PELock

AutoIt string & files encryption

14 posts in this topic

Hi folks,

I've extended my service StringEncrypt to include code generation in AutoIt. With StringEncrypt you can encrypt strings / files and generate decryption code in AutoIt code.

https://www.stringencrypt.com/autoit-encryption/

Generated code is different each time since the encryption algorithm is polymorphic (random encryption commands are used each time). StringEncrypt can be used via Web, WebAPI (you can automate whole encryption process) and Windows client.

Sample decryption code:

; encrypted with https://www.stringencrypt.com (v1.0.0) [AutoIt]
#include <Array.au3>
 
; $Label = "Fast & easy AutoIt string and file encryption."
Global $Label[47] = [ 0xC254, 0xC273, 0xC261, 0xC260, 0xC212, 0xC236, 0xC202, 0xC24B, _
                      0xC253, 0xC281, 0xC277, 0xC20C, 0xC22B, 0xC277, 0xC27E, 0xC27D, _
                      0xC21B, 0xC280, 0xC22A, 0xC281, 0xC27E, 0xC25A, 0xC237, 0xC232, _
                      0xC255, 0xC21C, 0xC24F, 0xC22A, 0xC24E, 0xC214, 0xC248, 0xC247, _
                      0xC23E, 0xC237, 0x3E0A, 0xC233, 0xC234, 0xC251, 0xC27C, 0xC227, _
                      0xC282, 0xC280, 0xC247, 0xC27D, 0xC224, 0xC23E, 0x3D92 ];
 
For $SYdIB = 0 to 46
    $fWyHA = $Label[$SYdIB];
    $fWyHA += $SYdIB;
    $fWyHA = BitNOT($fWyHA);
    $fWyHA = BitXOR($fWyHA, $SYdIB);
    $fWyHA += $SYdIB;
    $fWyHA -= $SYdIB;
    $fWyHA = BitXOR($fWyHA, $SYdIB);
    $fWyHA = $fWyHA - 1;
    $fWyHA = BitXOR($fWyHA, $SYdIB);
    $fWyHA = $fWyHA + 1;
    $fWyHA += $SYdIB;
    $fWyHA = BitXOR($fWyHA, 0xC212);
    $fWyHA = BitNOT($fWyHA);
    $fWyHA += $SYdIB;
    $Label[$SYdIB] = ChrW(BitAND($fWyHA, 0xFFFF));
Next
 
$Label = _ArrayToString($Label, "")
 
ConsoleWrite($Label);

I have a favour to you, since this was my first time with AutoIt code generation, if you could spot any errors or / and can suggest any changes - feel free to tell me about it :)

https://www.stringencrypt.com/contact/

Here is a free activation code so you can use all of the features without any limitations

4259-B117-58DD-54D8

(if it expires, please PM me I will update it)

1 person likes this

Share this post


Link to post
Share on other sites



I think that is a fair first post, eventhough it is technically a link to paid software.  Can I see an encrypted string in use, such that if the autoit exe was decompiled, that string would still be encrypted AND that the map to unencryption not exist in plain text?  Or any other scenarios where this is more than a minor hurdle to overcome?


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I think that is a fair first post, eventhough it is technically a link to paid software.  Can I see an encrypted string in use, such that if the autoit exe was decompiled, that string would still be encrypted AND that the map to unencryption not exist in plain text?  Or any other scenarios where this is more than a minor hurdle to overcome?

I make so little money from it it's more like a passion to me :) but the price on the thing motivates me to constantly upgrade the service, pay for the servers etc., recently I've added support for Ruby and I already support most popular programming languages.

Yes, it stays encrypted even after decompilation.

<snip>

Edited by Melba23
Part of post removed

Share this post


Link to post
Share on other sites

Recently I've coded AutoIt deobfuscator and I really like its syntax and for 99% I will create code obfuscator for AutoIt. I already created obfuscator for assembler source code, you can check the screenshots at https://www.pelock.com/products/obfuscator/screenshots this also is a niche software made more from the love to the assembly and software protection technolgies than from the money making perspective ;)

Share this post


Link to post
Share on other sites

I've upgraded encryption module, added bit rotations to the available encryption commands set + a few optimizations to avoid scenarios like eg. two XOR operations are used one after another, the result looks like this now:

; encrypted with https://www.stringencrypt.com (v1.1.0) [AutoIt]
#include <Array.au3>
 
; $Label = "More complex encryption in AutoIt!"
Global $Label[35] = [ 0x6544, 0x3B54, 0x9F24, 0xA334, 0x677D, 0xFB94, 0xBD64, 0xFB74, _
                      0x1FC5, 0x29D5, 0x71A5, 0x2DB5, 0x57FE, 0xF015, 0x9FE5, 0x1FF6, _
                      0xDC45, 0xF055, 0x3426, 0x1E36, 0x9E86, 0x8496, 0xC866, 0x0E77, _
                      0xF6C6, 0x16D7, 0x849F, 0x5CB7, 0x2707, 0x7317, 0x86E7, 0x94F7, _
                      0xB147, 0x2150, 0xB3AA ];
 
