Jump to content
AlecSadler

4D Holographic Encryption with DARTIS©

Recommended Posts

AlecSadler

Hello all, I would like to present my proof of concept work to the autoit forum and community. (I saw this as a concept in a few sci-fi shows and thought I would bring it into real life)

What is it?: DARTIS (Dimensions And Relative Time Information System)© is a 4 dimensional holographic encryption algorithm which uses the current timestamp(measured down to femto seconds) to encrypt data under several layers of calculations. One large keyfile is used and multiple keys are extracted from it, and overlaid on each other to create 1,000,000,000,000,000  unique keys per second. Special thanks to the creator of the matrix maths udf (if this is you please let me know and I will put your name here.) Also special thanks to trancexx for her LZNT compression code.

Please see the following link for the full set of functions and an example debugging application, which shows usage of all the functions.

https://pdglobal.net/?pid=SIM#SIM (DARTIS is packed with SIM)

 

DARTIS is an encryption scheme that extracts a timestamp from the current system time, then splits it up into an array of strings each 4 digits long.

Then those strings are plugged into the 16mb keyfile blueprint, where each 4 digit value represents a 2D array.

Then each 2D array is layered on top of the one that came before it, compressing the data underneath several layers of encryption.

It's 4D because the key is derived from the system time(so the same key will never be used twice)

And it's holographic because the data is buried underneath several layers of data.

The full 16mb keyfile blueprint is required to re-extract the data that has been injected into the holographic keyfile blueprint. (as the values all have to be the same AND be in the same order)

The only downside to this encryption scheme is that the only safe way to distribute keys is by snail mail or in person. (because if you transmit it via the internet, you're limiting the security of your keyfile blueprint to whatever lesser encryption algorithm you;re using to transmit the keyfile blueprint)

Hope I explained it in a way that's easy to understand! If you have any further questions about it feel free to ask! (and/or look around the DARTIS.au3 file to see how this is done, and run DEBUG.au3 to see under the hood)

 

Edited by AlecSadler

Share this post


Link to post
Share on other sites
iamtheky
Quote

Also special thanks to trancexx for his LZNT compression code.

"thanks, mind if i call you a dude?"   is what you just said to trance.  Its a ballsy line, lets see how it plays out.

Edited by iamtheky

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
AlecSadler
6 minutes ago, iamtheky said:

thanks, mind if i call you a dude?   is what you just said to trance.  Its a ballsy line, lets see how it plays out.

No problem dude! Also I was thanking trance for her algorithm which I used in my code! Thanks for the response.

Edited by AlecSadler

Share this post


Link to post
Share on other sites
iamtheky

double down on it :D  (hint: not everyone who scripts wears a penis)


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
AlecSadler

Oh I forgot trance wasnt a man. oh my, oops! Let me fix that.

  • Like 1

Share this post


Link to post
Share on other sites
argumentum

have you tried with $inputx = "Test String, Test String, Test String, Test String, Test String, Test String, Test String" ?
It just won't work.

1 hour ago, AlecSadler said:

a holographic encryption algorithm

what is that and what's the davantage ?

1 hour ago, AlecSadler said:

saw this as a concept in a few sci-fi shows

 What shows ?, I wanna watch them all. ^_^

Share this post


Link to post
Share on other sites
AlecSadler
22 minutes ago, argumentum said:

have you tried with $inputx = "Test String, Test String, Test String, Test String, Test String, Test String, Test String" ?
It just won't work.

what is that and what's the davantage ?

 What shows ?, I wanna watch them all. ^_^

Sorry about that! It appears there is currently a limit to how much data can be encrypted in one go, something to do with the properties of the math I am using. I will look into a way around it!

Holographic encryption buries the data under 6 layers of encryption, making it super secure!

Also the three shows that come to mind which have mentioned such a technology are "Continuum", "StarGate", and "Doctor Who".

  • Like 1

Share this post


Link to post
Share on other sites
AlecSadler
13 minutes ago, argumentum said:

I've watched'em all. :) 
Thanks 

Okay I got a quick and easy fix to the string length issue. In DARTIS.au3 change the _gravity function to this:

func _gravity($seed)
$array = StringSplit($seed, ";")
Dim $cluster[$array[0]][9]
for $i=0 to $array[0]-1
$temp = StringSplit($array[$i+1], "|")
    for $n=0 to $temp[0]-1
    $cluster[$i][$n] = $temp[$n+1]

    Next
Next

(I've also attached the fix to the main post)

Edited by AlecSadler
  • Like 1

Share this post


Link to post
Share on other sites
AlecSadler
On 8/28/2016 at 2:36 PM, argumentum said:

http://photonicssociety.org/newsletters/oct01/matoba.htm has a nice description. Is that it ?

