Robinson1 Posted July 22, 2007 Share Posted July 22, 2007 (edited) Probably you all know about FileInstall() Include and install a file with the compiled scriptSyntax: FileInstall ( "source", "dest" [, flag] )Well I discovered some undocumented function I'd like to share here. To extract the main script itself use ">AUTOIT SCRIPT<" or ">AUTOIT UNICODE SCRIPT<" for Source depending to if you're using compiled to ANSI or UNICODE. Example code: ;For ANSI scripts FileInstall(">AUTOIT SCRIPT<", "Test.au3", 1) ;For UNICODE scripts FileInstall(">AUTOIT UNICODE SCRIPT<", "Test.au3", 1) Edited July 22, 2007 by Robinson1 Link to comment Share on other sites More sharing options...
PsaltyDS Posted July 23, 2007 Share Posted July 23, 2007 Hmm... well, it worked: ; Test_2.au3 FileInstall(">AUTOIT UNICODE SCRIPT<", @ScriptDir & "\TestAutoIt.au3") MsgBox(64, "Done.", "Done.")oÝ÷ Ø*&¦)^w©Þ®º+ºÈ§«¨¶@Q3M =9mªê-nëp¢¹w«¨¶@Q3MCHàÄH$H=9mªê-N¨ºÚnµø¥z§z¶yÜ!zr+jxÁ«zË@ºÚµ«·jëh×6; <AUT2EXE VERSION: 3.2.4.9> ; ---------------------------------------------------------------------------- ; <AUT2EXE INCLUDE-START: C:\Program Files\AutoIt3\Scripts\Test_2.au3> ; ---------------------------------------------------------------------------- FileInstall(">AUTOIT UNICODE SCRIPT<", @ScriptDir & "\TestAutoIt.au3") MsgBox(64, "Done.", "Done.") ; ---------------------------------------------------------------------------- ; <AUT2EXE INCLUDE-END: C:\Program Files\AutoIt3\Scripts\Test_2.au3> ; ---------------------------------------------------------------------------- I've never tried to find that functionality, so I don't don't know if it's really 'undocumented'. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Confuzzled Posted July 23, 2007 Share Posted July 23, 2007 (edited) Please clarify if I understood you correctly: You bundled the source code with the compiled code during the compile phase using the documented command 'FileInstall' as it was documented - great! Nothing surprising here... Edited July 23, 2007 by Confuzzled Link to comment Share on other sites More sharing options...
PsaltyDS Posted July 23, 2007 Share Posted July 23, 2007 Please clarify if I understood you correctly:You bundled the source code with the compiled code during the compile phase using the documented command 'FileInstall' as it was documented - great!Nothing surprising here...A couple points:1. You can't help but "bundle the source code", and there is no compiled code from your script in an AutoIt executable. The only compiled code in there is the AutoIt interpreter, which was written and compiled from C++. Your script source, with the #include'd file's text, and a compressed copy of any FileInstall() sources are simply packaged with the interpreter. At run time, the interpreter executes the functions called in the script. Outside of some basic and necessarily weak encryption if you select the "no de-compile" option, and some text substitution if you run the Obfuscator, your source text is fully present inside the 'compiled' AutoIt script. (Perl2Exe does the same thing for 'compiling' Perl scripts.)2. It looks to me like Robinson1 has found something interesting in the parameters ">AUTOIT SCRIPT<" and ">AUTOIT UNICODE SCRIPT<". Those literal strings would not be acceptable source parameters for the FileInstall() function outside of some special keyword handling.3. Achieving what you describe -- getting the original .au3 file's source text -- requires a different function, because you have to pass the literal path to the source file. You can't use @ScriptFullPath, for example. But this is the only way to get the original unmodified script, without the #include's written in, etc. The keywords Robinson1 described write out what it looks like after all the includes and substitutions are complete.4. I wonder if it writes it out after decryption (probably does).5. I wonder how Robinson1 found these keywords. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Richard Robertson Posted July 23, 2007 Share Posted July 23, 2007 I was wondering that point #5 myself. Congratulations on finding it, but I wonder why it is there. Link to comment Share on other sites More sharing options...
