Miliardsto

Secutity method - get code from server

6 posts in this topic

Hello. Im trying to make my scripts safe - unnable to decompile. I search for obfuscators and other security methods but the search has come to nothing.

Then one guy gave that idea below. If I rightly understood this idea lets we talk about example program with this secutiy method.

  • Program have two parts, first is only login gui and the second part is the main program
  • Second part (main program) is uploaded on ftp server lets say that on http://xxx/autoit/main_program.au3
  • So we have the first gui with login, we put correctly login and pass and this is the moment when code from http://xxx/autoit/main_program.au3 will be downloaded and executed
  • Finally main program will be appear

This is the similiar way like new games are protected by cracking.

I have few questions in this moment about this:

  • Is something like that even possible to do with the autoit?
  • First part of program (login gui) must have somewhere given that link to download the rest of code - http://xxx/autoit/main_program.au3 to make it execute. As we know this first part of program is easy able to hack and retrieve this web url http://xxx/autoit/main_program.au3 where located is main part of program. Is the way to encrypt or secure it? If only code will be stored in .php we know it cannot be previewed. So it could for example get code from .php file instead of .au3
  • I know that methods works in other languages (I dont know exactly how) thats becouse I only speculates, maybe something may looks different in these solution?
  • Other way would be compiling second part of code on web server (there are available web autoit servers) maybe this way is possible?

Tell me anything U know about this ideas and if its even possible to achieve.

Thanks for ur any response, advice or thoughts ^_^

 


 

Quote

You can also just use authentification.

  your examplecode:

Code:

Func __CalculateWorldFormula($bob)
	$a = DiscreteLogarithm(Mod($bob ^ 4, 3))
	return $a
EndFunc

becomes

Code:

$HardwareID = _getHWID()
Func __CalculateWorldFormula($bob)
	$sCode = __GetCodeFromServer($HardwareID, "Worldformula-line.au3")
	If @error > 0 And $sCode = "HWID not registered" Then
		MsgBox(16, "Nope", "You son of a nice Mother!" & @CRLF & "You are not allowed to use this!")
		Exit 1337
	EndIf
	$a = Execute($sCode)
	return $a
EndFunc

No If clauses that could be bypassed to grant access. So also no need to protect your code anymore.
If there is an error, the server just doesn't give you the code. And thus you can't find it out. The downsides are that you need to have an FTP-server that has to run 24/7 and you need to register every user that buys a license one by one. (Or you could also write a script for it)

100% safe (in case the attacker doesn't own a license (buying a license + getting your precious code + publishing it for free = no profit = still 100% safe))

 

Share this post


Link to post
Share on other sites

You cannot protect you autoit3 script from decompilation.

Really stop wasting your time.

Pick another language you feel is safer, or just get over the fact your super secret code can be seen.

Chances are, no-one cares about your code anyway.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

blablabla xd I heard this many times. I know there is no perfect method. Im sure something could be done for more safety.

For what reasons there is stripper in SciTe? I saw some obfuscators and packers but unfortunately they dont work in new ver of autoit.

Its evidence - something could be done for safety.

Im giving here wonderful idea and You ruin whole thing by typing automated learned rule

Share this post


Link to post
Share on other sites

its not that "there is no perfect method".  its that there is NO method.  You can create as many hops as you want, but you are spending a significant number of manhours on something that will be undone in minutes.  Like, not even double digit minutes. 

1 person likes this

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

This has been discussed ad nauseam, and the response is not going to change. Locking this thread before it descends into stupidity.

1 person likes this

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

8 hours ago, Miliardsto said:

blablabla xd I heard this many times. I know there is no perfect method. Im sure something could be done for more safety.

Im giving here wonderful idea and You ruin whole thing by typing automated learned rule

Thought I made it clear not too long ago to you that this was not going to be further discussed in these forums?  Guess I wasn't clear enough or is it you being unwilling to comply as I simply read an attitude I don't particularly like?

8 hours ago, Miliardsto said:

For what reasons there is stripper in SciTe? I saw some obfuscators and packers but unfortunately they dont work in new ver of autoit.