Yes this is a fair description of holographic encryption, only DARTIS uses 4(dimensional) keys extracted from the current time-stamp(as opposed to one or two dimensions), which is why the output has 1,000,000,000,000,000 possible configurations per second. (also, obviously, this is a FULLY digital version of the same concept.[as opposed to optical])

Edited by AlecSadler

Share this post


Link to post
Share on other sites
argumentum

Does it have a practical use ?, I see the key is 3,977,174 bytes long and split into an array of 10,001 elements. Can I just pass the 6 keys I need from the  1,000,000,000,000,000 possible configurations or do I need the full 3,977,174 byte key ?.
I'd like to give practical use. Even if just once to pass a secret over the internet, say a user/password, then, I'd use some less bulky standard, but the initial handshake of hashes / passwords would be done with this.

Share this post


Link to post
Share on other sites
AlecSadler
3 minutes ago, argumentum said:

Does it have a practical use ?, I see the key is 3,977,174 bytes long and split into an array of 10,001 elements. Can I just pass the 6 keys I need from the  1,000,000,000,000,000 possible configurations or do I need the full 3,977,174 byte key ?.
I'd like to give practical use. Even if just once to pass a secret over the internet, say a user/password, then, I'd use some less bulky standard, but the initial handshake of hashes / passwords would be done with this.

The full 3,977,174 bit key is required because it's holographic, each "layer" is encrypted "through" the layer that comes before it. For this to work both sides would require the full exact matching key, without it, the data will just turn out be useless garbled text. I could see it being useful for transmitting data that needs extreme security, such as banking records, trade secrets, private chats, etc. (currently the key is symmetrical , meaning that the encryption is only as secure as the key, so it would be most secure the transfer they key via non-electronic methods) Once two people or two parties both posses the same full key, they can then communicate any data securely. 

  • Like 1

Share this post


Link to post
Share on other sites
iamtheky

Why not just take any 6 keys? How the key is derived matters far more than the bag of dicks I have to choose from.  A 6-dimensional......that encrypts stuff...Maybe @czardas would be nice enough to revisit his cube as it was pretty much that, and gd awesome at it.


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
AlecSadler
1 minute ago, iamtheky said:

Why not just take any 6 keys? How the key is derived matters far more than the bag of dicks I have to choose from.  A 6-dimensional......that encrypts stuff...Maybe @czardas would be nice enough to revisit his cube as it was pretty much that, and gd awesome at it.

The 6 keys are derived from the current system datetime, so the same combination of keys is never used twice. (because the date never repeats itself, doh!). This means that the 6 keys change, as I said,  1,000,000,000,000,000 times per second, that's what makes it so secure.

Share this post


Link to post
Share on other sites
jchd

How is that more secure than the OTP?

Anyway, the big, big, huge issue with this kind of schemes is the distribution of keys.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites
iamtheky

The key changing and being random (and being used in multiple) is what makes it secure. The frequency offers little benefit if I am typing in six unique keys everytime,  Doing something more doesnt mean i needed you to do it more.

 If the chameleon changes 12 colors before it changes to the one that matches the background, thats cool, but I only needed the last part. 

Edited by iamtheky

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
jchd
9 minutes ago, AlecSadler said:

The 6 keys are derived from the current system datetime, so the same combination of keys is never used twice. (because the date never repeats itself, doh!). This means that the 6 keys change, as I said,  1,000,000,000,000,000 times per second, that's what makes it so secure.

That isn't possible on commonly available hardware, e.g. your PC. The timestamp doesn't have fs precision so the number of key changes per second is magnitudes smaller. But that isn't important, unless a study shows that there are only a small number of ticks per second on a PC, which is the case. So decrypting a random plaintext would amount to try only a relatively small number of keys. OTPs don't have this flaw.

Edited by jchd
spelling!

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites
AlecSadler
10 minutes ago, jchd said:

That isn't possible on commonly available hardware, e.g. your PC. The timestamp doesn't have fs precision so the number of key changes per second is magnitudes smaller. But that isn't important, unless a study shows that there are only a small number of ticks per second on a PC, which is the case. So decrypting a random plaintext would amount to try only a relatively small number of keys. OTPs don't have this flaw.

