Jump to content
Sign in to follow this  
Miliardsto

Secutity method - get code from server

Recommended Posts

Hello. Im trying to make my scripts safe - unnable to decompile. I search for obfuscators and other security methods but the search has come to nothing.

Then one guy gave that idea below. If I rightly understood this idea lets we talk about example program with this secutiy method.

  • Program have two parts, first is only login gui and the second part is the main program
  • Second part (main program) is uploaded on ftp server lets say that on http://xxx/autoit/main_program.au3
  • So we have the first gui with login, we put correctly login and pass and this is the moment when code from http://xxx/autoit/main_program.au3 will be downloaded and executed
  • Finally main program will be appear

This is the similiar way like new games are protected by cracking.

I have few questions in this moment about this:

  • Is something like that even possible to do with the autoit?
  • First part of program (login gui) must have somewhere given that link to download the rest of code - http://xxx/autoit/main_program.au3 to make it execute. As we know this first part of program is easy able to hack and retrieve this web url http://xxx/autoit/main_program.au3 where located is main part of program. Is the way to encrypt or secure it? If only code will be stored in .php we know it cannot be previewed. So it could for example get code from .php file instead of .au3
  • I know that methods works in other languages (I dont know exactly how) thats becouse I only speculates, maybe something may looks different in these solution?
  • Other way would be compiling second part of code on web server (there are available web autoit servers) maybe this way is possible?

Tell me anything U know about this ideas and if its even possible to achieve.

Thanks for ur any response, advice or thoughts ^_^

 


 

Quote

You can also just use authentification.

  your examplecode:

Code:

Func __CalculateWorldFormula($bob)
	$a = DiscreteLogarithm(Mod($bob ^ 4, 3))
	return $a
EndFunc

becomes

Code:

$HardwareID = _getHWID()
Func __CalculateWorldFormula($bob)
	$sCode = __GetCodeFromServer($HardwareID, "Worldformula-line.au3")
	If @error > 0 And $sCode = "HWID not registered" Then
		MsgBox(16, "Nope", "You son of a nice Mother!" & @CRLF & "You are not allowed to use this!")
		Exit 1337
	EndIf
	$a = Execute($sCode)
	return $a
EndFunc

No If clauses that could be bypassed to grant access. So also no need to protect your code anymore.
If there is an error, the server just doesn't give you the code. And thus you can't find it out. The downsides are that you need to have an FTP-server that has to run 24/7 and you need to register every user that buys a license one by one. (Or you could also write a script for it)

100% safe (in case the attacker doesn't own a license (buying a license + getting your precious code + publishing it for free = no profit = still 100% safe))

 

Share this post


Link to post
Share on other sites

You cannot protect you autoit3 script from decompilation.

Really stop wasting your time.

Pick another language you feel is safer, or just get over the fact your super secret code can be seen.

Chances are, no-one cares about your code anyway.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

blablabla xd I heard this many times. I know there is no perfect method. Im sure something could be done for more safety.

For what reasons there is stripper in SciTe? I saw some obfuscators and packers but unfortunately they dont work in new ver of autoit.

Its evidence - something could be done for safety.

Im giving here wonderful idea and You ruin whole thing by typing automated learned rule

Share this post


Link to post
Share on other sites

its not that "there is no perfect method".  its that there is NO method.  You can create as many hops as you want, but you are spending a significant number of manhours on something that will be undone in minutes.  Like, not even double digit minutes. 


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

This has been discussed ad nauseam, and the response is not going to change. Locking this thread before it descends into stupidity.


"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Share this post


Link to post
Share on other sites
8 hours ago, Miliardsto said:

blablabla xd I heard this many times. I know there is no perfect method. Im sure something could be done for more safety.

Im giving here wonderful idea and You ruin whole thing by typing automated learned rule

Thought I made it clear not too long ago to you that this was not going to be further discussed in these forums?  Guess I wasn't clear enough or is it you being unwilling to comply as I simply read an attitude I don't particularly like?

8 hours ago, Miliardsto said:

For what reasons there is stripper in SciTe? I saw some obfuscators and packers but unfortunately they dont work in new ver of autoit.

I  wrote the Obfuscator and stopped support as some saw that as challenge to de-complie & de-obfuscate that code again, but have a]always stated that obfuscation doesn't make the code safe but merely hard to read. The obfuscator was changed into the au3stripper as I felt the main purpose should be to strip the included script at compilation time back to the bare code needed, which generally saves  90% save for the sourcecode.