For $sEaxA = 0 to 34
    $GhDLV = $Label[$sEaxA];
    $GhDLV = BitRotate($GhDLV, 5, "W");
    $GhDLV = BitNOT($GhDLV);
    $GhDLV -= 0x45C2;
    $GhDLV += $sEaxA;
    $GhDLV = BitRotate($GhDLV, 15, "W");
    $GhDLV = $GhDLV + 1;
    $GhDLV += $sEaxA;
    $GhDLV -= 0x2BD0;
    $GhDLV = BitRotate($GhDLV, -8, "W");
    $GhDLV = BitXOR($GhDLV, $sEaxA);
    $GhDLV = BitXOR($GhDLV, 0x3E32);
    $GhDLV -= 0x132B;
    $GhDLV = BitRotate($GhDLV, -14, "W");
    $GhDLV = BitXOR($GhDLV, 0xB790);
    $GhDLV = BitRotate($GhDLV, 9, "W");
    $GhDLV += $sEaxA;
    $Label[$sEaxA] = ChrW(BitAND($GhDLV, 0xFFFF));
Next
 
$Label = _ArrayToString($Label, "")
 
ConsoleWrite($Label);

I plan to add more encryption keys within the main encryption / decryption loop and an additional conditional encryption commands. If you have any ideas - please tell me about it :)

Share this post


Link to post
Share on other sites

Are the algorithms used documented somewhere?


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

Using random commands is just as likely to make an encryption weaker as it would make it stronger. That's my opinion. Randomness looks like something which, if identifiable, will leak some kind of information.

Share this post


Link to post
Share on other sites

Are the algorithms used documented somewhere?

Using random commands is just as likely to make an encryption weaker as it would make it stronger. That's my opinion. Randomness looks like something which, if identifiable, will leak some kind of information.

It's a polymorphic encryption. It means the algorithms are generated randomly each time. There is no official specification, but that's the point of the polymorphic encryption to generate unique code each time. It's not a block cipher or any AES, Blowfish, but that's the point of this service, to generate random encryption commands with random decryption code.

Imagine you have some important string in your software and it gets cracked or analyzed each time you release a new version of it. You cannot avoid to put it in the script. If you would use static algorithm, even with a different key, the attacker could code a generic decryption tool and extract the secret text with ease. On the other hand if you would integrate the encryption process using StringEncrypt's WebAPI it would be very hard to write a generic decryption tool.

Share this post


Link to post
Share on other sites

I'm generally suspicious of using random algorithms for encryption, however storing the password within the encryption is totally insecure. Perhaps the randomness solution may have some merit in this case. On the other hand, a random algorithm implies limited control over encryption strength. It would be interesting to see what jchd has to say. :)

Share this post


Link to post
Share on other sites

I'm generally suspicious of using random algorithms for encryption, however storing the password within the encryption is totally insecure. Perhaps the randomness solution may have some merit in this case. On the other hand, a random algorithm implies limited control over encryption strength. It would be interesting to see what jchd has to say. :)

Again - that's the whole point of polymorphic encryption. To generate random code. I'm using polymorphic encryption in my exe-protector PELock to protect the code against generic unpacking methods. It's not designed for strong encryption but for fast encryption to hide things from prying eyes. Sometimes you need to store some secret stuff or you don't want your competitors see it in the plain text, it could be anything, paths, passwords, URLs, file contents. Please don't confuse polymorphic encryption with classic, strong encryption algorithms.

Share this post


Link to post
Share on other sites

Whatever strength or weakness is actually built into the scheme used, it does little to stop kid-sister prying eyes: simple reverse-engineering techniques will reveal the secret in the AutoIt case as well as in many other programmatic contexts.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

PELock,

It has been brought my attention that you have posted the output of a decompiled script in post #3 above. I realise it was in direct response to a previous question and intend to take no further action that removing it, but do NOT do such a thing again as it is in direct contravention of the AutoIt EULA and also against the Forum rules.

M23

 


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

Whatever strength or weakness is actually built into the scheme used, it does little to stop kid-sister prying eyes: simple reverse-engineering techniques will reveal the secret in the AutoIt case as well as in many other programmatic contexts.

But you cannot use generic methods to decrypt it. You have to analyze it each time something is re-encrypted. You cannot use deobfuscator unless you spend a plenty of time on it, implementing decryption code handling.

PELock,

It has been brought my attention that you have posted the output of a decompiled script in post #3 above. I realise it was in direct response to a previous question and intend to take no further action that removing it, but do NOT do such a thing again as it is in direct contravention of the AutoIt EULA and also against the Forum rules.

M23

I didn't know it was such a big secret :) , sorry for that.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now