Yes I am aware of the limitations for time calculation on pcs, please see my code to better understand what I mean! (this is very much like OTP, only it's always rotating forwards as opposed to only when in use) If I am misunderstanding what you say please correct me, but my code is as far as I see, able to poll that many possible outcomes for every second, not just a few. (because it uses a timer in combination with the system time)

 

Edit: I am aware that only a few keys may be polled from the selection of available keys every second, but the number of available keys to be polled is much larger, so trying to decrypt with only a few of those possible keys would lower your chances at decryption severely.

Edited by AlecSadler

Share this post


Link to post
Share on other sites
AlecSadler
26 minutes ago, iamtheky said:

The key changing and being random (and being used in multiple) is what makes it secure. The frequency offers little benefit if I am typing in six unique keys everytime,  Doing something more doesnt mean i needed you to do it more.

 If the chameleon changes 12 colors before it changes to the one that matches the background, thats cool, but I only needed the last part. 

It's not "random" it's "temporal", so as to make sure the same key is never derived twice. I don't mean that it changes randomly that many times, I mean it has that many possible outcomes to be factored for.

Edited by AlecSadler

Share this post


Link to post
Share on other sites
iamtheky
Quote

It's not "random" it's "temporal", so as to make sure the same key is never derived twice.

 

So in theory:  its the last hour before DST, i fire up your script.  2:59 i restart. bam its 2 a.m. the same day again, 'Groundhog Hour', do i get to run replay attacks for the next 59min?


