Jump to content

Altering Compiled Scripts

w0uter

By w0uter,
in AutoIt Example Scripts

 Share

Recommended Posts

w0uter Universalist

w0uter

Posted
Posted (edited)

I AM NOT AN AUTOIT DEVELOPER

I DONT KNOW HOW AUTOIT WORKS

IT CAN BE UNSTABLE

IT CAN CRASH

I AM NOT RESPONSIBLE FOR ANYTHING THAT HAPENS TO YOUR SCRIPT OR OTHER DATA

THIS IS FOR LEARNING PURPOSE ONLY

USE IT AT YOUR OWN RISK

There ... now for the people that still want to listen after i shouted at them :D

Well i had some fun and made binaries undecompilable by exe2aut.

HOW:

<Removed>

NOTES:

<Removed>

also you might need to change RegRead('HKEY_LOCAL_MACHINE\SOFTWARE\AutoIt v3\AutoIt', 'InstallDir')

i dont use a seperate beta and dont know where the beta autoit goes. (i remember something about \beta\)

PS.

If someone still has trouble with this code after that huge disclaimer

and "Dont click here" feel free to send me a pm and ill remove it.

<Removed>

[edit] removed an U in Browse [/edit]

Edited by Valik

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Link to comment
Share on other sites
  • Replies 45
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted (edited)

:D

Edit:

After some trial and error, no more decompile... very nice job w0uter! Hope this sticks around for a while... with this and EnCodeIt mixed ... would pi** most reverse engineers completely off :D

Edited by SmOke_N

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites
Skrip Universalist

Skrip

Posted
Posted (edited)

I changed them all to 0 in that first collum, then in the next one I used 30 then I repeated, and it worked! Thanks wouter!

Edited by Firestorm

[left][sub]We're trapped in the belly of this horrible machine.[/sub][sup]And the machine is bleeding to death...[/sup][sup][/sup][/left]

Link to comment
Share on other sites
  • Developers
Jos Universalist

Jos

Posted
  • Developers
Posted (edited)

Believe the line of thinking here was:

When you can identify the true "Script" section and the "Runtime" section its easier for the AV companies to detect Virusses written in AU3 without qualifying ALL AU3 scripts as a virus.

Edited by JdeB

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

Link to comment
Share on other sites
jftuga Universalist

jftuga

Posted
Posted

If you actually try to click on 'Don't click here', nothing happens. :D

Seriously, nice work!

-John

Admin_Popup, show computer info or launch shellRemote Manager, facilitates connecting to RDP / VNCProc_Watch, reprioritize cpu intensive processesUDF: _ini_to_dict, transforms ini file entries into variablesUDF: monitor_resolutions, returns resolutions of multiple monitorsReport Computer Problem, for your IT help deskProfile Fixer, fixes a 'missing' AD user profile
Link to comment
Share on other sites
RazerM Universalist

RazerM

Posted
Posted (edited)

This works well w0uter. I just had to be careful with what bytes i changed.

Edited by RazerM
My Programs:AInstall - Create a standalone installer for your programUnit Converter - Converts Length, Area, Volume, Weight, Temperature and Pressure to different unitsBinary Clock - Hours, minutes and seconds have 10 columns each to display timeAutoIt Editor - Code Editor with Syntax Highlighting.Laserix Editor & Player - Create, Edit and Play Laserix LevelsLyric Syncer - Create and use Synchronised Lyrics.Connect 4 - 2 Player Connect 4 Game (Local or Online!, Formatted Chat!!)MD5, SHA-1, SHA-256, Tiger and Whirlpool Hash Finder - Dictionary and Brute Force FindCool Text Client - Create Rendered ImageMy UDF's:GUI Enhance - Enhance your GUIs visually.IDEA File Encryption - Encrypt and decrypt files easily! File Rename - Rename files easilyRC4 Text Encryption - Encrypt text using the RC4 AlgorithmPrime Number - Check if a number is primeString Remove - remove lots of strings at onceProgress Bar - made easySound UDF - Play, Pause, Resume, Seek and Stop.
Link to comment
Share on other sites
JSThePatriot Universalist

JSThePatriot

Posted
Posted

its really nice work, but what does this do, i dont get the point :D

It is for those that dont want someone to be able to decompile their script without some troubles. Just like using EnCodeIt.

Just an extra precaution. It wont "prevent" any of the malitious attempts, but it would slow the determined down and stop the kiddies.

JS

AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Link to comment
Share on other sites
w0uter Universalist

w0uter

Posted
  • Author
Posted (edited)

Always fun to have another reverser here :wacko:

This was only ment to stop decompiling for the masses. :D

Also this was the only method in my head for wich i could create a patcher.

I have other POC code laying around here. Ill post a sample for you later.

Edited by w0uter

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Link to comment
Share on other sites
Spanky Seeker

Spanky

Posted
Posted

Always fun to have another reverser here :D

This was only ment to stop decompiling for the masses. :D

Why I can't ride of the feeling most ppl considering RE as some kinda 'Black Art' or 'computer heretic stuff' when I reading this. :D

Also this was the only method in my head for wich i could create a patcher.

I have other POC code laying around here. Ill post a sample for you later.

Yeh I felt that there's more potential.

Indeep this methode is really usefull to keep the noobs off or amaze them.

But in my eyes some other really nasty stuff is obfucation(as for ex. EncodeIt does). To me this can be more bitching than a 'nonstandard' AutoIT file.

:wacko: Anyway there is nothing against putting those two together.

_________________
Link to comment
Share on other sites
jftuga Universalist

jftuga

Posted
Posted

Would it be possible to use EncodeIt, and then the script Wouter mentions in the first post, and then manually compress with UPX? But then use something similar to Wouter did, but do it to the UPX header so that it could not be decompressed by UPX?

I hope this makes sense. :-)

-John

Admin_Popup, show computer info or launch shellRemote Manager, facilitates connecting to RDP / VNCProc_Watch, reprioritize cpu intensive processesUDF: _ini_to_dict, transforms ini file entries into variablesUDF: monitor_resolutions, returns resolutions of multiple monitorsReport Computer Problem, for your IT help deskProfile Fixer, fixes a 'missing' AD user profile
Link to comment
Share on other sites
JSThePatriot Universalist

JSThePatriot

Posted
Posted

@jftuga

Using EnCodeIt is already possible with w0uter's script to modify the header.

What you are asking is possible if I am not mistaken. The question would be how rough it would be to get that accomplished.

IMHO,

JS

AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...