Jump to content
Sign in to follow this  
FrenchTroll

This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.

Recommended Posts

FrenchTroll

Hello,

When i debug a script with the new version of autoit, there's this message which appear :

"This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support."

What does this mean ? That mean : "contact us, we've got the solution to unpack the script" or it's just publicity for autoit, or it's most pretty like this, or what else ?

I don't understand why and i prefer to remove (or rewrite) it. How can i do ?

THANKS

Share this post


Link to post
Share on other sites
Valik

Several things.

First, why is this in the Feature Request forum?

Second, why are you attaching a debugger to AutoIt in the first place? You can not debug a script in this manner. Furthermore, lacking debug symbols, you can't do much of anything without debugging at the assembly level.

Lastly, removing or changing that message /should/ be a violation of the license. The version I have installed (v3.2.8.1) mentions nothing about reverse engineering or modifying the executable, however, the newer beta versions very well might. At least, I was under the impression that there was something in the license now concerning such activity.

The simple solution to this "problem" is, don't attach a debugger to AutoIt. You don't need to.

Share this post


Link to post
Share on other sites
FrenchTroll

Sorry if this message is not on the good place. You can move it if you want ;)

According to me, you cannot forbid reverse engineering for the simple reason that AV must reverse to verify if an exe is clean. Also, if you forbid any modification on an exe, it means we will not be able to pack it...

As regards the message, it is going to be necessary that you think of offering a profitable version of autoit because if i understand you, we will be able to make a script but the exe finale will not belong to us any more...

ps : sorry for my language :)

Edited by FrenchTroll

Share this post


Link to post
Share on other sites
BrettF

a profitable version of autoit

I can tell you now, that that will probably never happen.

EDIT: It won't happen. Ever...

Also: Look here:

Topic

Edited by Bert

Share this post


Link to post
Share on other sites
Valik

According to me, you cannot forbid reverse engineering for the simple reason that AV must reverse to verify if an exe is clean. Also, if you forbid any modification on an exe, it means we will not be able to pack it...

Wow, you're quite confused by all this. First of all, the AV companies can request information about how to scan AutoIt executables for virii. They don't have to reverse engineer AutoIt, Jon is prepared to give them the details on how they can reliably detect virii. That's the whole point of the message you get when you attach a debugger. Second, how you jump to the conclusion that you can't pack something because you can't modify it is beyond me. It should be pretty clear that "modify" means doing things to the executable to cause it's behavior to deviate from what the AutoIt team releases, an example would be... removing or altering a message displayed when a debugger is attached.

As regards the message, it is going to be necessary that you think of offering a profitable version of autoit because if i understand you, we will be able to make a script but the exe finale will not belong to us any more...

It's pretty clear that you've never read the license to AutoIt, it's also pretty clear that you don't understand me.

Share this post


Link to post
Share on other sites
FrenchTroll

That's the whole point of the message you get when you attach a debugger.

You confirm what i said : "contact us, we've got the solution to unpack the script" :)

Second, how you jump to the conclusion that you can't pack something because you can't modify it is beyond me. It should be pretty clear that "modify" means doing things to the executable to cause it's behavior to deviate from what the AutoIt team releases, an example would be... removing or altering a message displayed when a debugger is attached.

Because if you pack the executable with an antidebugger (for example), the message don't disappear ? ;)

Share this post


Link to post
Share on other sites
SmOke_N

You confirm what i said : "contact us, we've got the solution to unpack the script" :)

Because if you pack the executable with an antidebugger (for example), the message don't disappear ? ;)

Edit:

Was going to make 2 quick points... but decided that there is no sense in carrying it on.

Edited by SmOke_N

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites
FrenchTroll

Edit:

Was going to make 2 quick points... but decided that there is no sense in carrying it on.

I know that you are going to answer me, but this message does not please me, that all.

You can close :)

Share this post


Link to post
Share on other sites
SmOke_N

I know that you are going to answer me, but this message does not please me, that all.

You can close :)

Well, I won't be the one to close this topic... I doubt it will be closed unless it gets completely obnoxious.

But to clarify what I was saying...

IMHO... This thread/topic, is like calling in sick to work, then bitching that you don't have the money to pay the bills.

When one solution solves several problems... it makes some unhappy, but I doubt much is done in AutoIts source, that isn't done for the well being of most in mind.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites
Jon

oving or changing that message /should/ be a violation of the license. The version I have installed (v3.2.8.1) mentions nothing about reverse engineering or modifying the executable, however, the newer beta versions very well might. At least, I was under the impression that there was something in the license now concerning such activity.