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • careca
      By careca
      Let's say you have some files you dont want anyone to know what they are,
      and you dont want anyone to be able to open them, you could encrypt them,
      but if the files are big it'll take a long time to do the operations for you to be able to open those files.
      I made this to make this process faster, and still not easy for someone to open the files, or even know what type they are.
      What it does is change the filename to a random number with 8 digits and .inc extension.
      The original filename is encrypted in the file itself, with a PIN provided by the user up to 4 digits, this PIN is also a number that's going to be used to split the file and change it internally, so the end result is a file with a header that's got the original filename encrypted, and the rest of the file scrambled a bit.
      The way it works is simple, place the application in a folder where you want to hide the files, it will ask for a pin, after you press ok, the application asks :
      Encrypt or decrypt?
      If encrypt, the files will become the 8 digit .inc files.
      The originals will stay, the user can delete the originals or do whatever.
      Then to open the files back, same process, but this time choose decrypt, and a listview will show the random filenames and the corresponding decrypted/original filenames and extension, uppon double click they open with whatever application is the default for them. There's a search feature, and an "extract all" button, to get all files back to original/unencrypted versions.
      Feedback is wellcome.
    • Overkill
      By Overkill
      Hi all,
      I am working on a GUI program to update Google's Dynamic DNS (API at https://support.google.com/domains/answer/6147083?authuser=1&hl=en if you scroll to bottom). I am not a programmer by any means - just a sysadmin who has picked up on some things along the way. I am sure that there's better ways to do a lot of things in this script; I'm just going with what I know.
      My challenge right now is that I'd like a better way to store the credentials both in memory as well as in system registry or INI file (not sure which way I want to go for local storage). How should I convert the passwords to a secure string in a manner that can't be easily reversed, yet is still accessible to the script? Is that even an option in AutoIt?
      Can anybody provide me with links to good reference posts, or coding suggestions for how best to achieve this in the script below? I am using the WinHTTP UDF (https://github.com/dragana-r/autoit-winhttp/releases) to make my API calls.
      #include<WinHTTP.au3> #include<GUIConstantsEx.au3> #include<EditConstants.au3> #include<iNet.au3> #include<Array.au3> DIM $aDomainList[1][4] $aDomainList[0][0] = 0 $gMainGUI = GUICreate("Overkill's Google DNS Updater",800,800) $gDomainLabel = GUICtrlCreateLabel("FQDN",21,8) $gDomainInput = GUICtrlCreateInput("",60,5,300) $gUserLabel = GUICtrlCreateLabel("Username",5,36) $gUserInput = GUICtrlCreateInput("",60,32,130,Default,BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD)) $gPasswordLabel = GUICtrlCreateLabel("Password",6,64) $gPassInput = GUICtrlCreateInput("",60,60,130,Default,BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD)) $gAddButton = GUICtrlCreateButton("ADD DOMAIN",200,31,160,52) $gCurrentIP = GUICtrlCreateLabel("Current IP: " & _CheckIP(),5,780) $gDomainList = GUICtrlCreateListView("Domain | Resolved IP | Update Status",5,120,600,600) GUISetState(@SW_SHOW,$gMainGUI) while 1 $m = GUIGetMsg() IF $M = $GUI_EVENT_CLOSE then Exit IF $M = $gAddButton Then $sAddDomain = GUICtrlRead($gDomainInput) $sAddUser = GUICtrlRead($gUserInput) $sAddPass = GUICtrlRead($gPassInput) $sResolveIP = _DNSCheck($sAddDomain) ;Google wants you to avoid sending updates when there are no changes If StringCompare($sResolveIP,_CheckIP()) = 0 Then $sStatus = "No change, not sending update" Else $sStatus = _DNSUpdate($sAddDomain,$sAddUser,$sAddPass) EndIf ;Check to make sure all fields are completed before continuing IF StringLen($sAddDomain) = 0 OR StringLen($sAddUser) = 0 OR StringLen($sAddPass) = 0 Then MsgBox(0,"","Please complete all fields") Else ; If the fields all have data, then continue ;Check to see if the entry exists in the array already $iSanity = _ArraySearch($aDomainList,$sAddDomain) IF $iSanity = 0 Then _ArrayAdd($aDomainList,$sAddDomain & "|" & $sAddUser & "|" & $sAddPass ) If @error = 0 Then $aDomainList[0][0] += 1 $aDomainList[$aDomainList[0][0]][3] = GUICtrlCreateListViewItem($sAddDomain & "|" & $sResolveIP & "|" & $sStatus,$gDomainList) Else MsgBox(0,"","Error adding input to list") EndIf Else ; If $iSanity <> 0 ; Update existing info in array and listviewitem $aDomainList[$iSanity][0] = $sAddDomain $aDomainList[$iSanity][1] = $sAddUser $aDomainList[$iSanity][2] = $sAddPass GUICtrlSetData($aDomainList[$iSanity][3],$sAddDomain & "|" & $sResolveIP & "|" & $sStatus) EndIf ; If $iSanity = 0 EndIf ; If StringLen... EndIf ; If $m = $gaddbutton WEnd ;---------------------------------------------------------------------------------------- Func _DNSCheck($sFQDN) $sJSON = _INetGetSource("https://dns.google.com/resolve?name=" & $sFQDN & "&cd=1") ConsoleWrite($sJSON & @CRLF) $sIPAddress = StringRegExpReplace($sJSON,'^.*data": "(.*?)".*?$',"\1") Return $sIPAddress EndFunc ;---------------------------------------------------------------------------------------- Func _DNSUpdate($sFQDN,$sUser,$sPass) Local $sGoogleAPIURI = "https://domains.google.com" Local $hOpen = _WinHttpOpen() Local $hConnect = _WinHttpConnect($hOpen, $sGoogleAPIURI) Local $sHeader = _ 'Authorization: Basic ' & _Base64Encode($sUser & ":" & $sPass) & @CRLF & _ 'Accept: */*' & @CRLF & _ 'User-Agent: AutoITScript/' & @AutoItVersion & @CRLF & _ 'Content-Type: application/x-www-form-urlencoded' Local $aHTTPResponse = _WinHttpSimpleSSLRequest($hConnect, "POST", "/nic/update", Default, "hostname=" & $sFQDN, $sHeader, True, Default, Default, Default, True) _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen) If IsArray($aHTTPResponse) Then $sHTTPResponse = "Header:" & @CRLF & $aHTTPResponse[0] & @CRLF & "Data:" & @CRLF & $aHTTPResponse[1] & @CRLF & @CRLF & @CRLF Return $aHTTPResponse[1] Else $sHTTPResponse = "NO REPLY" Return "No reply from " & $sGoogleAPIURI EndIf EndFunc ;---------------------------------------------------------------------------------------- Func _Base64Encode($sData) Local $oXml = ObjCreate("Msxml2.DOMDocument") If Not IsObj($oXml) Then SetError(1, 1, 0) EndIf Local $oElement = $oXml.createElement("b64") If Not IsObj($oElement) Then SetError(2, 2, 0) EndIf $oElement.dataType = "bin.base64" $oElement.nodeTypedValue = Binary($sData) Local $sReturn = $oElement.Text If StringLen($sReturn) = 0 Then SetError(3, 3, 0) EndIf Return $sReturn EndFunc ;---------------------------------------------------------------------------------------- Func _CheckIP() Return _INetGetSource("https://domains.google.com/checkip") EndFunc ;----------------------------------------------------------------------------------------  
    • RTFC
      By RTFC
      CodeCrypter enables you to encrypt scripts without placing the key inside the script.
      This is because this key is extracted from the user environment at runtime by, for example:
      password user query any macro (e.g., @username) any AutoIt function call any UDF call some permanent environment variable on a specific machine (and not created by your script) a server response a device response anything else you can think of, as long as it's not stored in the script any combination of the above You need several scripts to get this to work, and they are scattered over several threads, so here's a single bundle that contains them all (including a patched version of Ward's AES.au3; with many thanks to Ward for allowing me to include this script here):
      Latest version: 2.3, (18 Jan 2018): CodeScannerCrypter.bundle.v2.3.7z
       
