Script code security

[RaukGorth]

Hi all.

How can I make my scripts more resistant to decompiling.

I noticed that script show source code on error. That means that whole source must be included in .exe in text form making it very easy to crack my security / password check.

Also some people are telling me that they already cracked my autoit scripts, but they don't want to release it in public.

[SmOke_N]

check out EnCodeIt in my signature if (If it's not a big file at the moment... It seems to be a tad out of shape for huge files).

[RaukGorth]

Is 1600 lines of code too big already? I belive it will grow to ~3000 lines of code or even more.

[SmOke_N]

I'm working on fixing some of the issues. I'm pretty sure with tonedeafs explinations of what was happening to him that I have narrowed down alot of specific issues. But, there is no set time I'll finish it, as this was for helping people like you that have concerns, not putting food on the table .

All I can say, is try it, run it, test it... see if it's sound. If you have IsDeclared()/Eval() in your script, I'm pretty sure it will fail.

[RaukGorth]

Are there are other options to improve security of my .exe scripts?

[JSThePatriot]

I am not sure this would help, but it may be what you are looking for to make you scripts just a whee bit more secure.

AxCrypt

So long as it doesnt give you direct access to the file then you are good to go. I am pretty certain you can create it where there is no direct access to a file.

JS

[seandisanti]

Are there are other options to improve security of my .exe scripts?

EncodeIt, that smoke made and mentioned, is an awesome tool you should look into. it is for cluttering up your code before compiling, and it does a very good job of obscuring your code from most. Just make sure you don't have any functions being used that refer to variable names as strings, ie Assign(), Eval(), IsDeclared(), and you can be sure ahead of time that you won't experience the issues he's working on right now. It really is impossible to completely secure your code from determined outsiders if they know what they're doing. While there are some on this forum that could reverse the encoded script, luckily we have a great group here, and most of the ones that could, wouldn't. That can be said about programs written in any language though. If someone has an executable program on their system, where they can freely control the memory, your program can be made to do their bidding, even if the source is not openly viewable. I would say to try smoke's script and see if you're happy with the protection that it offers. you should still of course compile the obfuscated code with a password, and possibly consider using another packager that isn't freeware (not complaining about UPX, but anyone can download it and just UPX -d Yourscript.exe), but those are just more layers of protection, and really only offer superficial protection at best from the people you'd really want to hide your stuff from.