grateful to the autoit user that just pmed me with the program. thanks man.

i have been able to recover my old source code without having to give it to someone.. like proph wanted me to just hand over my compiled script to him.... because i can TRUST him not to steal my source (riiiight...).. but he cant TRUST me to use the program appropriately?

besides all that, dont mean to bump an old thread. but this is a good day.

also guys.. i have a foolproof solution for keeping your source secure...

dont distribute your executables! make programs for your own use on your own compter.

if you are going to let others use them...... why not consider opensource? its not like you are seriously selling your program for $$$ are you??

Edited by t0ddie

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Link to post
Share on other sites

I was trying to compile my script with different packer but I can clearly see that packer compile only autoit-compiled-code but not the autoit-script. Therefore extracting code from compiled autoit script is like take candy from a baby. However some guy who made FindDC.exe they some how modified compiler i think. I wish I would able to protect my file like they did so hacked exe2au3 will not work on it..

You can try hack FindDC If you can hack it I will be upset :) but if you can't then may be there is a way to better protect autoit scripts :D

I hope we can make a solution to protect autoit scripts better :">

I think older Aut2Exe was better so that stupid hacked exe2aut doesn't work on it B) gotta find old versions of aut2exe :o I hope no brainless kids will steal my work :graduated:

finddc.zip

Edited by firefly
Link to post
Share on other sites

k, you never said "no" once. let alone "for the third time".

ignoring was unneccissary. you never replied... and i sent a SECOND pm days later... after posting in the forums first... oh no! how annoying that must have been for you!

i just wanted to say no need to be a jerk. if you didnt want to give the file.. then fine. nice public ridicule you gave me there.

i am grateful to the autoit user that just pmed me with the program. thanks man.

i have been able to recover my old source code without having to give it to someone.. like proph wanted me to just hand over my compiled script to him.... because i can TRUST him not to steal my source (riiiight...).. but he cant TRUST me to use the program appropriately?

besides all that, dont mean to bump an old thread. but this is a good day.

also guys.. i have a foolproof solution for keeping your source secure...

dont distribute your executables! make programs for your own use on your own compter.

if you are going to let others use them...... why not consider opensource? its not like you are seriously selling your program for $$$ are you??

Should I post the 2nd and third PMs you sent me ... which had my replys in them?
Link to post
Share on other sites

What I did..

I found au3 script to make fake UDF.exe

I was happy that I could change compiler but after test got upset..

1) Use aut2exe with fake udf.exe

2) It will make test1.exe 255kb or something like that

3) You compile with any type of compiler

4) Aut2Exe Modify test1.exe so it's become like 150kb It's actually bind your script into file.

so there no protection what so ever... B) I don't wanna protect file that was made in step 2 I wanna protect the script...

so I try compile 2 different scripts one is real one and one is just pop-up window

in both cases when i get step 2 it create identical file (you can compare it with winhex editor)

I did even play around and swap files.

Compile fake code test1.exe (grab exe b4 step 3)

Compile freal code test2.exe (grab exe b4 step 3)

delete file test1.exe and rename file test2.exe to test1.exe

decompile and see my fake code...

PS I am very tired from doing those tests so may be i am wrong some one just confirm it for me if i am right or wrong

Link to post
Share on other sites

Cmon guys, this is not Kindergarten! Let it go....

BTW, what about the 2 options compiler, you know... where you can select no decompilation and the file is compiled differently, not just with a 255 letter password?

Felix N.

I only posted in the thread because I kept getting PMed over and over with people asking for this file.

But to ask your question...

It will bypass a non-decompilable protected script as well.

Link to post
Share on other sites
  • 3 weeks later...

What really aint good is that without a password you can decompile the script.

I am not aggainst decompile possibility I would never use it but thats besides it.

Make the decompile function so it only works with the right password.

If someone doesn't use a password it should also work

If someone unchecks the decompile option it should not work.

If that finaly is working like the above 3 rules then:

If you loose your source code you can decompile with you password,

If you lost the password too bad no whining.

I have never lost my source codes I did loose my exe files a few times.

That is because I take care of my source code as it was myself I never kill myself I never destroy my source.

Any good scripter would not destroy their source.

Any compilable script language NEVER autodeletes the source after compiling.

So if you lost it its your fault.

In short my point:

Decompiling only possible if it is checked when it was compiled

Decompiling only with password wich was used at compilation

Decompiling should also work if password not typed

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...