Jump to content
Sign in to follow this  
seandisanti

Would you use it?

Would you use it?  

33 members have voted

  1. 1. If a code obfuscator that made your source frighteningly unreadable before compiling became available would you use it? Meaning that you still have a good copy of your source that is plain to read, but if anyone decompiles your script, they see a crazy amount of code instead of your source.

    • YES! Is it in scripts and scraps yet?
      21
    • No, i'd rather keep whining that the developers need to secure my code for me.
      8
    • Obfu-what?
      4


Recommended Posts

seandisanti

Personally i would, for anything that i write intending to be publicly distributed, because even though i know first hand how easy it is to make someone else's programming do your bidding if you know what you're doing, it's always fun to make the f#$@'s work for it.

Share this post


Link to post
Share on other sites
JSThePatriot

It really depends. I didnt vote as your poll was biased :P. I may or may not use it. The thing is you can always protect yourself by having a peciluar and particular coding style.

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites
seandisanti

It really depends. I didnt vote as your poll was biased :P. I may or may not use it. The thing is you can always protect yourself by having a peciluar and particular coding style.

JS

Yes, i'm sorry, i really didn't mean to slant it as much as i did. The thing is, there's a really awesome script in the works that i've seen the output on, and i just want to show the author that i wouldn't be the only one that could appreciate a tool like that.

Share this post


Link to post
Share on other sites
SpookMeister

I could see potential for it's use, in a "that would be cool" way.

But I believe that the bulk of what AutoIt is used for has no need for this feature, so it would be a waste of developer time. Also "a crazy amount of code instead of your source" smells of over-bloated-ness and smaller is usually better.


[u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote]

Share this post


Link to post
Share on other sites
seandisanti

I could see potential for it's use, in a "that would be cool" way.

But I believe that the bulk of what AutoIt is used for has no need for this feature, so it would be a waste of developer time. Also "a crazy amount of code instead of your source" smells of over-bloated-ness and smaller is usually better.

true, i would only use it myself when there is code i really wanted to try to protect as well as i could, but with the amount of posts there were at one time about people using a modified exe2aut to view source on any compiled script without a password, i thought this would be a pretty well received option for the ones that were complaining about the security of their code. It's pretty great too, i was expecting to be able to look at the convoluted source and be able to make out what it was doing, but i saw the result of a 10-15 line code, and could make NO sense out of it. The author really outdid himself, and i think people who make programs for distribution will be really greatful for it if the script is released.

Share this post


Link to post
Share on other sites
MSLx Fanboy

Well, there is this thing called the a3x file format, where passing that and AutoIt3.exe should be a bit more secure.

Actually, with the newest beta versions, you can

FileInstall('securecode.a3x', @TempDir & '\securecode.a3x')
RunWait(@AutoItExe & ' /AutoIt3ExecuteScript ' & @TempDir & '\securecode.a3x', '', @SW_HIDE)
FileDelete(@TempDir & '\securecode.a3x')

which will protect the code from being seen by a hex editor and what not...

P.S. Can you modify the question so it doesn't break the forum layout?

Thanks :P

Edited by MSLx Fanboy

Writing AutoIt scripts since
_DateAdd("d", -2, _NowCalcDate())

Share this post


Link to post
Share on other sites
seandisanti

Well, there is this thing called the a3x file format, where passing that and AutoIt3.exe should be a bit more secure.

Actually, with the newest beta versions, you can

FileInstall('securecode.a3x', @TempDir & '\securecode.a3x')
RunWait(@AutoItExe & ' /AutoIt3ExecuteScript ' & @TempDir & '\securecode.a3x', '', @SW_HIDE)
FileDelete(@TempDir & '\securecode.a3x')

which will protect the code from being seen by a hex editor and what not...

P.S. Can you modify the question so it doesn't break the forum layout?

Thanks :P

If it's possible to modify the poll after it's started, i don't know how, sorry. Despite the number of posts i've made, i'm not a big forum person really, i just like to help people, this is only like the 10th topic i've ever started on any forum, and the first poll.

Share this post


Link to post
Share on other sites
JSThePatriot

No clue actually. Been so long since I have messed with a poll. I doubt it as that would erase the votes.

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites
t0ddie

i wanted to make my own code obfuscator but i never got around to it

i would love a copy if someone already made one.

would there be a method to UN-obfuscate? if so then anyone could get the source just like with the hacked version of exe2aut

anything can be cracked regardless.. its just a matter of time.

either way.. yeah i vote for it. author of this script should release it


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites
seandisanti

i wanted to make my own code obfuscator but i never got around to it

i would love a copy if someone already made one.

would there be a method to UN-obfuscate? if so then anyone could get the source just like with the hacked version of exe2aut

anything can be cracked regardless.. its just a matter of time.

either way.. yeah i vote for it. author of this script should release it

i honestly don't know if there is an UNDO or whatever, but i've already suggested that there shouldn't be, and he's smart enough to know that would defeat the purpose.

