Would you use it?

[seandisanti]

Personally i would, for anything that i write intending to be publicly distributed, because even though i know first hand how easy it is to make someone else's programming do your bidding if you know what you're doing, it's always fun to make the f#$@'s work for it.

[JSThePatriot]

It really depends. I didnt vote as your poll was biased . I may or may not use it. The thing is you can always protect yourself by having a peciluar and particular coding style.

JS

[seandisanti]

It really depends. I didnt vote as your poll was biased . I may or may not use it. The thing is you can always protect yourself by having a peciluar and particular coding style.

JS

Yes, i'm sorry, i really didn't mean to slant it as much as i did. The thing is, there's a really awesome script in the works that i've seen the output on, and i just want to show the author that i wouldn't be the only one that could appreciate a tool like that.

[SpookMeister]

I could see potential for it's use, in a "that would be cool" way.

But I believe that the bulk of what AutoIt is used for has no need for this feature, so it would be a waste of developer time. Also "a crazy amount of code instead of your source" smells of over-bloated-ness and smaller is usually better.

[seandisanti]

I could see potential for it's use, in a "that would be cool" way.

But I believe that the bulk of what AutoIt is used for has no need for this feature, so it would be a waste of developer time. Also "a crazy amount of code instead of your source" smells of over-bloated-ness and smaller is usually better.

true, i would only use it myself when there is code i really wanted to try to protect as well as i could, but with the amount of posts there were at one time about people using a modified exe2aut to view source on any compiled script without a password, i thought this would be a pretty well received option for the ones that were complaining about the security of their code. It's pretty great too, i was expecting to be able to look at the convoluted source and be able to make out what it was doing, but i saw the result of a 10-15 line code, and could make NO sense out of it. The author really outdid himself, and i think people who make programs for distribution will be really greatful for it if the script is released.

[MSLx Fanboy]

Well, there is this thing called the a3x file format, where passing that and AutoIt3.exe should be a bit more secure.

Actually, with the newest beta versions, you can

FileInstall('securecode.a3x', @TempDir & '\securecode.a3x')
RunWait(@AutoItExe & ' /AutoIt3ExecuteScript ' & @TempDir & '\securecode.a3x', '', @SW_HIDE)
FileDelete(@TempDir & '\securecode.a3x')

which will protect the code from being seen by a hex editor and what not...

P.S. Can you modify the question so it doesn't break the forum layout?

Thanks

Edited December 14, 2005 by MSLx Fanboy

[seandisanti]

Well, there is this thing called the a3x file format, where passing that and AutoIt3.exe should be a bit more secure.

Actually, with the newest beta versions, you can

FileInstall('securecode.a3x', @TempDir & '\securecode.a3x')
RunWait(@AutoItExe & ' /AutoIt3ExecuteScript ' & @TempDir & '\securecode.a3x', '', @SW_HIDE)
FileDelete(@TempDir & '\securecode.a3x')

which will protect the code from being seen by a hex editor and what not...

P.S. Can you modify the question so it doesn't break the forum layout?

Thanks

If it's possible to modify the poll after it's started, i don't know how, sorry. Despite the number of posts i've made, i'm not a big forum person really, i just like to help people, this is only like the 10th topic i've ever started on any forum, and the first poll.

[JSThePatriot]

No clue actually. Been so long since I have messed with a poll. I doubt it as that would erase the votes.

JS

[t0ddie]

i wanted to make my own code obfuscator but i never got around to it

i would love a copy if someone already made one.

would there be a method to UN-obfuscate? if so then anyone could get the source just like with the hacked version of exe2aut

anything can be cracked regardless.. its just a matter of time.

either way.. yeah i vote for it. author of this script should release it

[seandisanti]

i wanted to make my own code obfuscator but i never got around to it

i would love a copy if someone already made one.

would there be a method to UN-obfuscate? if so then anyone could get the source just like with the hacked version of exe2aut

anything can be cracked regardless.. its just a matter of time.

either way.. yeah i vote for it. author of this script should release it

i honestly don't know if there is an UNDO or whatever, but i've already suggested that there shouldn't be, and he's smart enough to know that would defeat the purpose.

[LxP]

I've voted No since speed, size and efficiency are currently more important to me than the fear of someone seeing my original source.

