Sign in to follow this  
Followers 0
w0uter

Altering Compiled Scripts

46 posts in this topic

#1 ·  Posted (edited)

I AM NOT AN AUTOIT DEVELOPER

I DONT KNOW HOW AUTOIT WORKS

IT CAN BE UNSTABLE

IT CAN CRASH

I AM NOT RESPONSIBLE FOR ANYTHING THAT HAPENS TO YOUR SCRIPT OR OTHER DATA

THIS IS FOR LEARNING PURPOSE ONLY

USE IT AT YOUR OWN RISK

There ... now for the people that still want to listen after i shouted at them :D

Well i had some fun and made binaries undecompilable by exe2aut.

HOW:

<Removed>

NOTES:

<Removed>

also you might need to change RegRead('HKEY_LOCAL_MACHINE\SOFTWARE\AutoIt v3\AutoIt', 'InstallDir')

i dont use a seperate beta and dont know where the beta autoit goes. (i remember something about \beta\)

PS.

If someone still has trouble with this code after that huge disclaimer

and "Dont click here" feel free to send me a pm and ill remove it.

<Removed>

[edit] removed an U in Browse [/edit]

Edited by Valik

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

:D

Edit:

After some trial and error, no more decompile... very nice job w0uter! Hope this sticks around for a while... with this and EnCodeIt mixed ... would pi** most reverse engineers completely off :D

Edited by SmOke_N

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I changed them all to 0 in that first collum, then in the next one I used 30 then I repeated, and it worked! Thanks wouter!

Edited by Firestorm

[left][sub]We're trapped in the belly of this horrible machine.[/sub][sup]And the machine is bleeding to death...[/sup][sup][/sup][/left]

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Believe the line of thinking here was:

When you can identify the true "Script" section and the "Runtime" section its easier for the AV companies to detect Virusses written in AU3 without qualifying ALL AU3 scripts as a virus.

Edited by JdeB

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

This works well w0uter. I just had to be careful with what bytes i changed.

Edited by RazerM

My Programs:AInstall - Create a standalone installer for your programUnit Converter - Converts Length, Area, Volume, Weight, Temperature and Pressure to different unitsBinary Clock - Hours, minutes and seconds have 10 columns each to display timeAutoIt Editor - Code Editor with Syntax Highlighting.Laserix Editor & Player - Create, Edit and Play Laserix LevelsLyric Syncer - Create and use Synchronised Lyrics.Connect 4 - 2 Player Connect 4 Game (Local or Online!, Formatted Chat!!)MD5, SHA-1, SHA-256, Tiger and Whirlpool Hash Finder - Dictionary and Brute Force FindCool Text Client - Create Rendered ImageMy UDF's:GUI Enhance - Enhance your GUIs visually.IDEA File Encryption - Encrypt and decrypt files easily! File Rename - Rename files easilyRC4 Text Encryption - Encrypt text using the RC4 AlgorithmPrime Number - Check if a number is primeString Remove - remove lots of strings at onceProgress Bar - made easySound UDF - Play, Pause, Resume, Seek and Stop.

Share this post


Link to post
Share on other sites

GUICtrlCreateButton('Browse', 263, 175, 59, 18)

Share this post


Link to post
Share on other sites

As always w0uter love your work!

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites

its really nice work, but what does this do, i dont get the point :D


My UDF's : Startet on : 06.06.2006_CaseSearchOrReplaceStr();~> Searches OR Replaces a String,;~> With or Without Casesensivity

Share this post


Link to post
Share on other sites

its really nice work, but what does this do, i dont get the point :D

It is for those that dont want someone to be able to decompile their script without some troubles. Just like using EnCodeIt.

Just an extra precaution. It wont "prevent" any of the malitious attempts, but it would slow the determined down and stop the kiddies.

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites

oh wow thats really nice !!! thx wouter


My UDF's : Startet on : 06.06.2006_CaseSearchOrReplaceStr();~> Searches OR Replaces a String,;~> With or Without Casesensivity

Share this post


Link to post
Share on other sites

Respect!

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

Always fun to have another reverser here :wacko:

This was only ment to stop decompiling for the masses. :D

Also this was the only method in my head for wich i could create a patcher.

I have other POC code laying around here. Ill post a sample for you later.

Edited by w0uter

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Share this post


Link to post
Share on other sites

Always fun to have another reverser here :D

This was only ment to stop decompiling for the masses. :D

Why I can't ride of the feeling most ppl considering RE as some kinda 'Black Art' or 'computer heretic stuff' when I reading this. :D

Also this was the only method in my head for wich i could create a patcher.

I have other POC code laying around here. Ill post a sample for you later.

Yeh I felt that there's more potential.

Indeep this methode is really usefull to keep the noobs off or amaze them.

But in my eyes some other really nasty stuff is obfucation(as for ex. EncodeIt does). To me this can be more bitching than a 'nonstandard' AutoIT file.

:wacko: Anyway there is nothing against putting those two together.

Share this post


Link to post
Share on other sites

Would it be possible to use EncodeIt, and then the script Wouter mentions in the first post, and then manually compress with UPX? But then use something similar to Wouter did, but do it to the UPX header so that it could not be decompressed by UPX?

I hope this makes sense. :-)

-John

Share this post


Link to post
Share on other sites

@jftuga

Using EnCodeIt is already possible with w0uter's script to modify the header.

What you are asking is possible if I am not mistaken. The question would be how rough it would be to get that accomplished.

IMHO,

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites

#19 ·  Posted (edited)

MZ

MZ^ Error

Error: Unable to parse line

Edited by WTS

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0