Sign in to follow this  
Followers 0
seandisanti

Would you use it?

Would you use it?   33 members have voted

  1. 1. If a code obfuscator that made your source frighteningly unreadable before compiling became available would you use it? Meaning that you still have a good copy of your source that is plain to read, but if anyone decompiles your script, they see a crazy amount of code instead of your source.

    • YES! Is it in scripts and scraps yet?
      21
    • No, i'd rather keep whining that the developers need to secure my code for me.
      8
    • Obfu-what?
      4

Please sign in or register to vote in this poll.

55 posts in this topic

Personally i would, for anything that i write intending to be publicly distributed, because even though i know first hand how easy it is to make someone else's programming do your bidding if you know what you're doing, it's always fun to make the f#$@'s work for it.


1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites



It really depends. I didnt vote as your poll was biased :P. I may or may not use it. The thing is you can always protect yourself by having a peciluar and particular coding style.

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites

It really depends. I didnt vote as your poll was biased :P. I may or may not use it. The thing is you can always protect yourself by having a peciluar and particular coding style.

JS

Yes, i'm sorry, i really didn't mean to slant it as much as i did. The thing is, there's a really awesome script in the works that i've seen the output on, and i just want to show the author that i wouldn't be the only one that could appreciate a tool like that.

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

I could see potential for it's use, in a "that would be cool" way.

But I believe that the bulk of what AutoIt is used for has no need for this feature, so it would be a waste of developer time. Also "a crazy amount of code instead of your source" smells of over-bloated-ness and smaller is usually better.


[u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote]

Share this post


Link to post
Share on other sites

I could see potential for it's use, in a "that would be cool" way.

But I believe that the bulk of what AutoIt is used for has no need for this feature, so it would be a waste of developer time. Also "a crazy amount of code instead of your source" smells of over-bloated-ness and smaller is usually better.

true, i would only use it myself when there is code i really wanted to try to protect as well as i could, but with the amount of posts there were at one time about people using a modified exe2aut to view source on any compiled script without a password, i thought this would be a pretty well received option for the ones that were complaining about the security of their code. It's pretty great too, i was expecting to be able to look at the convoluted source and be able to make out what it was doing, but i saw the result of a 10-15 line code, and could make NO sense out of it. The author really outdid himself, and i think people who make programs for distribution will be really greatful for it if the script is released.

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

Well, there is this thing called the a3x file format, where passing that and AutoIt3.exe should be a bit more secure.

Actually, with the newest beta versions, you can

FileInstall('securecode.a3x', @TempDir & '\securecode.a3x')
RunWait(@AutoItExe & ' /AutoIt3ExecuteScript ' & @TempDir & '\securecode.a3x', '', @SW_HIDE)
FileDelete(@TempDir & '\securecode.a3x')

which will protect the code from being seen by a hex editor and what not...

P.S. Can you modify the question so it doesn't break the forum layout?

Thanks :P

Edited by MSLx Fanboy

Writing AutoIt scripts since
_DateAdd("d", -2, _NowCalcDate())

Share this post


Link to post
Share on other sites

Well, there is this thing called the a3x file format, where passing that and AutoIt3.exe should be a bit more secure.

Actually, with the newest beta versions, you can

FileInstall('securecode.a3x', @TempDir & '\securecode.a3x')
RunWait(@AutoItExe & ' /AutoIt3ExecuteScript ' & @TempDir & '\securecode.a3x', '', @SW_HIDE)
FileDelete(@TempDir & '\securecode.a3x')

which will protect the code from being seen by a hex editor and what not...

P.S. Can you modify the question so it doesn't break the forum layout?

Thanks :P

If it's possible to modify the poll after it's started, i don't know how, sorry. Despite the number of posts i've made, i'm not a big forum person really, i just like to help people, this is only like the 10th topic i've ever started on any forum, and the first poll.

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

No clue actually. Been so long since I have messed with a poll. I doubt it as that would erase the votes.

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites

i wanted to make my own code obfuscator but i never got around to it

i would love a copy if someone already made one.

would there be a method to UN-obfuscate? if so then anyone could get the source just like with the hacked version of exe2aut

anything can be cracked regardless.. its just a matter of time.

either way.. yeah i vote for it. author of this script should release it


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

i wanted to make my own code obfuscator but i never got around to it

i would love a copy if someone already made one.

would there be a method to UN-obfuscate? if so then anyone could get the source just like with the hacked version of exe2aut

anything can be cracked regardless.. its just a matter of time.

either way.. yeah i vote for it. author of this script should release it

i honestly don't know if there is an UNDO or whatever, but i've already suggested that there shouldn't be, and he's smart enough to know that would defeat the purpose.

