How do I hide _Crypt_DeriveKey password/$vPassword I used.

[lyfritz]

Hello everyone I'm planning to develop a program but I cannot find a way to decrypt it properly as _Crypt_DeriveKey is showing the password/$vPassword I used to encrypt my code. I read around the forums that hash may be a solution to hide it in plain sight but I cannot find a way to incorporate it and decrypt the code so I may run it. Can you guys help me out? Here is a sample of a Beep() which I encrypted using the password "anewbee".

#include <Crypt.au3>
#include <MsgBoxConstants.au3>
#include <StringConstants.au3>
#include <WindowsConstants.au3>

HotKeySet("!s", "start")

Global $g_hKey, $iAlgorithm, $sRead, $dDecrypted, $dDecrypteds

_Crypt_Startup()

$g_hKey = _Crypt_DeriveKey("anewbee", $CALG_RC4)

While 1
    Sleep(100)
WEnd

Func start()
    Execute(evo("0x9F69B65CA345"))
EndFunc

Func evo($sRead)
    Return BinaryToString(_Crypt_DecryptData($sRead, $g_hKey, $CALG_USERKEY))
EndFunc

 

 

Encrypt.au3

[seadoggie01]

Did you try this with something other than "Beep()"? The function beep does nothing on my computer.

[lyfritz]

I tried just now with MsgBox($MB_SYSTEMMODAL, "", "hello") and its working for me. May I remind that alt+s needs to be pressed in order to run it. I use the one autoit gave as a sample on its _Crypt_EncryptData and just changed the PW to anewbee. I uploaded it too just in case you wanted to see it.

 

#include <Crypt.au3>
#include <MsgBoxConstants.au3>
#include <StringConstants.au3>
#include <WindowsConstants.au3>

HotKeySet("!s", "start")

Global $g_hKey, $iAlgorithm, $sRead, $dDecrypted, $dDecrypteds

_Crypt_Startup()

$g_hKey = _Crypt_DeriveKey("anewbee", $CALG_RC4)

While 1
    Sleep(100)
WEnd

Func start()
    Execute(evo("0x907FB46EE414053635A4C461FF1B3A0C92823E2AEF76BEB1D6FEEAC110B45F15501E08F6"))
EndFunc

Func evo($sRead)
    Return BinaryToString(_Crypt_DecryptData($sRead, $g_hKey, $CALG_USERKEY))
EndFunc
 

 

 

#include <ComboConstants.au3>
#include <Crypt.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <MsgBoxConstants.au3>
#include <StringConstants.au3>
#include <WinAPIConv.au3>
#include <WindowsConstants.au3>

Global $g_hKey = -1, $g_idInputEdit = -1, $g_idOutputEdit = -1, $g_idOutputDeCrypted = -1

Example()

Func Example()
    Local $hGUI = GUICreate("Realtime (En/DE)cryption", 400, 470)
    $g_idInputEdit = GUICtrlCreateEdit("", 0, 0, 400, 150, $ES_WANTRETURN)
    $g_idOutputEdit = GUICtrlCreateEdit("", 0, 150, 400, 150, $ES_READONLY)
    $g_idOutputDeCrypted = GUICtrlCreateEdit("", 0, 300, 400, 150, $ES_READONLY)
    Local $idCombo = GUICtrlCreateCombo("", 0, 450, 100, 20, $CBS_DROPDOWNLIST)
    GUICtrlSetData($idCombo, "3DES (168bit)|AES (128bit)|AES (192bit)|AES (256bit)|DES (56bit)|RC2 (128bit)|RC4 (128bit)", "RC4 (128bit)")
    GUIRegisterMsg($WM_COMMAND, "WM_COMMAND")
    GUISetState(@SW_SHOW, $hGUI)

    _Crypt_Startup() ; To optimize performance start the crypt library.

    Local $iAlgorithm = $CALG_RC4
    $g_hKey = _Crypt_DeriveKey(StringToBinary("anewbee"), $iAlgorithm) ; Declare a password string and algorithm to create a cryptographic key.

    While 1
        Switch GUIGetMsg()
            Case $GUI_EVENT_CLOSE
                Exit

            Case $idCombo ; Check when the combobox is selected and retrieve the correct algorithm.
                Switch GUICtrlRead($idCombo) ; Read the combobox selection.
                    Case "3DES (168bit)"
                        $iAlgorithm = $CALG_3DES

                    Case "AES (128bit)"
                        $iAlgorithm = $CALG_AES_128

                    Case "AES (192bit)"
                        $iAlgorithm = $CALG_AES_192

                    Case "AES (256bit)"
                        $iAlgorithm = $CALG_AES_256

                    Case "DES (56bit)"
                        $iAlgorithm = $CALG_DES

                    Case "RC2 (128bit)"
                        $iAlgorithm = $CALG_RC2

                    Case "RC4 (128bit)"
                        $iAlgorithm = $CALG_RC4

                EndSwitch

                _Crypt_DestroyKey($g_hKey) ; Destroy the cryptographic key.
                $g_hKey = _Crypt_DeriveKey(StringToBinary("anewbee"), $iAlgorithm) ; Re-declare a password string and algorithm to create a new cryptographic key.