I  wrote the Obfuscator and stopped support as some saw that as challenge to de-complie & de-obfuscate that code again, but have a]always stated that obfuscation doesn't make the code safe but merely hard to read. The obfuscator was changed into the au3stripper as I felt the main purpose should be to strip the included script at compilation time back to the bare code needed, which generally saves  90% save for the sourcecode.

So although it is always good to have an idea and pursue your goals, but in this case this topic has been hashed out so many time and always end the same way, we simply stop the discussion right at the beginning. You may not like this, but this is what it is and not open for debate.

Jos

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Similar Content

    • Valnurat
      By Valnurat
      Hi.
      I'm trying to add an array to my gui listview, but it fails with
      "C:\Program Files (x86)\AutoIt3\Include\GuiListView.au3" (473) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.: DllStructSetData($tBuffer, "Text", $aItems[$iI][0]) DllStructSetData($tBuffer, "Text", ^ ERROR My code is:
      #cs ---------------------------------------------------------------------------- AutoIt Version: 3.3.14.2 Author: myName Script Function: Template AutoIt script. #ce ---------------------------------------------------------------------------- ; Script Start - Add your code below here #include <WindowsConstants.au3> #include <ComboConstants.au3> #include <GuiComboBox.au3> #include <GUIConstantsEx.au3> #include <GuiListView.au3> #include <MsgBoxConstants.au3> #Include <AD.au3> #include <Array.au3> Opt('MustDeclareVars', 1) Global $aResult[0][2] Local $aNames[4] = ["DKSO","DKKO","SELU","SEES"] Local Const $iWidth = 300, $iHeight = 250, $iW = 85, $iH = 25 Local $hGUI = GUICreate("Find Computer Owner", $iWidth, $iHeight) ; Create a combobox control. Local $idComboBox = GUICtrlCreateCombo("", 2, 2, 296, 20, BitOR($CBS_DROPDOWN, $CBS_AUTOHSCROLL, $WS_VSCROLL, $CBS_SORT)) ;$WS_VSCROLL Local $idMylist = GUICtrlCreateListView("", 2, 114, 296, 100) Local $idClos = GUICtrlCreateButton("Close", ($iWidth - $iW) / 2, ($iHeight - $iH) - 7 , $iW, $iH) _AD_Open() Local $sFill = "" For $i = 0 to UBound($aNames) -1 Local $aUserInfo = _AD_GetObjectsInOU("OU=Al,DC=ad,DC=al,DC=org","(&(objectCategory=Person)(objectclass=user)(sAMAccountName=" & $aNames[$i] & "*))","","distinguishedName,cn") if @error Then MsgBox(0,@error,@extended) Exit EndIf For $x = $aUserInfo[0][0] To 1 Step -1 If $aUserInfo[$x][0] = "" Or StringInStr($aUserInfo[$x][0], "Resources") > 0 Or StringInStr($aUserInfo[$x][0], "Leavers") > 0 Or StringInStr($aUserInfo[$x][0], "Administration") > 0 Then _ArrayDelete($aUserInfo, $x) EndIf Next _ArrayConcatenate($aResult, $aUserInfo, 1) Next for $i = 0 To UBound($aResult) -1 If $aResult[$i][0] <> "" Then $sFill &= $aResult[$i][1] & "|" EndIf Next _ArrayDisplay($aResult, 'AD ' & UBound($aResult)) $sFill = StringTrimRight($sFill, 