Altering Compiled Scripts

[Spanky]

Would it be possible to use EncodeIt, and then the script Wouter ...But then use something similar to Wouter did, but do it to the UPX header so that it could not be decompressed by UPX?

Why only talking about it and think how hard this could/might/should be insteat of just doing it.

Of course this will work and fucking up UPX is easy that you might thought. In an packed UPX-exe overwrite everything (obviously this will not more than 0x80byte) what comes before offset 0x0400 with 00. exe will run as normal but UPX -d sorely will miss this data.

Why use UPX - there are more exe-packer out there. Especially one whose put all their efforts on making it hard to unpack/remove them since their 'protection' relys on their presents. So what about using Armadillon, ASPack & ASProtect, PE-Compact, Morhine... Or binder like nBind or Molehole.

we dont have the source so its guesswork

Get Ollydbg (or some other debugger) if poking around with a hexeditor don't make sence anymore.

With some patience & experience you may also get out or modify small parts of source that 'interests' you.

Edited July 1, 2006 by Spanky

[w0uter]

I have other POC code laying around here. Ill post a sample for you later.

Took a bit longer then expected since i got lost in my own code.

Edited April 8, 2009 by Valik

[Spanky]

poc.au3->

Hacker. Nice try, but Wrong :)oÝ÷ Ø1ÞëajÝý±û§!h®Ø^7ǫ̈ºÈhºWijË^jÇ+m«wöÇè®f­x2j«uج)áz·¾)@Ü(Âz=z£Z­ì¨¸TÛH-mªíÿN½êåk µêÚ±ç(ÛkÈ(¶+ZºÚ"µÍÙÐÞ
    ÌÎNÔØÜ ÌÎNË ÌÎNÒH[HHX[ØÜ   ÌÎNÊ

What a nice stub. <Removed>

What a nice piece of code/patch

Edited April 8, 2009 by Valik

[blackgirl]

Hi w0uter,i complied your source but when i ran it showed this error,but i don't know i must add more include what to it run.

(srry my english)

i just begin autoit so i need help,anybody help me this problem,tks.

[SmOke_N]

Hi w0uter,i complied your source but when i ran it showed this error,but i don't know i must add more include what to it run.

(srry my english)

i just begin autoit so i need help,anybody help me this problem,tks.

Be sure you are running 3.2 version of AutoIt or higher.

[SleepyXtreme]

Can someone update this script please, it would be greatly appreciated.

[inov8iv]

Can someone update this script please, it would be greatly appreciated.

This does not appear to work with the latest version of AutoIT 3.2.4.9? Any Update or help would be greatly appreciated.

[=sinister=]

Common, do a little research??

<Removed>

All I did was replace all the BinaryString() functions to Binary() functions because I believe the syntax was changed.

Oh and when I use this, it messes up the quality of the icon of the program, why is this?

Edit:Spelling

Edited April 8, 2009 by Valik

[SleepyXtreme]

that doesn't work

[=sinister=]

What do you mean? Works fine? Do you get an error?

[SleepyXtreme]

yes, i know you don't change the last 4 or w/e in the last collumn so i changed all the other ones to 0 and it still doesn't work.

what do you change and what do you change them to?

[ThetaG]

You might use some available software protection tools like any good .exe protection tools such as Themida.

Compile the code into .exe and use them.

I never tried if it works on AutoIt exes but it shall work.

Good luck!

[Skrip]

It works great for me. I just change random ones and test it.

[zFrank]

but any example on how to use it?

my autoit it code for example is

#include <GUIConstants.au3>
$Form1 = GUICreate("Something here...", 475, 376, 163, 79)
GUISetBkColor(0xFFFFFF)
GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
GUICtrlSetColor(-1, 0x008000)
$Label2 = GUICtrlCreateLabel("File Name and Path should be here...", 8, 32, 339, 49)
GUISetState(@SW_SHOW)
While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit

    EndSwitch
WEnd

hmmm maybe i know how to do it but this time can't understand it.

[meYasuo]

it have some error:

F:\Documents and Settings\Administrator\Desktop\w0uter.au3 (50) : ==> Unknown function name.:

Local $v_executable = String(BinaryString(FileRead($s_executable)))

Local $v_executable = String(^ ERROR

anyone can fix?

[Skrip]

Look in the help file and try to figure out what the correct function is...

[=sinister=]

I'm sorry, but if your looking for a secure script, AutoIt is DEFINATLEY not the scripting language to choose. I tried out Themida.

I had a simple script:

MsgBox(0, "Test", "Test")

I obfuscated it, compiled it with high compression, used Themida AND this utility, but the cracked AutoIt Decompiler would always get the original script =\. I'm switching to C++ with the AutoitX dll...

[MyDream]

I'm sorry, but if your looking for a secure script, AutoIt is DEFINATLEY not the scripting language to choose. I tried out Themida.

I had a simple script:

MsgBox(0, "Test", "Test")

I obfuscated it, compiled it with high compression, used Themida AND this utility, but the cracked AutoIt Decompiler would always get the original script =\. I'm switching to C++ with the AutoitX dll...

Did you try using AutoIt beta version?

Official version took months to released sometimes but beta versions get released more often.

BTW, I dont understand what you mean by AutoitX dll....

[Skrip]

Did you try using AutoIt beta version?

Official version took months to released sometimes but beta versions get released more often.

BTW, I dont understand what you mean by AutoitX dll....

AutoItX.dll is used to use autoit commands in C++.

[senthor]

Same problem.

I'm currently creating a tool where security is very important because passwords will be saved. To get them safe, I wrote my one multiplex md5 randomizing _StringEncrypt function, but if everyone can get the code for it it's not very secure.

So please, your example file "w0uter-protected script.exe" works with the cracked decompiler too.

Can't you just improve your tool so that it works?

Or make a tutorial how to use your genius work ???

Thanx,

senthor

Edited January 1, 2009 by senthor