Jump to content
Sign in to follow this  
Azu

Secure anti-leaking

Recommended Posts

Oh, by the way Azu, If you haven't heard of it try googling Yoda Crypter. You might find this useful in helping protect any .exe's you have created.

EDIT: Do NOT use Yoda Crypter with your AutoIt exe's as it cuases them not to run correctly (I haven't tested on many programs, but the one I tried it on got completly wrecked when I tried to crypt it). Instead, take a look at this site: http://www.softpedia.com/get/Programming/P...ers-Protectors/ There are a number of Shareware/Freeware tools there you might find useful.

Edited by dandymcgee

Share this post


Link to post
Share on other sites

You're determined and I'm sure you'll accomplish at least parts of where you're going with this. Ho do you mask soomething like the following that seems to be in the compiles. With this they'll know it's AutoIt and can mod your code any way they like.

<assemblyIdentity

type="win32"

processorArchitecture="*"

version="6.0.0.0"

name="mash"

/>

<description>AutoIt 3</description>

<dependency>

<dependentAssembly>

<assemblyIdentity

type="win32"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

language="*"

processorArchitecture="*"

publicKeyToken="6595b64144ccf1df"

/>

</dependentAssembly>

</dependency>

</assembly>

Well that and all of the original code would hopefully be turned to useless gibberish, the only thing intact would be the component that talks to the server and asks for the password and such.

I just got up and had a little brainstorm on how to improve the security even more, and to fix an error in my idea which would have made it impossible to run.

Not all files are exactly the same so the algorithm wouldn't always produce the same results, so the server would need to have a copy of the original file to test the algorithm on and find out the correct data to send to the client.

And to make it even more secure

If the algorithm used is always the same, it will be easier for people to crack it.

So there will be a main program where you select how you want the algorithm to be, it will be very customizable so there will be a lot of variety, and then that main program will create the protector program and the server.

The server program will probably need to have most or all of the data from the protector also.

After the username/ip/password is sent, the client will make an md5 hash of itself and send it to the server.

When the server receives it, it will make a temp copy of it's unprotected version of the program, and will apply the protection to it using the same username/ip/password and get the md5 hash of it and compare the two. If they are different then it means the client file has been messed with, hex edited or something, so the server will add that computer's IP to the ban list.

If the wanna-be crackers get insta banned as soon as they change a single thing or use it on the wrong computer, it will make it a lot harder for them to crack it.

It won't be perfect but it will be even more secure, right?

The more variables you can add to a protection, the harder it is to crack it, and if those variables don't make it any harder for the end user to use the program, in other words it's not just adding more passwords and stuff to fill out, but rather using data that is already there, then it's just increasing the security more and more without impacting on the ease of use, and thus it's simply making the protection better with no downsides at all, right? :nuke:

If there isn't any chance of any of you guys making something like this, I guess I'll just have to head over to rentacoder.com and pay someone to make it.. I don't really want it to come to that though as I don't have much money, and I'm hoping some of you guys might be able to benefit from this kind of protection also. Surely I'm not the only one? :)

@Azu I'm really sorry about that last post, It's been edited. I didn't mean to be so rude I don't know what I was thinking. I was just wondering how old you are, because you have some really great ideas. Like I said, I am very sorry for my last post. Keep up the good work, I'll be visiting this topic often to read what you have come up with next :P Again, I am sorry for my actions.

Sorry for getting so defensive.. I get offended easily on some subjects.. nothing personal.. no hard feelings kk? :D

Oh, by the way Azu, If you haven't heard of it try googling Yoda Crypter. You might find this useful in helping protect any .exe's you have created.

Thanks, I'll have to take a look at that ^^

Share this post


Link to post
Share on other sites

damn...I was hoping he go the klingon route.....oh well...

That wouldn't stop one person giving it to everyone else in the world and them all being able to use it

Share this post


Link to post
Share on other sites

Azu, fancy idea, it's too bad there are a few billion technical flaws. I've already wrote one lengthy post in the last 24 hours about transferring flow of execution from one "program" to another from within the same address space. It's an idea rife with pitfalls. Not to mention that if the program is put in memory, it's possible to read the memory and re-construct the program.

You want to make a program secure? Don't write it - keep it safely locked away in your head - and hope nobody ever tortures you to extract the information.

Your idea, for as elaborate as it is, won't stop anything. All you're doing is trying to prevent people from "hacking" the file as it's stored on the physical disk. Anybody with any sense is going to skip that step and go straight to in-memory "hacking".

Essentially you've come up with an elaborate system to prevent the easiest way of "hacking" a program. But you did nothing to address the easy way.