I thought it was in the license but I appear only to have added it to the .txt version I have not the one that gets compiled. Oops.

Share this post


Link to post
Share on other sites
Jon

Sorry if this message is not on the good place. You can move it if you want ;)

According to me, you cannot forbid reverse engineering for the simple reason that AV must reverse to verify if an exe is clean. Also, if you forbid any modification on an exe, it means we will not be able to pack it...

As regards the message, it is going to be necessary that you think of offering a profitable version of autoit because if i understand you, we will be able to make a script but the exe finale will not belong to us any more...

ps : sorry for my language :)

EULAs forbidding reverse engineering are standard in most shrink-wrapped software if you look.

Share this post


Link to post
Share on other sites
FrenchTroll

EULAs forbidding reverse engineering are standard in most shrink-wrapped software if you look.

EULA is YOUR licence software. You forbid to reverse your software only (autoit). But if i compile an executable with autoit, i can take a GPL, EULA, BSD, etc, licence and authorize the reverse, any modification on it because it's my product. No ? Do you say : "all compiled script with autoit is my private property" that's why i can help AV compagny to scan, unpack, reverse (???) a script ?

Edited by FrenchTroll

Share this post


Link to post
Share on other sites
Jon

EULA is YOUR licence software. You forbid to reverse your software only (autoit). But if i compile an executable with autoit, i can take a GPL, EULA, BSD, etc, licence and authorize the reverse, any modification on it because it's my product. No ? Do you say : "all compiled script with autoit is my private property" that's why i can help AV compagny to scan, unpack, reverse (???) a script ?

That's why it says this for AutoIt3.exe:

"It is a violation of the AutoIt EULA to attempt to reverse engineer this program."

And this for compiled scripts:

"This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support."

Really not seeing the problem here.

Share this post


Link to post
Share on other sites
FrenchTroll

That's why it says this for AutoIt3.exe:

"It is a violation of the AutoIt EULA to attempt to reverse engineer this program."

You confirm what i said : EULA applies only at your sofware :) Legal...

And this for compiled scripts:

"This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support."

Not legal and abusive if i compile a script under a licence which prohibits all "scan" (???), unpacking, reversing like your licence and\or if there's confidential data in it (Domain password, key of encryption, etc). Here's the problem for "me".

And you can be held responsible in the event of litigation. Here's the problem for you.

Edited by FrenchTroll

Share this post


Link to post
Share on other sites
PsaltyDS

EULA is YOUR licence software. You forbid to reverse your software only (autoit). But if i compile an executable with autoit, i can take a GPL, EULA, BSD, etc, licence and authorize the reverse, any modification on it because it's my product. No ? Do you say : "all compiled script with autoit is my private property" that's why i can help AV compagny to scan, unpack, reverse (???) a script ?

You confirm what i said : EULA applies only at your sofware ;) Legal...

Not legal and abusive if i compile a script under a licence which prohibits all "scan" (???), unpacking, reversing like your licence and\or if there's confidential data in it (Domain password, key of encryption, etc). Here's the problem for "me".

And you can be held responsible in the event of litigation. Here's the problem for you.

I think you are badly misusing the terms here. The GPL (and LGPL) and BSD Open Source licenses apply to SOURCE CODE, hence the "Source" in "Open Source".

The AutoIt EULA you are talking about applies to the EXECUTABLE.

Source code for some parts of older versions of AutoIt can be downloaded but are NOT under an Open Source license, because you are not permitted to distribute modifications. So as far as I can tell, the whole alphabet soup of Open Source licenses have nothing to do with AutoIt.

The EULA for the AutoIt executable allows you to distribute binary executable copies of itself with your compiled scripts (something you would not be allowed to do under copyright law without license from the EULA). It doesn't seem to grant or deny any rights to your script code at all. Whatever rights an AV company has to analyze Notepad.exe or User32.dll binaries to do their business, they also have to analyze YouScript.exe binaries. They didn't get that right by permission from Microsoft or AutoIt, and they don't need it from you.

If you have written some malicious software using AutoIt, I hope the AV companies are analyzing it, and can accurately keep me from ever having to deal with it. At the same time, I hope they communicate with AutoIt to ensure the interpreter is not the part that gets flagged as malicious.