      Note: if you experience issues under Win8/8.1 (as some users have reported), please upgrade to Win10 (or use Win7) if you can; as far as I can tell, the scripts in the bundle all work under Win7 & Win10 (and XP). Moreover, I have no access to a Win8 box, so these issues will not be fixed, at least not by yours truly.
       
      How the bits and pieces fit together:
      CodeCrypter is a front-end for the MCF UDF library (you need version 1.3 or later). Its thread is here:
      '?do=embed' frameborder='0' data-embedContent>>
      The MCF package (also contained in the CodeScannerCrypter bundle) contains MCF.au3 (the library itself) plus a little include file called MCFinclude.au3. The latter you have to include in any script you wish to encrypt. Any code preceding it will not be encrypted, any code following it will be encrypted. You define the dynamic key inside MCFinclude.au3, in the UDF: _MCFCC_Init().
      From the same post you can download an MCF Tutorial which I heartily recommend, because encrypting a script requires a number of steps in the right order, namely:
      In MCFinclude.au3, define and/or choose your dynamic key(s) (skip this step = use default setting) include MCFinclude.au3 in your target script Run CodeScanner (version 2.3+) on your target script, with setting WriteMetaCode=True (see '?do=embed' frameborder='0' data-embedContent>>), then close CodeScanner. Start CodeCrypter press the Source button to load your target file enable Write MCF0 (tick the first option in Main Settings) Enable "Encrypt" (last option in the Main Settings) Go to the Tab Encrypt and set up the encryption the way you want (skip this = use default settings) Return to Main Tab and press "Run" if all goes well, a new script called MCF0test.au3 is created in the same directory as your target. It has no includes and no redundant parts. Please check that it works as normal. (see Remarks if not) It all sounds far more complicated than it is, really.
      Not convinced? Check out this updated and extended Q & A pdf (FAQ, also included in the bundle) to help you get started:
      CodeCrypterFAQ.pdf
       
      For additional explanations/examples in response to specific questions by forum members (how it works, what it can/cannot do), see elsewhere in this thread, notably:
      Simple analogy of how it works: post #53, second part General Explanation and HowTo: post #9, 51, 75, 185/187, 196, 207, 270, 280 (this gets a bit repetitive) BackTranslation: post #179 Obfuscation: post #36 (general), 49 (selective obfuscation) Specific features and fixes: post #3 (security), 84 (redefining the expected runtime response), 169 (Curl Enum fix), 185/187 (using license keys), 194 (replacing Ward's AES UDF with different encryption/decryption calls), 251 (AV detection issue), 262 (extract key contents to USB on different target machine prior to encryption) Limitations: post #26 (@error/@extended), 149 (FileInstall), 191 (AES.au3 on x64) Not recommended: post #46/249 (static encryption), 102 (programme logic error), 237 (parsing password via cmdline)  
      Technical notes:
      BackTranslation is a test to check that the MetaCode translation worked. Skip it at your peril. It also turns your multi-include composite script into a single portable file without redundant parts (you can opt to leave the redundant parts in, if you want).
      CodeCrypter can also obfuscate (vars and UDF names) and replace strings, variable names and UDF names with anything else you provide, for  example, for language translation). After CodeScanner separates your target's structure from its contents, CodeCrypter (actually MCF, under the hood) can change any part, and then generate a new script from whichever pieces you define. See the MCF Tutorial for more explanation and examples.
      Encryption currently relies on Ward excellent AES UDF, but you can replace this with any other algorithm you like; just edit MCFinclude.au3 UDF _MCFCC(), and MCF.au3 UDF _EncryptEntry(), see post #194 in this thread.
      AES.au3, by Ward is now also included in bundle (with thanks to Ward), see '?do=embed' frameborder='0' data-embedContent>>
      Going to lie down now...
      RT
      CodeCrypterFAQ.pdf
    • RTFC
      By RTFC
      MetaCode offers a way to:
      separate a script's structure from its content remove all redundant definitions (globals and UDFs) change any content (and some structure) combine (new) structure and (new) content into a new script The most useful applications implemented so far are:
      Fast language translation (not just text strings, also variable names and UDF names) Obfuscation (vars and/or UDFs) Script Encryption (conditionals, calls, and macros) Encryption is powerful because the key is not stored anywhere; you can define it to be a user password, macro, environment spec/variable, server response, something you define yourself, or a combination thereof; anything goes, as long as it's not a fixed string or fixed value. More info in the CodeCrypter thread: ?do=embed' frameborder='0' data-embedContent>'?do=embed' frameborder='0' data-embedContent>>
      ?do=embed' frameborder='0' data-embedContent>
      But MetaCode has more potential than that; it allows you to tinker with any type of content separately, then rebuild a new version. So for example, you can have a single script structure and numerous different language modules you just plug in to create a new version in a different language.
      A brief Tutorial is here:
      MetaCode Tutorial.pdf
      The MCF library itself can be found in the CodeScannerCrypter bundle:
      CodeScannerCrypter.bundle.v2.3.7z
       