1) _GUICtrlComboBox_BeginUpdate($idComboBox) GUICtrlSetData($idComboBox, $sFill, "") _GUICtrlComboBox_EndUpdate($idComboBox) GUISetState(@SW_SHOW, $hGUI) GUIRegisterMsg($WM_NOTIFY, "WM_NOTIFY") _GUICtrlListView_AddColumn($idMylist, "Computername", 296) Local $sComboRead = "" ; Loop until the user exits. While 1 Switch GUIGetMsg() Case $GUI_EVENT_CLOSE, $idClos ExitLoop Case $idComboBox $sComboRead = GUICtrlRead($idComboBox) Local $iIdx = _ArraySearch($aResult,$sComboRead,0,0,0,0,1,1) Local $aComputerOwner = _AD_GetObjectsInOU("OU=al,DC=AD,DC=AL,DC=ORG","(&(objectclass=computer)(managedby=" & $aResult[$iIdx][0] & "))",Default,"cn") _ArrayDelete($aComputerOwner,0) _ArrayDisplay($aComputerOwner) _GUICtrlListView_SetItemCount($idMylist,UBound($aComputerOwner)) If IsArray($aComputerOwner) Then MsgBox(0,"Test",$sComboRead) _GUICtrlListView_AddArray($idMylist, $aComputerOwner) ; <---- it fails Else GUICtrlSetData($idMylist, "No computer|") EndIf EndSwitch WEnd _AD_Close() ; Delete the previous GUI and all controls. GUIDelete($hGUI) Func WM_NOTIFY($hWnd, $iMsg, $wParam, $lParam) #forceref $hWnd, $iMsg, $wParam Local $hWndFrom, $iIDFrom, $iCode, $tNMHDR, $hWndListView, $tInfo ; Local $tBuffer $hWndListView = $idMylist If Not IsHWnd($idMylist) Then $hWndListView = GUICtrlGetHandle($idMylist) $tNMHDR = DllStructCreate($tagNMHDR, $lParam) $hWndFrom = HWnd(DllStructGetData($tNMHDR, "hWndFrom")) $iIDFrom = DllStructGetData($tNMHDR, "IDFrom") $iCode = DllStructGetData($tNMHDR, "Code") Switch $hWndFrom Case $hWndListView Switch $iCode Case $NM_DBLCLK ; Sent by a list-view control when the user double-clicks an item with the left mouse button $tInfo = DllStructCreate($tagNMITEMACTIVATE, $lParam) _DebugPrint("$NM_DBLCLK" & @CRLF & "--> hWndFrom:" & @TAB & $hWndFrom & @CRLF & _ "-->IDFrom:" & @TAB & $iIDFrom & @CRLF & _ "-->Code:" & @TAB & $iCode & @CRLF & _ "-->Index:" & @TAB & DllStructGetData($tInfo, "Index") & @CRLF & _ "-->SubItem:" & @TAB & DllStructGetData($tInfo, "SubItem") & @CRLF & _ "-->NewState:" & @TAB & DllStructGetData($tInfo, "NewState") & @CRLF & _ "-->OldState:" & @TAB & DllStructGetData($tInfo, "OldState") & @CRLF & _ "-->Changed:" & @TAB & DllStructGetData($tInfo, "Changed") & @CRLF & _ "-->ActionX:" & @TAB & DllStructGetData($tInfo, "ActionX") & @CRLF & _ "-->ActionY:" & @TAB & DllStructGetData($tInfo, "ActionY") & @CRLF & _ "-->lParam:" & @TAB & DllStructGetData($tInfo, "lParam") & @CRLF & _ "-->KeyFlags:" & @TAB & DllStructGetData($tInfo, "KeyFlags")) ; No return value EndSwitch EndSwitch Return $GUI_RUNDEFMSG EndFunc ;==>WM_NOTIFY Func _DebugPrint($s_Text, $sLine = @ScriptLineNumber) ConsoleWrite( _ "!===========================================================" & @CRLF & _ "+======================================================" & @CRLF & _ "-->Line(" & StringFormat("%04d", $sLine) & "):" & @TAB & $s_Text & @CRLF & _ "+======================================================" & @CRLF) EndFunc ;==>_DebugPrint Do I do it wrong?
       