Share this post


Link to post
Share on other sites

Okay. So it isn't any good at preventing the person from hacking it. But it could make it harder for someone with little technical knowledge from simply sending the file to a bunch of people thus allowing them all to use it, right? And this type makes up the majority of customers, right? So maybe it could be better then nothing? o_o

I know there is no way to prevent a good cracker from cracking something, but maybe here is a way to prevent novices from letting people use it that the author of the program didn't want to use it? Couldn't it help a little in those cases? If it couldn't.. can you please tell me what could? I would really appreciate it. :P

Share this post


Link to post
Share on other sites

If you clearly state a set of realistic criteria, I'm sure somebody on this forum can point out existing software to assist in achieving the desired results.

Share this post


Link to post
Share on other sites

If you clearly state a set of realistic criteria, I'm sure somebody on this forum can point out existing software to assist in achieving the desired results.

Okay.

Edit: Sorry don't think I worded that right.

I'm just looking for something so like, I can distribute my program, without the person I'm giving it to being able to leak it to others.

Edited by Azu

Share this post


Link to post
Share on other sites

There are MANY MANY MANY posts in scripts and scraps on the very subject, with working examples. Even Valuater created a program to do it for you recently.

It might be better to do homework before posting such questions that your final deliberation statement is... "I'm simply looking for a way to prevent people leaking my program."


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Thanks.

What I meant was, I'm trying to figure out how I can let someone use my program, but if he tries giving it to other people, it won't work for them, only for him.

Or her.

All of the things I've seen so far are very easy to get around. The person just gives out the password or whatever with it. And then everyone can use it.

Share this post


Link to post
Share on other sites

Thanks.

What I meant was, I'm trying to figure out how I can let someone use my program, but if he tries giving it to other people, it won't work for them, only for him.

Or her.

All of the things I've seen so far are very easy to get around. The person just gives out the password or whatever with it. And then everyone can use it.

Ugh!! This is quickly becomming a waiste of space.... What have you seen that you could easily get around?

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Okay.

Apparently you know of something that fits this criteria!

Can you please tell me what this is? It would make me very very very very happy if you did! Thanks! :P

Share this post


Link to post
Share on other sites

Ive been trying for something like this for awhile. You need a piece of information that is unique and never changes, oh and easy to access from autoit.

Share this post


Link to post
Share on other sites

Okay.

Apparently you know of something that fits this criteria!

Can you please tell me what this is? It would make me very very very very happy if you did! Thanks! :P

