blanter Posted December 13, 2007 Posted December 13, 2007 I have a question I couldn't find in the forums answered. How secure is a password in a script once it has been compiled or built? I have a script which resets the local administrator password on a workgroup computer. The script obviously has the administrator password inside the .au3 file, but when it is compiled or built to an .exe is it safe or secure?
Developers Jos Posted December 13, 2007 Developers Posted December 13, 2007 Technical DetailsThe compiled script and additional files added with FileInstall are compressed with my own (Jon) compression scheme. Because a compiled script must "run" itself without a password it needs to be able to decrypt itself - i.e., the encryption is two-way. For this reason you should regard the compiled exe as being encoded rather than completely safe. For example, if I wrote a script that contained a username and password (say, for a desktop rollout) then I would be happy using something like a workstation-level user/password but I would not consider it safe for a domain/entire network password unless I was sure that the end-user would not have easy access to the .exe file. SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
MyDream Posted May 26, 2008 Posted May 26, 2008 Well, I used this tool to add another security layer to my code before final compilation to exe file.http://www.autoitscript.com/autoit3/scite/...uscator_doc.htmAtleast, someone will have to spend sometime to decode it before they get to my code(not 100% safe but atleast they have to spend an effort to get it).
Developers Jos Posted May 26, 2008 Developers Posted May 26, 2008 (edited) Wonder who made that .. ... but don't you think its a bit of an old thread you just resurrected ? Edited May 26, 2008 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Jos07 Posted May 26, 2008 Posted May 26, 2008 i think there is no way to make your script safe from being cracked or reversed engineering. Always Keep Your Sig Small... Like me :D
Developers Jos Posted May 26, 2008 Developers Posted May 26, 2008 i think there is no way to make your script safe from being cracked or reversed engineering.Anything has been proven to be "crackable" till now, often the same day the software is released. SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
MyDream Posted May 31, 2008 Posted May 31, 2008 Wonder who made that .. ... but don't you think its a bit of an old thread you just resurrected ? Ooohs, its you. Just found this thread by accident while searching for some info.
system24 Posted June 1, 2008 Posted June 1, 2008 There is a way of starting Aut2Exe from the command prompt (I'm not sure if its really in the command prompt) and you can put a password/passphrase in your script. Another thing: The decompiler with AutoIt3 (Exe2Aut) only works with scripts compiled with version 3.2.5.1 and below. But I am not sure that it is the only AutoIt decompiler in the world. (Correct me if I'm wrong.) [center]It's a question of mind over matter, if I don't mind, it doesn't matter.[/center]
Recommended Posts