      Thank you in advanced.
    • Overkill
      By Overkill
      Hi all,
      I am working on a GUI program to update Google's Dynamic DNS (API at https://support.google.com/domains/answer/6147083?authuser=1&hl=en if you scroll to bottom). I am not a programmer by any means - just a sysadmin who has picked up on some things along the way. I am sure that there's better ways to do a lot of things in this script; I'm just going with what I know.
      My challenge right now is that I'd like a better way to store the credentials both in memory as well as in system registry or INI file (not sure which way I want to go for local storage). How should I convert the passwords to a secure string in a manner that can't be easily reversed, yet is still accessible to the script? Is that even an option in AutoIt?
      Can anybody provide me with links to good reference posts, or coding suggestions for how best to achieve this in the script below? I am using the WinHTTP UDF (https://github.com/dragana-r/autoit-winhttp/releases) to make my API calls.
      #include<WinHTTP.au3> #include<GUIConstantsEx.au3> #include<EditConstants.au3> #include<iNet.au3> #include<Array.au3> DIM $aDomainList[1][4] $aDomainList[0][0] = 0 $gMainGUI = GUICreate("Overkill's Google DNS Updater",800,800) $gDomainLabel = GUICtrlCreateLabel("FQDN",21,8) $gDomainInput = GUICtrlCreateInput("",60,5,300) $gUserLabel = GUICtrlCreateLabel("Username",5,36) $gUserInput = GUICtrlCreateInput("",60,32,130,Default,BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD)) $gPasswordLabel = GUICtrlCreateLabel("Password",6,64) $gPassInput = GUICtrlCreateInput("",60,60,130,Default,BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD)) $gAddButton = GUICtrlCreateButton("ADD DOMAIN",200,31,160,52) $gCurrentIP = GUICtrlCreateLabel("Current IP: " & _CheckIP(),5,780) $gDomainList = GUICtrlCreateListView("Domain | Resolved IP | Update Status",5,120,600,600) GUISetState(@SW_SHOW,$gMainGUI) while 1 $m = GUIGetMsg() IF $M = $GUI_EVENT_CLOSE then Exit IF $M = $gAddButton Then $sAddDomain = GUICtrlRead($gDomainInput) $sAddUser = GUICtrlRead($gUserInput) $sAddPass = GUICtrlRead($gPassInput) $sResolveIP = _DNSCheck($sAddDomain) ;Google wants you to avoid sending updates when there are no changes If StringCompare($sResolveIP,_CheckIP()) = 0 Then $sStatus = "No change, not sending update" Else $sStatus = _DNSUpdate($sAddDomain,$sAddUser,$sAddPass) EndIf ;Check to make sure all fields are completed before continuing IF StringLen($sAddDomain) = 0 OR StringLen($sAddUser) = 0 OR StringLen($sAddPass) = 0 Then MsgBox(0,"","Please complete all fields") Else ; If the fields all have data, then continue ;Check to see if the entry exists in the array already $iSanity = _ArraySearch($aDomainList,$sAddDomain) IF $iSanity = 0 Then _ArrayAdd($aDomainList,$sAddDomain & "|" & $sAddUser & "|" & $sAddPass ) If @error = 0 Then $aDomainList[0][0] += 1 $aDomainList[$aDomainList[0][0]][3] = GUICtrlCreateListViewItem($sAddDomain & "|" & $sResolveIP & "|" & $sStatus,$gDomainList) Else MsgBox(0,"","Error adding input to list") EndIf Else ; If $iSanity <> 0 ; Update existing info in array and listviewitem $aDomainList[$iSanity][0] = $sAddDomain $aDomainList[$iSanity][1] = $sAddUser $aDomainList[$iSanity][2] = $sAddPass GUICtrlSetData($aDomainList[$iSanity][3],$sAddDomain & "|" & $sResolveIP & "|" & $sStatus) EndIf ; If $iSanity = 0 EndIf ; If StringLen... EndIf ; If $m = $gaddbutton WEnd ;---------------------------------------------------------------------------------------- Func _DNSCheck($sFQDN) $sJSON = _INetGetSource("https://dns.google.com/resolve?name=" & $sFQDN & "&cd=1") ConsoleWrite($sJSON & @CRLF) $sIPAddress = StringRegExpReplace($sJSON,'^.*data": "(.*?)".*?$',"\1") Return $sIPAddress EndFunc ;---------------------------------------------------------------------------------------- Func _DNSUpdate($sFQDN,$sUser,$sPass) Local $sGoogleAPIURI = "https://domains.google.com" Local $hOpen = _WinHttpOpen() Local $hConnect = _WinHttpConnect($hOpen, $sGoogleAPIURI) Local $sHeader = _ 'Authorization: Basic ' & _Base64Encode($sUser & ":" & $sPass) & @CRLF & _ 'Accept: */*' & @CRLF & _ 'User-Agent: AutoITScript/' & @AutoItVersion & @CRLF & _ 'Content-Type: application/x-www-form-urlencoded' Local $aHTTPResponse = _WinHttpSimpleSSLRequest($hConnect, "POST", "/nic/update", Default, "hostname=" & $sFQDN, $sHeader, True, Default, Default, Default, True) _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen) If IsArray($aHTTPResponse) Then $sHTTPResponse = "Header:" & @CRLF & $aHTTPResponse[0] & @CRLF & "Data:" & @CRLF & $aHTTPResponse[1] & @CRLF & @CRLF & @CRLF Return $aHTTPResponse[1] Else $sHTTPResponse = "NO REPLY" Return "No reply from " & $sGoogleAPIURI EndIf EndFunc ;---------------------------------------------------------------------------------------- Func _Base64Encode($sData) Local $oXml = ObjCreate("Msxml2.DOMDocument") If Not IsObj($oXml) Then SetError(1, 1, 0) EndIf Local $oElement = $oXml.createElement("b64") If Not IsObj($oElement) Then SetError(2, 2, 0) EndIf $oElement.dataType = "bin.base64" $oElement.nodeTypedValue = Binary($sData) Local $sReturn = $oElement.Text If StringLen($sReturn) = 0 Then SetError(3, 3, 0) EndIf Return $sReturn EndFunc ;---------------------------------------------------------------------------------------- Func _CheckIP() Return _INetGetSource("https://domains.google.com/checkip") EndFunc ;----------------------------------------------------------------------------------------  
    • Trisha
      By Trisha
      I tried (using AutoIt) to automate a scenario where i  have to open IE with specific URL on my extranet(Xen Desktop or Citrix ) ,from there i need to download  file and then through WinSCP; I  have to move that file to another location that can be access from my Local system using VMWare.
      I did as far as the above step. Now i want to navigate from my extranet to my local desktop system. But i am not able to move  from there.Mouse click is also not working.Please find the below screenshot highlighted in YELLOW.
       