                Local $sRead = GUICtrlRead($g_idInputEdit)
                If StringStripWS($sRead, $STR_STRIPALL) <> "" Then ; Check there is text available to encrypt.
                    Local $dEncrypted = _Crypt_EncryptData($sRead, $g_hKey, $CALG_USERKEY) ; Encrypt the text with the new cryptographic key.
                    GUICtrlSetData($g_idOutputEdit, $dEncrypted) ; Set the output box with the encrypted text.
                    Local $dDecrypted = _Crypt_DecryptData($dEncrypted, $g_hKey, $CALG_USERKEY) ; Decrypt the text with the new cryptographic key.
                    GUICtrlSetData($g_idOutputDeCrypted, BinaryToString($dDecrypted)) ; Set the output box with the encrypted text.
                EndIf
        EndSwitch
    WEnd

    GUIDelete($hGUI) ; Delete the previous GUI and all controls.
    _Crypt_DestroyKey($g_hKey) ; Destroy the cryptographic key.
    _Crypt_Shutdown() ; Shutdown the crypt library.
EndFunc   ;==>Example

Func WM_COMMAND($hWnd, $iMsg, $wParam, $lParam)
    #forceref $hWnd, $iMsg, $lParam

    Switch _WinAPI_LoWord($wParam)
        Case $g_idInputEdit
            Switch _WinAPI_HiWord($wParam)
                Case $EN_CHANGE
                    Local $dEncrypted = _Crypt_EncryptData(GUICtrlRead($g_idInputEdit), $g_hKey, $CALG_USERKEY) ; Encrypt the text with the cryptographic key.
                    GUICtrlSetData($g_idOutputEdit, $dEncrypted) ; Set the output box with the encrypted text.
                    Local $dDecrypted = _Crypt_DecryptData($dEncrypted, $g_hKey, $CALG_USERKEY) ; Decrypt the text with the new cryptographic key.
                    GUICtrlSetData($g_idOutputDeCrypted, BinaryToString($dDecrypted)) ; Set the output box with the encrypted text.
            EndSwitch
    EndSwitch
EndFunc   ;==>WM_COMMAND

 

Encrypthello.au3 ancryptdata1.au3

[seadoggie01]

Yes, I pressed Alt+s to make it run the function. I actually edited your code a bit to test it. But what I'm saying is that a script of just "Beep()" makes no noise on my computer

P.S. When you post code, please use the code handle button to post it... it looks (kinda) like this: <>

[lyfritz]

I don't know why that is cause it has always worked for me that's why I often use it to check. You didn't mention the msgbox so I assume it popped up? Thank you for the tip. I was actually looking for this since my post didn't look like the ones I see here in the forum lol. Going back to my question, do you have an idea how I can hide the password?

[seadoggie01]

Yes, the message box works for me. You can have the user input the password via an input box. What are you trying to encrypt here though? Your entire code?

[lyfritz]

Yes, an entire code is my target. I basically want anyone who has my code to be able to use it so no log-in required but I do not want anyone making copies of it which they can present as their own.

[seadoggie01]

You won't be able to use "Execute" to execute your entire script unless you plan on writing it without functions, loops, or conditionals  What you could do is obfuscate your source code before sending it out. You can also only send the compiled version on top of that, which is ensuring that it's really not worth anyone's time to get the code.

[lyfritz]

I am planning to use the "Execute" line per line inside my functions. So encrypting/decrypting data is not what I need but just obfuscation? I went looking on how to do this but the only one I found was from 2010 saying:

"If you are using SciTE to edit your scripts, you can select the obfuscation options when you select 'Compile', and it will automatically add the necessary lines to your script. The most common options are listed in the box, but extra ones are available via F1."

Can you tell me how do I do it as I cannot find any of this compile option and nothing pops up on Help(F1) of autoit when i type obfuscate.

[seadoggie01]

I would take a look at this one, RTFC is active and the script was updated recently: 

Without looking at the thread from 2010, I have no idea what they mean... maybe they meant using the /rm flag in AutoIt3Stripper

[lyfritz]

I tried using this already but the "output" only runs on my pc and nobody else's(atleast not the 2 I tested it with). The "fresh" one runs fine on 3 pcs(including where I made it) but once I've used codecrypter it doesn't work anymore for the other 2. I'd  prefer just using RTFC's but something about its encryption is stopping it from running on other pcs I didn't know what else to do. This is the link from where obfuscation popped up in the conversation:

 

[Jos]

I have decommissioned Obfuscator as it gave people a false sense of securing their script while it was clearly stated that it simply made a script hard to read and not provide any protection:

Jos

[RTFC]

4 hours ago, lyfritz said:

something about its encryption is stopping it from running on other pcs

If you had bothered to read any part of the CodeCrypter documentation you would have learned that CodeCrypter intentionally encrypts (and obfuscates, if desired) your entire script (or any part thereof you select) so it works only within a sanctioned environment. How you define that environment is entirely up to you. I am guessing you're just using CodeCrypter's default settings, which would take macro Username as decryption key, so obviously the encrypted version would function only on systems with matching username (as CodeCrypter explicitly informs you during the encryption).

[lyfritz]

@Jos So that's why. I probably should've just used this forums' search function so that I could've stumbled on this topic. Google searching this entire time showed mostly links to other websites who provided these kinds of services.

@RTFC Thank you for the help. I am trying to read but please understand that I am fairly new to all these and I couldn't understand it as well as most of you guys as descriptions can be be very technical. I was just looking at things from what to me is "logical" and I thought that people usually encrpyt because they don't want other users to read what they wrote so if I were to just do everything by default, I would produce something that is at least something I can immediately run on other pc. 

[Musashi]

8 hours ago, lyfritz said:

So encrypting/decrypting data is not what I need but just obfuscation?

 

17 minutes ago, lyfritz said:

Google searching this entire time showed mostly links to other websites who provided these kinds of services.

(just in case you don't know this option)

You can limit the Google search to a specific website by entering obfuscator site:autoitscript.com . The contribution from @Jos  is on the first results page .

[lyfritz]

@Musashi I knew this a long time ago but forgot about it since I didn't have to use it as much. Thank you for reminding me. Google's algorithm was spot on in showing me results from autoit's forum from all my recent searches without having to use this probably because my searches didn't include a topic which was being sold as a product(obfuscator) until now.