AliceDemetri Posted July 30, 2014 Share Posted July 30, 2014 I'm working on a script that requires two passwords. A system password, and a user password. The issue I'm having is preventing the user or a third party from viewing this password. I was trying to come up with ways of encrypting the password to store in a file, but what it to prevent somebody from decompiling my script and viewing the code to extract the password? I have used Obfuscator in the past, but my understanding is with enough knowledge somebody can reverse this. Does anybody have any other ideas on ways to hide my passwords? They will be generated on the users first run. I was trying to think of ways to use the hardware profile to decrypt, but again if they just decompile the script they could potentially bypass this. Link to comment Share on other sites More sharing options...
spudw2k Posted July 30, 2014 Share Posted July 30, 2014 You can use _Crypt functions to encrypt the passwords, but the usage of them is only as secure as the protection of the key used. Depending how you are generating the keys this may not provide much security. The best way to protect it would be to keep the key external from the script (and away from non-privs users) then have it input at runtime. Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
BrewManNH Posted July 30, 2014 Share Posted July 30, 2014 Don't store the actual password in the script, hash the text and store the hash value in the script. Then when the user inputs the password, you hash that and compare the hashes. If they match the password was correct, if not it wasn't. This isn't foolproof because hashes can be bypassed because of hash collisions (two different words or phrases that have the same hash results) but for something simple like an AutoIt script it's probably one of the better ways to do it. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
computergroove Posted July 30, 2014 Share Posted July 30, 2014 Perhaps autoit isnt a great solution for this. There are decompilers on the net that are free and easy to get for autoit scripts. I believe C# or VB.Net would prove to be a more difficult to decompile. Get Scite to add a popup when you use a 3rd party UDF -> http://www.autoitscript.com/autoit3/scite/docs/SciTE4AutoIt3/user-calltip-manager.html Link to comment Share on other sites More sharing options...
AliceDemetri Posted July 30, 2014 Author Share Posted July 30, 2014 thanks I will look into all these options and hopefully come back with some sample code. I was thinking I might have to work with another language but wasn't sure where too start with that. I have a little experience with C so I will probably go that route. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now