    • bbk4163
      By bbk4163
      Hi, 
      I am getting "array variable has incorrect number of subscripts dimension range exceeded" error while executing exe. Not sure what is wrong here. 
      #include <MsgBoxConstants.au3> SelectWindowBasedOnTitle() Func SelectWindowBasedOnTitle()     $winList = WinList()     $wTitle = CheckWindows($winList)    IF $wTitle == "Choose File to Upload" Then             IE()    ElseIf $wTitle == "Open" Then             Chrome()    Else             FireFox()    EndIf EndFunc Func CheckWindows($aArray)     For $i = 1 To Ubound($aArray) - 1         If WinActive($aArray[$i][1]) Then $wTitle= $aArray[$i][0] ;MsgBox(0, "Window Check", $aArray[$i][0] & " is active.")     Next     Return $wTitle EndFunc Func Example()     $wText = WinGetText("[ACTIVE]") EndFunc Func IE()     ControlFocus("Choose File to Upload","","Edit1")     ControlSetText("Choose File to Upload","","Edit1",$CmdLine[1])     ControlClick("Choose File to Upload","","Button1") EndFunc Func Chrome()     ControlFocus("Open","","Edit1")     ControlSetText("Open","","Edit1",$CmdLine[1])     ControlClick("Open","","Button1") EndFunc Func FireFox()     ControlFocus("File Upload","","Edit1")     ControlSetText("File Upload","","Edit1",$CmdLine[1])     ControlClick("File Upload","","Button1") EndFunc  
    • TheWizEd
      By TheWizEd
      How do I work with 2D arrays.  I've tried this but get errors.
      Local $aTest[4][4] = [[1,2,3,4],[5,6,7,8],[9,10,11,12],[13,14,15,16]]
      ;$aTest[0][] = [10,11,12]  ; Error at []
      Local $sTest = ""
      For $i = 0 To UBound($aTest)-1
        Local $aExtract = _ArrayExtract($aTest,$i,$i)
        $sTest = $sTest & MyTest($aExtract)
      Next
      Func MyTest($aTemp)
        _ArrayDisplay($aTemp)
        ; Error at    v $aTemp
        Return String($aTemp[0]) & " - " & String($aTemp[1]) & " - " & String($aTemp[2]) & @CRLF
      EndFunc