So although it is always good to have an idea and pursue your goals, but in this case this topic has been hashed out so many time and always end the same way, we simply stop the discussion right at the beginning. You may not like this, but this is what it is and not open for debate.

Jos

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By DirtyJohny
      Hi everyone.Need rewrite this function how in еxample.
      Original:
      #RequireAdmin #NoTrayIcon Opt("MustDeclareVars",1) Func _a() Local $sls=ObjGet("winmgmts:{impersonationLevel=impersonate," _ &"authenticationLevel=Pkt}!\\"& _ @ComputerName&'\root\wmi'),$lss=$sls.ExecQuery _ ('SELECT * FROM WmiMonitorID'), _ $lll,$sll,$sss="",$lsl,$lls,$i,$z For $z In $lss $lsl=$z.UserFriendlyName For $i=0 To Ubound($lsl)-1 if ($lsl[$i]) Then $lll&=Chr($lsl[$i]) Next $lls=$z.SerialNumberID For $i=0 To Ubound($lls)-1 if ($lls[$i]) Then $sll&=Chr($lls[$i]) Next $sss&="Model"&@TAB&@TAB&": "&$lll&@CR&"Serial Number"&@TAB&": "&$sll&@CR&@CR $lll="" $sll="" Next MsgBox(262144,'Monitors '&$lss.Count,$sss&" "&@CR) $lss=Null $sls=Null EndFunc _a() Example:
      Func _InfoPC() Local $ObjService = ObjGet('winmgmts:{impersonationLevel = impersonate}!\\' & @ComputerName & '\root\cimv2') Local $ObjMB = $ObjService.ExecQuery('SELECT * FROM Win32_BaseBoard', 'WQL', 0x30) If IsObj($ObjService) Then For $objItemMB In $ObjMB $sInfo &= @TAB & 'Motherboard: ...... ' & $objItemMB.Product & @CRLF I'm beginner in this sphere and need  you all speak easy and simply because i'm Russian.Thanks)
    • By Deshanur
      Am trying to automate injecting credential on the login form for all kind of Web application for IE. I know how to identify the form name by viewing the source code and using the method - _IEFormGetObjByName($ie, $form_Name).
      I would like to know how to identify or get the form object for the web app where there is no form name tag for example below, for the is I have used - _IEFormGetCollection($ie, 0) to get the form object.
      My Question is does it work for all kind of application "_IEFormGetCollection($ie, 0)" how to identify Index value? is it always 0? is there any better solution?
      The final solution am looking for is find out form object, get the username, password field and inject credential and submit the form.
      How to find out index value? for the forms which does not have form name field.
      $login_form = _IEFormGetCollection($ie, 0) $email_field = _IEFormElementGetObjByName($login_form, $form_UserName) $pass_field = _IEFormElementGetObjByName($login_form, $form_password) $login_button = _IEFormElementGetObjByName($login_form, $form_submitbutton) _IEFormElementSetValue($email_field, $CmdLine[2]) _IEFormElementSetValue($pass_field, $CmdLine[3]) ControlSend($hwnd, "", "[CLASS:Internet Explorer_Server; INSTANCE:1]","{Enter}") OR This works fine if the form has form name. $login_form = _IEFormGetObjByName($ie, $form_Name) $email_field = _IEFormElementGetObjByName($login_form, $form_UserName) $pass_field = _IEFormElementGetObjByName($login_form, $form_password) $login_button = _IEFormElementGetObjByName($login_form, $form_submitbutton) _IEFormElementSetValue($email_field, $CmdLine[2]) _IEFormElementSetValue($pass_field, $CmdLine[3]) ControlSend($hwnd, "", "[CLASS:Internet Explorer_Server; INSTANCE:1]","{Enter}")
    • By JuanFelipe
      Hello guys!
      I have a problem with a script, in the past I made a program and it worked perfect, I recently used it again and it already stands still in one step, the problem is a Javascript event that changed but now I cannot execute it.
       
      <td colspan="2" align="center"><input type="button" id="Buscar" name="Buscar" value="Buscar" onclick="javascript:enviarForma(document.obtenercasosPersonaPorDocumento,'0');" class="boton"></td>  
      Previously I used this code and it worked, but now it does nothing
      $botonconsulta = _IEGetObjByName($oIE,"Buscar") _IEAction($botonconsulta, 'click') _IELoadWait($oIE)  
      Now I have tried the following codes but none works.
       