       
      And a little example how to use it for translating your GUI into a different language:
       UI_Translator.7z (new version that should work with the new version of Google Translate, see post #13 below)
       
       
      MCF.au3 is just the library plus the MCFinclude.au3 file you need to include in any script you wish to encrypt.
      There is no GUI here. However, I did write a separate front-end for it called CodeCrypter, which you can find here:
      ?do=embed' frameborder='0' data-embedContent>'?do=embed' frameborder='0' data-embedContent>>
      ?do=embed' frameborder='0' data-embedContent>
      MCF uses output generated by my CodeScanner version 2.8+, which you can find here:
      '?do=embed' frameborder='0' data-embedContent>>
      CodeScanner also depends on MCF.au3 now, as it can now call a few of its functions.
      I should also mention Ward's excellent AES.au3 UDFs used for the encryption and decryption calls,  which is now included in the CodeScannerCrypter bundle (thanks to Ward for allowing to include it). You can find the original (unpatched) version here:
      '?do=embed' frameborder='0' data-embedContent>>
      Note: you can replace the encryption/decryption calls with whatever algorithm you like (hint: the native <Crypt.au3> library is too slow for most purposes, better stick to machine code routines)
      So just to be clear:
      CodeScanner (v2.8+) needs MCF (earlier versions won't work!) CodeCrypter needs MCF (plus anything that MCF needs) MCF itself needs MCFinclude (part of MCF zip) MCF also needs readCSdatadump (part of the CodeScanner package, you need the latest version packaged with CodeScanner v2.8; earlier versions won't work!) both MCF and MCFinclude currently rely on AES.au3 by Ward So you basically need to download the whole bundle for any of it to work.
       
      If you have any questions, please start by reading the MCF Tutorial and the CodeCrypter FAQ (you can download the latter separately from the CodeCrypter thread).
      Next, read the extensive Remarks sections in MCF.au3, MCFinclude.au3, and CodeCrypter.au3
      If still no joy, then please post. However, I'm not online that often, and logged in to the forum even less, so response may take a while).
      RT
    • francesco9696
      By francesco9696
      Hi I'm trying to replicate a php function that I need:
       
      function cripta($data){ return openssl_encrypt($data,'AES-128-CBC',base64_decode("dGVzdHBhc3N3b3JkLi4uLg=="),0,"0102030405060708"); } which is basically a base64encode of an aes encryption. I found some helpful UDF here which has both BASE64.au3 and AES.au3
      I tried to write the "cripta" function:
       
      #Include "AES.au3" #include "BASE64.au3" Global $mainKey = "dGVzdHBhc3N3b3JkLi4uLg==" Global $mainIV = "0102030405060708" _AES_Startup() ConsoleWrite(cripta("test") & @CRLF) Func cripta($Data) Global $mainKey, $mainIV $Key = _Base64Decode($mainKey) Return BinaryToString(_Base64Encode(_AesEncrypt($Key, $Data, $AES_CBC_MODE, $mainIV))) EndFunc But when I try to execute in php I get:
      echo cripta('test'); // OUTPUT: CB5j5NHA9vQibaGgmvnNTA== And when I try in execute in autoit:
      ConsoleWrite(cripta("test") & @CRLF) ;OUTPUT: MDEwMjAzMDQwNTA2MDcwOOSAx7xqqmIcIU5UI4ZDItw= Why are those so different? 
      Can someone please help me, thank you
       
×