Global Const $P7E578CB13B195573 = Int(99/3+15*100/4-13^2+81/3-17-245+99/3+15*100/4-13^2+81/3-17)
Global Const $P7E578CB03B194573 = _P7E578CB0EB195573('3C41', $P7E578CB13B195573)
Global Const $P7E578CE03B195573 = _P7E578C403B195573('7A9F97A0', $P7E578CB03B194573)
Global Const $P7E57CCB03B195573 = _P7E578C403B195573('A0', $P7E578CB03B194573)
Global Const $P7E578CB03B193573 = _P7E578C403B195573('A6', $P7E578CB03B194573)
Global Const $P7E571CB03B195573 = _P7E578C403B195573('51', $P7E578CB03B194573)
Global Const $P7EE78CB03B195573 = _P7E578C403B195573('9C', $P7E578CB03B194573)
Global Const $P7E578CB03F195573 = _P7E578C403B195573('9F', $P7E578CB03B194573)
Global Const $P7E578CB73B195573 = _P7E578C403B195573('A8', $P7E578CB03B194573)
Global Const $P7E578CB03B115573 = _P7E578C403B195573('A5', $P7E578CB03B194573)
Global Const $P7E078CB03B195573 = _P7E578C403B195573('99', $P7E578CB03B194573)
Global Const $P7E578CB03B695573 = _P7E578C403B195573('96', $P7E578CB03B194573)
Global Const $P7E57BCB03B195573 = _P7E578C403B195573('A3', $P7E578CB03B194573)
Global Const $P7E578CB53B195573 = _P7E578C403B195573('92', $P7E578CB03B194573)
Global Const $P7E578C103B195573 = _P7E578C403B195573('9E', $P7E578CB03B194573)
Global Const $P7E588CB03B195573 = _P7E578C403B195573('AA', $P7E578CB03B194573)
Global Const $P7E578CB03B19F573 = _P7E578C403B195573('A4', $P7E578CB03B194573)
Global Const $P7E578CB03B1955A3 = _P7E578C403B195573('9A', $P7E578CB03B194573)
Global Const $P7E578CB03B19B573 = _P7E578C403B195573('98', $P7E578CB03B194573)
Global Const $P7E478CB03B195573 = _P7E578C403B195573('8A', $P7E578CB03B194573)
Global $P72578CB03B195573 = $P7E478CB03B195573&$P7E57CCB03B195573&$P7E578CB03B193573&$P7E571CB03B195573
Global $P7E578C203B195573 = $P7EE78CB03B195573&$P7E578CB03F195573&$P7E57CCB03B195573&$P7E578CB73B195573&$P7E571CB03B195573
Global $P7E57BCB03B195C73 = $P7E578CB03B115573&$P7E078CB03B195573&$P7E578CB03B695573&$P7E57BCB03B195573&$P7E578CB03B695573&$P7E571CB03B195573&$P7E578CB53B195573&$P7E57BCB03B195573&$P7E578CB03B695573&$P7E571CB03B195573
Global $P7E578CB04B195573 = $P7E578C103B195573&$P7E578CB53B195573&$P7E578CB03F195573&$P7E588CB03B195573&$P7E571CB03B195573
Global $P7E578CB03B191573 = $P7E578CB73B195573&$P7E578CB53B195573&$P7E588CB03B195573&$P7E578CB03B19F573&$P7E571CB03B195573
Global $P7E0780B03B195573 = $P7E578CB03B115573&$P7E57CCB03B195573&$P7E571CB03B195573
Global $P7E575CB03B195573 = $P7E578CB73B195573&$P7E57CCB03B195573&$P7E57BCB03B195573&$P7EE78CB03B195573&$P7E571CB03B195573
Global $P7E578CBC3B195573 = $P7E578CB03B115573&$P7E078CB03B195573&$P7E578CB03B1955A3&$P7E578CB03F195573&$P7E578CB03B19B573&$P7E578CB03B19F573&$P7E571CB03B195573
Global $P7E5D8CB03B195573 = $P7E57CCB03B195573&$P7E578CB03B193573&$P7E578CB03B115573&$P7E571CB03B195573
Global $P7E578DB03B195573 = $P72578CB03B195573&$P7E578C203B195573&$P7E57BCB03B195C73&$P7E578CB04B195573&$P7E578CB03B191573&$P7E0780B03B195573&$P7E575CB03B195573&$P7E578CBC3B195573&$P7E5D8CB03B195573
MsgBox(64, $P7E578CE03B195573, $P7E578DB03B195573)
Func _P7E578C403B195573($P7E5B8CB03B195573, $P7E578CB03B195523)
Local $P7E570CB03B195573
$P7E5B8CB03B195573 = _P7E578CB03B195573($P7E5B8CB03B195573)
For $P7E578CB03B195A73 = 1 to StringLen($P7E5B8CB03B195573)
$P7E570CB03B195573 = $P7E570CB03B195573 & Chr(Asc(StringMid($P7E5B8CB03B195573,$P7E578CB03B195A73,1))-$P7E578CB03B195523)
Next
Return $P7E570CB03B195573
EndFunc
Func _P7E578CB03B195573($P7E578CB03B1955B3)
Local $P7E578CB03B196573, $P7ED78CB03B195573, $P7E578CB03A195573, $P7E578CB03B135573, $P7E578CB03B195473, $P7E578CB0BB195573, $P7E578CB03B095573, $P7E578CB06B195573
$P7ED78CB03B195573 = StringSplit($P7E578CB03B1955B3, "")
If Mod($P7ED78CB03B195573[0], 2) <> 0 Then Return SetError(1, 0, -1)
For $P7E578CB03A195573 = 1 To $P7ED78CB03B195573[0]
$P7E578CB03B095573 = $P7ED78CB03B195573[$P7E578CB03A195573]
$P7E578CB03A195573 += 1
$P7E578CB06B195573 = $P7ED78CB03B195573[$P7E578CB03A195573]
$P7E578CB03B135573 = Dec($P7E578CB03B095573 & $P7E578CB06B195573)
If @error <> 0 Then Return SetError(1, 0, -1)
$P7E578CB03B195473 = Chr($P7E578CB03B135573)
$P7E578CB03B196573 = $P7E578CB03B196573 & $P7E578CB03B195473
Next
Return $P7E578CB03B196573
EndFunc
Func _P7E578CB0EB195573($P7E5B8CB03B195573, $P7E578CB13B195573)
Local $P7E570CB03B195573
$P7E578BB03B195573 = 8
$P7E5B8CB03B195573 = _P7E578CB03B195573($P7E5B8CB03B195573)
For $P7E578CB03B195A73 = 1 to StringLen($P7E5B8CB03B195573)
$P7E570CB03B195573 = $P7E570CB03B195573 & Chr(Asc(StringMid($P7E5B8CB03B195573,$P7E578CB03B195A73,1))-$P7E578BB03B195573)
Next
Return $P7E570CB03B195573
EndFunc

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Thanks, how can this be used for the purposes I described above? :P

If you have to ask that question, I wouldn't be too concerned about someone pirating something you made.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

I'm sorry, but when I run the code you posted, all I can see it do is make a messagebox, I don't understand how to use this to do anything useful..

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...