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

I've voted No since speed, size and efficiency are currently more important to me than the fear of someone seeing my original source.

Share this post


Link to post
Share on other sites

I've voted No since speed, size and efficiency are currently more important to me than the fear of someone seeing my original source.

if the speed of execution was not too severely compromised, would the hit to size and efficiency be acceptable, assuming this was a program you intended to distribute, and possibly charge for?

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

I suppose it would depend on how far AutoIt code can indeed be obfuscated. It's obviously possible to remove all comments, trim whitespace and rename all variables but you can't rename built-in function names (other than writing custom-named wrapper UDFs). Code may still be quite understandable -- it's hard to know without seeing any before/after output.

At the end of the day, if someone has access to any form of source (even obfuscate source) then they will eventually work it out. If I'm charging for a compiled copy, I probably won't receive another cent after this point.

If I have code that I really don't want to be viewed then I will do whatever it takes to ensure that the source cannot be stripped from the binary, even if that may mean writing it in a language that tokenises or truly compiles.

I know that this post isn't particularly constructive and I do apologise.

Share this post


Link to post
Share on other sites

I suppose it would depend on how far AutoIt code can indeed be obfuscated. It's obviously possible to remove all comments, trim whitespace and rename all variables but you can't rename built-in function names (other than writing custom-named wrapper UDFs). Code may still be quite understandable -- it's hard to know without seeing any before/after output.

At the end of the day, if someone has access to any form of source (even obfuscate source) then they will eventually work it out. If I'm charging for a compiled copy, I probably won't receive another cent after this point.

If I have code that I really don't want to be viewed then I will do whatever it takes to ensure that the source cannot be stripped from the binary, even if that may mean writing it in a language that tokenises or truly compiles.

I know that this post isn't particularly constructive and I do apologise.

no, it is a good post, because it adds credibility to my suggestion to the author that he post before/after that he showed me. and he really did an awesome job, i think you'll be pleasantly surprised, i know i was.


1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

Yea right now I have been offering free utilities, but in the future I see that AutoIt can certainly make some good programs for small to mid-sized businesses.

I am actually fixing to be creating something to help me with my job working with the US Government. I may or may not want the code out or they may or may not. I know I could re-write it in C/C++, but it would take longer as I am not very good with C++ yet. I am just a novice. I can make windows and such, but I cant make very interactive programs yet. I am learning the syntax and OOP.

I think the obfuscation is a good idea, and for someone that doesnt want their source getting out is another step they can take.

What I would be interested in knowing is if the .aux encryption is strong enough and if eventually you can compile a .aux to add extra encryption to your script.

Just some thoughts,

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites

#16 ·  Posted (edited)

i think you'll be pleasantly surprised, i know i was.

does that mean its going to be released?

and lxp

what do you mean by a language that tokenises or truly compiles? a mainstream language? like c++ or vb or what...

cant EVERYTHING be decompiled no matter what?

Edited by t0ddie

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

does that mean its going to be released?

and lxp

what do you mean by a language that tokenises or truly compiles? a mainstream language? like c++ or vb or what...

cant EVERYTHING be decompiled no matter what?

most higher lvl languages don't have a way to decompile to plain source, but there are real time debuggers, hex editors, and reversing tools that work on windows programs regardless of what they were written in. any program can be made to act in a way that it wasn't meant to if the right individual is inclined to mess with it.


1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

most higher lvl languages don't have a way to decompile to plain source, but there are real time debuggers, hex editors, and reversing tools that work on windows programs regardless of what they were written in. any program can be made to act in a way that it wasn't meant to if the right individual is inclined to mess with it.

Comes back to all the scenarios I have always stated. Locks on your doors arent to keep the bad guys out, but keep honest people honest. If it can be done it can be undone. Just keep that in mind. So everyone coming up with excuses of oh this wont work because of blah. Well in time nothing will work so just be positive and see if it can help your project or not. If it cant leave it alone.

Its just getting old all the negative remarks. IMHO. LxP just so you know I am not referring to you in anyway. Just the forum as a whole at times can be negative. Though I have to admit I dont mind sometimes as it is needed.

::end rant::

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites

no, it is a good post, because it adds credibility to my suggestion to the author that he post before/after that he showed me. and he really did an awesome job, i think you'll be pleasantly surprised, i know i was.

Can you post an example of his obscated code? A before and after sort of thing?

My UDFs: ExitCodes

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0