giangnguyen Posted March 30, 2016 Share Posted March 30, 2016 So I am looking to make an anti-decompiling tool, and as a measure to secure it, I want it to use EOF data. My script for the builder is something like: $Stub = FileRead(@ScriptDir & "\base.exe") $crypted is simply the encrypted code $key is the encryption key FileWrite(FileSaveDialog("Where to save your protected file ?", @ScriptDir, "Exe(*.exe)"), $Stub & "R3V3Z3^3b3f3j3n3r3v3R3V3Z3^3b3f3j3n3r3v3aa" & $key & "R3V3Z3^3b3f3j3n3r3v3R3V3Z3^3b3f3j3n3r3v3aa" & $crypted & "R3V3Z3^3b3f3j3n3r3v3R3V3Z3^3b3f3j3n3r3v3aa") In the base.exe, it reads itself, and StringSplit is used to get the options. The protection uses AES encryption However, after creating the custom app, it shows This App Can't Run on your PC. Any ideas? Link to comment Share on other sites More sharing options...
RTFC Posted March 30, 2016 Share Posted March 30, 2016 Check out my CodeCrypter (link in signature). My Contributions and Wrappers Spoiler BitMaskSudokuSolver BuildPartitionTable CodeCrypter CodeScanner DigitalDisplay Eigen4AutoIt FAT Suite HighMem MetaCodeFileLibrary OSgrid Pool RdRand SecondDesktop SimulatedAnnealing Xbase I/O Link to comment Share on other sites More sharing options...
giangnguyen Posted March 30, 2016 Author Share Posted March 30, 2016 Codecrypter is for encrypting an AutoIt source, what I am looking for is to use AutoIt to encrypt any native windows app. If this does not work out I will just print the source out and compile. Link to comment Share on other sites More sharing options...
giangnguyen Posted March 31, 2016 Author Share Posted March 31, 2016 Still looking for some help with this. Link to comment Share on other sites More sharing options...
jchd Posted March 31, 2016 Share Posted March 31, 2016 That's whishful thinking. This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
giangnguyen Posted March 31, 2016 Author Share Posted March 31, 2016 3 hours ago, jchd said: That's whishful thinking. Currently I am using printing script out, but as I have seen other languages storing EOF data, I don't see why not. Link to comment Share on other sites More sharing options...
JohnOne Posted March 31, 2016 Share Posted March 31, 2016 8 minutes ago, giangnguyen said: Currently I am using printing script out, but as I have seen other languages storing EOF data, I don't see why not. Perhaps if you link to code you've seen that does this, you might get a bit of help implementing it in AutoIt. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
giangnguyen Posted March 31, 2016 Author Share Posted March 31, 2016 1 minute ago, JohnOne said: Perhaps if you link to code you've seen that does this, you might get a bit of help implementing it in AutoIt. I don't have those scripts, these techniques are taught by a friend of mine, and he works in C and C++. I guess I will add some codes in AutoIt and some more infos here: The base of the protected exe will use FileRead on itself, and store that into a variable that is called $raw. Base will StringSplit to seperate the base from the encrypted file and the encryption key. It will then proceed to decrypt the data and execute it. Link to comment Share on other sites More sharing options...
JohnOne Posted March 31, 2016 Share Posted March 31, 2016 Fair enough. I cannot remember the thread, but I'm fairly certain I've seen something regarding this issue here in the past. You should note though, before you spend time on this, that some decompilers do not need to rip your code directly from file, and instead rip it from memory when it is loaded, which has to occur at some point. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
AutoBert Posted March 31, 2016 Share Posted March 31, 2016 (edited) Protecting file(s) storing there own encryption key is unsafe and for 'Hello Word' apps a protection isn't needed. Edited March 31, 2016 by AutoBert Link to comment Share on other sites More sharing options...
giangnguyen Posted March 31, 2016 Author Share Posted March 31, 2016 3 hours ago, JohnOne said: Fair enough. I cannot remember the thread, but I'm fairly certain I've seen something regarding this issue here in the past. You should note though, before you spend time on this, that some decompilers do not need to rip your code directly from file, and instead rip it from memory when it is loaded, which has to occur at some point. Yeah, I know about that. However, you also need to protect the base, and this especially helps since for those decompilers you need to find certain bytes to see what language it was coded in first. 3 hours ago, AutoBert said: Protecting file(s) storing there own encryption key is unsafe and for 'Hello Word' apps a protection isn't needed. The encryption key is encrypted with a hard coded key that will change in every version. And this can be a solution for higher grade applications as well. Link to comment Share on other sites More sharing options...
Mobius Posted March 31, 2016 Share Posted March 31, 2016 (edited) @0p Methods such as the utilization of PE overlay data are pretty much dead, anti productivity (security) software has done its work there. With a bit of searching however you will find some examples that contain code that will help you understand how to parse the PE's section table information to calculate the correct offset in which the executable ends an overlay data begins. Edited March 31, 2016 by Mobius Link to comment Share on other sites More sharing options...
giangnguyen Posted March 31, 2016 Author Share Posted March 31, 2016 13 minutes ago, Mobius said: @0p Methods such as the utilization of PE overlay data are pretty much dead, anti productivity (security) software has done its work there. With a bit of searching however you will find some examples that contains code that will help you understand how to parse the PE's section table information to calculate the correct offset in which the executable ends an overlay data begins. Link me please, I am currently searching around but haven't found it yet. Link to comment Share on other sites More sharing options...
Mobius Posted March 31, 2016 Share Posted March 31, 2016 I think the depths of this thread contains most of what you need: Of course it doesn't contain exactly what you need, and with a bit of searching and reading you will likely find much better or closer examples. Link to comment Share on other sites More sharing options...
Danyfirex Posted March 31, 2016 Share Posted March 31, 2016 Hi. A better reference about PE. Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
Mobius Posted March 31, 2016 Share Posted March 31, 2016 7 minutes ago, Danyfirex said: Saludos Agreed, was kinda hoping the op would find this popular thread themselves if they actually were searching Pertin Link to comment Share on other sites More sharing options...
Mobius Posted March 31, 2016 Share Posted March 31, 2016 Another nice external reference https://www.strchr.com/creating_self-extracting_executables Link to comment Share on other sites More sharing options...
quimao Posted March 31, 2016 Share Posted March 31, 2016 let's try a packer tool. here example project :http://www.ntcore.com/files/inject2exe.htm Link to comment Share on other sites More sharing options...
giangnguyen Posted March 31, 2016 Author Share Posted March 31, 2016 19 minutes ago, Mobius said: Agreed, was kinda hoping the op would find this popular thread themselves if they actually were searching Pertin lol I was, but mostly about EOF data and how to add data without recompiling. I will look on it, but have to go to sleep now. Bye! Link to comment Share on other sites More sharing options...
jchd Posted March 31, 2016 Share Posted March 31, 2016 EOF data isn't reliable and mostly useless in practice. This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now