      ;==================== 1 _IEHeadInsertEventScript($oIE, "document", "onclick", "javascript:enviarForma(document.obtenercasosPersonaPorDocumento,'0');") ControlClick("SUPER CELAC", "", "[CLASS:Internet Explorer_Server; INSTANCE:1]") _IELoadWait($oIE) ;==================== 2 $forma = $oIE.document.obtenercasosPersonaPorDocumento $oIE.Navigate("JavaScript:enviarForma("&$forma&",""0"");") _IELoadWait($oIE) ;==================== 3 $boton = _IEGetObjById($oIE, "Buscar") $boton.document.parentwindow.execScript("enviarForma(document.obtenercasosPersonaPorDocumento,'0');", "javascript") I hope you can guide me, because I think the error is in the parameters that the javascript function receives but I don't know how to send it, here I leave the first part of the JavaScript function.
      function enviarForma(frm,tipoForma){ var bExisteDatoConsulta = false; var bError=true; var mensajeError=""; switch (tipoForma) { //--Forma documento case "0": if (validar_campo_no_vacio_no_print(frm.numeroDocumento)) { if (!isNum(frm.numeroDocumento.value)) { bError = false; mensajeError += "El número de documento debe ser un valor numérico\n"; } bExisteDatoConsulta = true; } else { mensajeError += "Debe digitar un número de documento\n"; } break;  Thanks!
    • By Gowrisankar
      Dear members of the forum,
      I'm working on a project in which I have to use Image recognition technique. 
      Due to client restrictions, I couldn't use AutoIt for this project. 
      Is there a way to use this DLL "ImageSearchDLL.dll" (which is used to do image recognition steps in AutoIt) in VB.Net to achieve the same result? 
      I have used this DLL few years before and got good results. If there is a latest version of this DLL and if you can share it, that will be helpful too.
      Any guidance is deeply appreciated.
    • By mLipok
      This UDF was created for give any kind of support for GDPR solutions in AutoIt.
       
      #include "GDPR.au3" #AutoIt3Wrapper_Run_AU3Check=Y #AutoIt3Wrapper_Au3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 -w 7 #Tidy_Parameters=/sort_funcs /reel ; #AutoIt3Wrapper_Run_Debug_Mode=Y _Example() Func _Example() _GDPR_Crypter_Wrapper(_Example_Crypter) Local $sText = 'AutoIt v3 is a freeware BASIC-like scripting language designed for automating the Windows GUI and general scripting.' MsgBox(0, @ScriptLineNumber, _GDPR_Anonymize_String($sText)) Local $dCrypted = _GDPR_Crypt_String($sText) MsgBox(0, @ScriptLineNumber, $dCrypted & @CRLF & @error & @CRLF & @extended) Local $sDecrypted = _GDPR_DeCrypt_AsString($dCrypted) MsgBox(0, @ScriptLineNumber, $sDecrypted & @CRLF & @error & @CRLF & @extended) _GDPR_Crypt_File(@ScriptFullPath, @ScriptFullPath & '.CRYPTED') If @error Then ConsoleWrite('! ---> @error=' & @error & ' @extended=' & @extended & ' : _GDPR_Crypt_File' & @CRLF) _GDPR_DeCrypt_File(@ScriptFullPath & '.CRYPTED', @ScriptFullPath & '.DECRYPTED.au3') If @error Then ConsoleWrite('! ---> @error=' & @error & ' @extended=' & @extended & ' : _GDPR_DeCrypt_File' & @CRLF) EndFunc ;==>_Example Func _Example_Crypter($dBinaryData, $bDataAlreadyEncrypted) _Crypt_Startup() ; Start the Crypt library. Local $dResult If $bDataAlreadyEncrypted Then $dResult = _Crypt_DecryptData($dBinaryData, 'securepassword', $CALG_3DES) ; Decrypt the data using the generic password string. The return value is a binary string. Else $dResult = _Crypt_EncryptData($dBinaryData, 'securepassword', $CALG_3DES) ; Encrypt the text with the new cryptographic key. EndIf _Crypt_Shutdown() ; Shutdown the Crypt library. Return $dResult EndFunc ;==>_Example_Crypter  
      Download link:
       
      WIKI:
      This UDF was added here:  https://www.autoitscript.com/wiki/User_Defined_Functions
       
       
×
×
  • Create New...