faldo Posted March 24, 2006 Share Posted March 24, 2006 I've been searching here for about an hour now without any results... Some people have brought it up before but i don't see any answers. Since AutoIt has become a great programing tool the security issues are also questioned. It's extremely easy to decompile a password protected AutoIt exe and the only security mesures one can take is to use SmOke_N's EnCodeIt wich is great but offers no real encryption. So my last hope was that i could use some nasty packer to fool the infinit amount of crackers out there. But it seems that whatever alteration i do to the original compiled exe, the script engine gets messed up and ge the infamous "Unable to open the script file" once i try to run the exe. I even tried compiling the AutoIt exe without the UPX packer and pack it afterwards... but same error comes up. So my question to anyone who knows what i'm talking about is if there's a method to compile an autoit script with the option to specify all the commandlines (such as the UPX command line)... or if there's some other way someone has come up with in order to protect the script source? Check out my other scripts: RDP antihammer/blacklist generator | Phemex cryptocurrency exchange API Link to comment Share on other sites More sharing options...
PsaltyDS Posted March 24, 2006 Share Posted March 24, 2006 I've been searching here for about an hour now without any results... Some people have brought it up before but i don't see any answers.Since AutoIt has become a great programing tool the security issues are also questioned. It's extremely easy to decompile a password protected AutoIt exe and the only security mesures one can take is to use SmOke_N's EnCodeIt wich is great but offers no real encryption.So my last hope was that i could use some nasty packer to fool the infinit amount of crackers out there. But it seems that whatever alteration i do to the original compiled exe, the script engine gets messed up and ge the infamous "Unable to open the script file" once i try to run the exe.I even tried compiling the AutoIt exe without the UPX packer and pack it afterwards... but same error comes up.So my question to anyone who knows what i'm talking about is if there's a method to compile an autoit script with the option to specify all the commandlines (such as the UPX command line)... or if there's some other way someone has come up with in order to protect the script source? Just my $.02: Write it in something else. AutoIT is a scripting language, though a very good one. If you need truly hardened security, you need a true compiled language, with a PKI signed front end that authorizes decrypting the remainder of the executable only after secure access to a key server, and more crazy moon-man stuff like that. It becomes a matter of how secure do you HAVE to be with it. How slow can start up be and still be acceptable? Is it ok to requre a user-key and/or machine-key before running? How much overhead in system resources is OK? Is requiring an available secure network connection OK? How much pain you will accept depends on how important the protected elements are to you. If it's your chatroom password, simple encryption and obsfucation are enough. If it's nuclear launch codes then no level of security on a file you will distribute is enough.Looking at it another way, any source code you wrote is already protected by copyright without registering or anything, so how badly does that need to be hidden? Getting away from a scripting language will get you away from the high level source being contained in the .exe. Any .exe can be decompiled, but the result is assembler code that looks nothing like the original high level source in C++ or whatever.What kind of protectable elements are you putting in the AutoIT script in the first place? Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
CyberSlug Posted March 24, 2006 Share Posted March 24, 2006 Jon is working on a new version of Aut2Exe that will alleviate some of these problems. Use Mozilla | Take a look at My Disorganized AutoIt stuff | Very very old: AutoBuilder 11 Jan 2005 prototype I need to update my sig! Link to comment Share on other sites More sharing options...
faldo Posted March 24, 2006 Author Share Posted March 24, 2006 (edited) What kind of protectable elements are you putting in the AutoIT script in the first place?The kind that i needs to be closed source...Believe it or not, some people needs to protect their ideas... copyright don't stop crackers Jon is working on a new version of Aut2Exe that will alleviate some of these problems.Sounds too good to be true... thanx ALOT! =)Acctually... what i would suggest is that either let the user have more compile options or let the compiled exe be more "compatible" to changes... if that's doable =) Edited March 24, 2006 by faldo Check out my other scripts: RDP antihammer/blacklist generator | Phemex cryptocurrency exchange API Link to comment Share on other sites More sharing options...
faldo Posted March 30, 2006 Author Share Posted March 30, 2006 Hey CyberSlug, do you know anything about the progress of that development? is there any ETA... or is it just some rumor? Check out my other scripts: RDP antihammer/blacklist generator | Phemex cryptocurrency exchange API Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now