IANAL, but you need to get one if you want to prevent AV companies from treating your .exe the same as they do any other. The fact that you seem to take umbrage at the idea that AutoIt (or Microsoft, or Sun, or Mozilla, etc.) might actually cooperate with the AV companies in doing that tells us something. If you have personal or secret data hard coded in your script it shouldn't be done in AutoIt. No one ever claimed the encryption was strong enough to prevent unauthorized access to whatever you put in there.

This is just my opinion, but I think you are confused, FrenchTroll...

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
AzKay

I thought it was in the license but I appear only to have added it to the .txt version I have not the one that gets compiled. Oops.

Do it.

Sorry, Couldnt resist. x3


# MY LOVE FOR YOU... IS LIKE A TRUCK- #

Share this post


Link to post
Share on other sites
SmOke_N

You confirm what i said : EULA applies only at your sofware :) Legal...

Not legal and abusive if i compile a script under a licence which prohibits all "scan" (???), unpacking, reversing like your licence and\or if there's confidential data in it (Domain password, key of encryption, etc). Here's the problem for "me".

And you can be held responsible in the event of litigation. Here's the problem for you.

I think you misunderstand how Autoit works.

Besides... this has been around as long as I have at least.

Technical Details

The compiled script and additional files added with FileInstall are compressed with my own (Jon) compression scheme.

Because a compiled script must "run" itself without a password it needs to be able to decrypt itself - i.e., the encryption is two-way. For this reason you should regard the compiled exe as being encoded rather than completely safe. For example, if I wrote a script that contained a username and password (say, for a desktop rollout) then I would be happy using something like a workstation-level user/password but I would not consider it safe for a domain/entire network password unless I was sure that the end-user would not have easy access to the .exe file.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites
FrenchTroll

In french (sorry i cant resist -puisqu'on se dirige tout droit vers un dialogue de sourd-) : Le terme "propriété intellectuelle" semble totalement vous échapper...pourtant il a une valeur en droit bien supérieur à toutes vos règles, "help", ou pseudo-clauses rédigées par-ci par-là.

J'ai une formation en droit, je sais de quoi je parle :) (conseils donnés gratuitement...comprenne qui pourra)

Edited by FrenchTroll

Share this post


Link to post
Share on other sites
Paulie

In french (sorry i cant resist -puisqu'on se dirige tout droit vers un dialogue de sourd-) : Le terme "propriété intellectuelle" semble totalement vous échapper...pourtant il a une valeur en droit bien supérieur à toutes vos règles, "help", ou pseudo-clauses rédigées par-ci par-là.

J'ai une formation en droit, je sais de quoi je parle :) (conseils donnés gratuitement...comprenne qui pourra)

Ok, I don't speak french, but Translators do...

Since one directs oneself all right towards a dialog of deaf one-) : The term "intellectual property" seems totally you to escape. ..pourtant it has a value in well superior right to all your rules, "help", or pseudo-clauses composed by here by there.

I have a formation in right, I know of what I speak (given counsels free. ..comprenne that will be able)

Alright, since there seems to be some miscommunication here, lets try to sort his out...

Basically, you are not allowed to reverse engineer the Autoit3.exe nor the compiled script executable that you create, because it contains the interpreter, so if you reverse engineer that, you may as well have reversed the Autoit3.exe. That message is there to inform users, such as yourself, who don't seem to bother with EULAs that it is a violation if that agreement to reverse engineer the .exe

In regards to AV companies, they don't have to reverse engineer an .exe to tell if its a virus. And even if they needed to, as an evaluating AV company with no intent of using the software, i don't believe they fall into the category of an "End User" so the EULA doesn't even apply...

Edit: Translated to french -- (online translator)

Bien, puisque il semble y avoir quelque manque de communication, laisse essayer ici de trier ceci...

Fondamentalement, vous n'êtes pas permis de renverser l'ingénieur l'Autoit3.exe ni le manuscrit compilé réalisable que vous créez, parce qu'il contient l'interprète, donc si vous renversez l'ingénieur cela, vous pourriez avoir renversé aussi l'Autoit3.exe. Ce message est là-bas d'informer des utilisateurs, tels que vous, qui ne semble pas ennuyer avec EULAs que c'est une violation si cet accord pour renverser l'ingénieur le. exe

Dans les égards compagnies AV, ils n'ont pas à renverser l'ingénieur un. exe pour dire si son un virus. Mais même s'ils ont eu besoin d'à, comme un évaluer la compagnie AV avec aucune intention d'utilisation du logiciel, je ne crois pas qu'ils appartiennent à la catégorie d'un « Utilisateur Final » si l'EULA ne s'applique pas même...

Edited by Paulie

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.