Share this post


Link to post
Share on other sites
LxP

I've voted No since speed, size and efficiency are currently more important to me than the fear of someone seeing my original source.

Share this post


Link to post
Share on other sites
seandisanti

I've voted No since speed, size and efficiency are currently more important to me than the fear of someone seeing my original source.

if the speed of execution was not too severely compromised, would the hit to size and efficiency be acceptable, assuming this was a program you intended to distribute, and possibly charge for?

Share this post


Link to post
Share on other sites
LxP

I suppose it would depend on how far AutoIt code can indeed be obfuscated. It's obviously possible to remove all comments, trim whitespace and rename all variables but you can't rename built-in function names (other than writing custom-named wrapper UDFs). Code may still be quite understandable -- it's hard to know without seeing any before/after output.

At the end of the day, if someone has access to any form of source (even obfuscate source) then they will eventually work it out. If I'm charging for a compiled copy, I probably won't receive another cent after this point.

If I have code that I really don't want to be viewed then I will do whatever it takes to ensure that the source cannot be stripped from the binary, even if that may mean writing it in a language that tokenises or truly compiles.

I know that this post isn't particularly constructive and I do apologise.

Share this post


Link to post
Share on other sites
seandisanti

I suppose it would depend on how far AutoIt code can indeed be obfuscated. It's obviously possible to remove all comments, trim whitespace and rename all variables but you can't rename built-in function names (other than writing custom-named wrapper UDFs). Code may still be quite understandable -- it's hard to know without seeing any before/after output.

At the end of the day, if someone has access to any form of source (even obfuscate source) then they will eventually work it out. If I'm charging for a compiled copy, I probably won't receive another cent after this point.

If I have code that I really don't want to be viewed then I will do whatever it takes to ensure that the source cannot be stripped from the binary, even if that may mean writing it in a language that tokenises or truly compiles.

I know that this post isn't particularly constructive and I do apologise.

no, it is a good post, because it adds credibility to my suggestion to the author that he post before/after that he showed me. and he really did an awesome job, i think you'll be pleasantly surprised, i know i was.

Share this post


Link to post
Share on other sites
JSThePatriot

Yea right now I have been offering free utilities, but in the future I see that AutoIt can certainly make some good programs for small to mid-sized businesses.

I am actually fixing to be creating something to help me with my job working with the US Government. I may or may not want the code out or they may or may not. I know I could re-write it in C/C++, but it would take longer as I am not very good with C++ yet. I am just a novice. I can make windows and such, but I cant make very interactive programs yet. I am learning the syntax and OOP.

I think the obfuscation is a good idea, and for someone that doesnt want their source getting out is another step they can take.

What I would be interested in knowing is if the .aux encryption is strong enough and if eventually you can compile a .aux to add extra encryption to your script.

Just some thoughts,

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites
t0ddie

i think you'll be pleasantly surprised, i know i was.

does that mean its going to be released?

and lxp

what do you mean by a language that tokenises or truly compiles? a mainstream language? like c++ or vb or what...

cant EVERYTHING be decompiled no matter what?

Edited by t0ddie

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites
seandisanti

does that mean its going to be released?

and lxp

what do you mean by a language that tokenises or truly compiles? a mainstream language? like c++ or vb or what...

cant EVERYTHING be decompiled no matter what?

most higher lvl languages don't have a way to decompile to plain source, but there are real time debuggers, hex editors, and reversing tools that work on windows programs regardless of what they were written in. any program can be made to act in a way that it wasn't meant to if the right individual is inclined to mess with it.

Share this post


Link to post
Share on other sites
JSThePatriot

most higher lvl languages don't have a way to decompile to plain source, but there are real time debuggers, hex editors, and reversing tools that work on windows programs regardless of what they were written in. any program can be made to act in a way that it wasn't meant to if the right individual is inclined to mess with it.

Comes back to all the scenarios I have always stated. Locks on your doors arent to keep the bad guys out, but keep honest people honest. If it can be done it can be undone. Just keep that in mind. So everyone coming up with excuses of oh this wont work because of blah. Well in time nothing will work so just be positive and see if it can help your project or not. If it cant leave it alone.

Its just getting old all the negative remarks. IMHO. LxP just so you know I am not referring to you in anyway. Just the forum as a whole at times can be negative. Though I have to admit I dont mind sometimes as it is needed.

::end rant::

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites
Gigglestick

no, it is a good post, because it adds credibility to my suggestion to the author that he post before/after that he showed me. and he really did an awesome job, i think you'll be pleasantly surprised, i know i was.

Can you post an example of his obscated code? A before and after sort of thing?

My UDFs: ExitCodes

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.