[seandisanti]

I've voted No since speed, size and efficiency are currently more important to me than the fear of someone seeing my original source.

if the speed of execution was not too severely compromised, would the hit to size and efficiency be acceptable, assuming this was a program you intended to distribute, and possibly charge for?

[LxP]

I suppose it would depend on how far AutoIt code can indeed be obfuscated. It's obviously possible to remove all comments, trim whitespace and rename all variables but you can't rename built-in function names (other than writing custom-named wrapper UDFs). Code may still be quite understandable -- it's hard to know without seeing any before/after output.

At the end of the day, if someone has access to any form of source (even obfuscate source) then they will eventually work it out. If I'm charging for a compiled copy, I probably won't receive another cent after this point.

If I have code that I really don't want to be viewed then I will do whatever it takes to ensure that the source cannot be stripped from the binary, even if that may mean writing it in a language that tokenises or truly compiles.

I know that this post isn't particularly constructive and I do apologise.

[seandisanti]

I suppose it would depend on how far AutoIt code can indeed be obfuscated. It's obviously possible to remove all comments, trim whitespace and rename all variables but you can't rename built-in function names (other than writing custom-named wrapper UDFs). Code may still be quite understandable -- it's hard to know without seeing any before/after output.

At the end of the day, if someone has access to any form of source (even obfuscate source) then they will eventually work it out. If I'm charging for a compiled copy, I probably won't receive another cent after this point.

If I have code that I really don't want to be viewed then I will do whatever it takes to ensure that the source cannot be stripped from the binary, even if that may mean writing it in a language that tokenises or truly compiles.

I know that this post isn't particularly constructive and I do apologise.

no, it is a good post, because it adds credibility to my suggestion to the author that he post before/after that he showed me. and he really did an awesome job, i think you'll be pleasantly surprised, i know i was.

[JSThePatriot]

Yea right now I have been offering free utilities, but in the future I see that AutoIt can certainly make some good programs for small to mid-sized businesses.

I am actually fixing to be creating something to help me with my job working with the US Government. I may or may not want the code out or they may or may not. I know I could re-write it in C/C++, but it would take longer as I am not very good with C++ yet. I am just a novice. I can make windows and such, but I cant make very interactive programs yet. I am learning the syntax and OOP.

I think the obfuscation is a good idea, and for someone that doesnt want their source getting out is another step they can take.

What I would be interested in knowing is if the .aux encryption is strong enough and if eventually you can compile a .aux to add extra encryption to your script.

Just some thoughts,

JS

[t0ddie]

i think you'll be pleasantly surprised, i know i was.

does that mean its going to be released?

and lxp

what do you mean by a language that tokenises or truly compiles? a mainstream language? like c++ or vb or what...

cant EVERYTHING be decompiled no matter what?

Edited December 15, 2005 by t0ddie

[seandisanti]

does that mean its going to be released?

and lxp

what do you mean by a language that tokenises or truly compiles? a mainstream language? like c++ or vb or what...

cant EVERYTHING be decompiled no matter what?

most higher lvl languages don't have a way to decompile to plain source, but there are real time debuggers, hex editors, and reversing tools that work on windows programs regardless of what they were written in. any program can be made to act in a way that it wasn't meant to if the right individual is inclined to mess with it.

[JSThePatriot]

most higher lvl languages don't have a way to decompile to plain source, but there are real time debuggers, hex editors, and reversing tools that work on windows programs regardless of what they were written in. any program can be made to act in a way that it wasn't meant to if the right individual is inclined to mess with it.

Comes back to all the scenarios I have always stated. Locks on your doors arent to keep the bad guys out, but keep honest people honest. If it can be done it can be undone. Just keep that in mind. So everyone coming up with excuses of oh this wont work because of blah. Well in time nothing will work so just be positive and see if it can help your project or not. If it cant leave it alone.

Its just getting old all the negative remarks. IMHO. LxP just so you know I am not referring to you in anyway. Just the forum as a whole at times can be negative. Though I have to admit I dont mind sometimes as it is needed.

::end rant::

JS

[AgentSmith15]

I am looking forward to this release

[Gigglestick]

no, it is a good post, because it adds credibility to my suggestion to the author that he post before/after that he showed me. and he really did an awesome job, i think you'll be pleasantly surprised, i know i was.

Can you post an example of his obscated code? A before and after sort of thing?