balo111 Posted July 26, 2007 Share Posted July 26, 2007 I was wondering that point #5 myself. Congratulations on finding it, but I wonder why it is there.As you probably know a 'compiled script' is nothing more than the interpreter + EXEARC archive, that contains the compressed script + all fileinstall() files. When compiling all includes + the script itself are merged together to the so called mainscript and store under the name ">AUTOIT UNICODE SCRIPT<" inside the EXEARC archive. After that the script is searched for FileInstall() commands and listed source files are add to the archive under the full sourcename as well. For Example in the script there isFileInstall("C:\test.bmp", "D:\mydir\test.bmp") the data of test.bmp will be stored in the EXEARC archive under the name "C:\test.bmp". The following demo-script will list all files that are stored inside an EXEARC archive(compiled script). Au3_lister.au3 Try out your self. No matter what compiled script you open all the time you should see at least the entry ">AUTOIT UNICODE SCRIPT<". The reason why the mainscript is not added by its name (for ex. "C:\AutoIt3\autoit-v3.2.4.9\Examples\Helpfile\FileInstall.au3") but as ">AUTOIT UNICODE SCRIPT<" is because so the interpreter always finds the mainscript by just looking for ">AUTOIT UNICODE SCRIPT<". Link to comment Share on other sites More sharing options...
balo111 Posted September 17, 2007 Share Posted September 17, 2007 (edited) ...so and as with every undocumented function.Since AutoIt 3.2.6 it has changed! (But at least this time Accii and Unicode version of Autoit are the same.)Now it's ">>>AUTOIT SCRIPT<<<". FileInstall(">>>AUTOIT SCRIPT<<<", @ScriptDir & "\TestAutoIt.au3") ; Hehe just to have some output on da run =:> Func BOOOOOOOOOM() MsgBox(0, "AutoIt Example", "Heal da world!") EndFunc BOOOOOOOOOM()But whoops TestAutoIt.au3 does look somehow weird, doesn't it?.... XXXXX00 0B 00 00 00 49 00 44 00 44 00 44 00 44 00 44 00 ....I.D.D.D.D.D. XXXXX10 44 00 44 00 44 00 44 00 46 00 47 48 7F D.D.D.D.F.GH EOFHmm but somehow that feels not as just garbage data.IDDDDDDDDDF ?!! .... = BOOOOOOOOOM ?I guess that is just Xor'd so let's try'I' XOR 'B' = '.' 0x49 XOR 0x42 = 0x0B <= XorKey :) and Xor all with 0BAnd Booom!00000000 00 0B 0B 0B 42 0B 4F 0B 4F 0B 4F 0B 4F 0B 4F 0B ....B.O.O.O.O.O. 00000010 49 0B 4F 0B 4F 0B 4F 0B 4D 0B 4C 43 74 I.O.O.O.M.LCtAh that's why 0B is infront of the string....XXXXX00 0B 00 00 00 49 00 44 00 44 ....I.D.D ....But ups I better stop before I'll come in conflict with die EULA. But hey cool finally AutoIt uses tokens! Edited September 17, 2007 by balo111 Link to comment Share on other sites More sharing options...
Valuater Posted September 17, 2007 Share Posted September 17, 2007 (edited) From Autoit Wrappers june/2006There is no "need" to FileInstall the codehttp://www.autoitscript.com/forum/index.ph...st&p=199603(There is a password version also); Command Line decompile to desktop ; Author Skruge If $CMDLine[0] > 0 Then If $CMDLine[1] = "/decompile" Then GetSource() EndIf ; Main Code Here Func GetSource() FileInstall("MyScript.au3", @DesktopDir & "\") Exit EndFunc;==>GetSource8) Edited September 17, 2007 by Valuater Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted September 17, 2007 Moderators Share Posted September 17, 2007 Not sure that's what he's getting at Val. This topic should probably be closed and the source removed even. Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
Robinson1 Posted September 17, 2007 Author Share Posted September 17, 2007 (edited) Not sure that's what he's getting at Val. This topic should probably be closed and the source removed even.Man what are you afraid of? Finally that proves that AutoIT is secure because it uses tokens by now !There is no ExeToAut that works for the new AutoIt exe and even if you extract the script like this you can't get back the source, because it is 'Tokenised'.Congrad's and thanks to the AutoIt developer, for finally made wish true!!! Edited September 17, 2007 by Robinson1 Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted September 17, 2007 Moderators Share Posted September 17, 2007 Man what are you afraid of? Finally that proves that AutoIT is secure because it uses tokens by now !There is no ExeToAut that works for the new AutoIt exe and even if you extract the script like this you can't get back the source, because it is 'Tokenised'.Congrad's and thanks to the AutoIt developer, for finally made wish true!!! Personally, I'm not afraid of anything... really never have been.Security has always been an issue, but I've found my own ways around specific things that worked well for me.It's the idea that things like this should have been brought to the developers attentions themselves, not in an open forum where all the script kiddie want to be's hang out. Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now