Jump to content
Sign in to follow this  
blanter

How secure is a compiled/built script?

Recommended Posts

I have a question I couldn't find in the forums answered. How secure is a password in a script once it has been compiled or built?

I have a script which resets the local administrator password on a workgroup computer. The script obviously has the administrator password inside the .au3 file, but when it is compiled or built to an .exe is it safe or secure?

Share this post


Link to post
Share on other sites

Technical Details

The compiled script and additional files added with FileInstall are compressed with my own (Jon) compression scheme.

Because a compiled script must "run" itself without a password it needs to be able to decrypt itself - i.e., the encryption is two-way. For this reason you should regard the compiled exe as being encoded rather than completely safe. For example, if I wrote a script that contained a username and password (say, for a desktop rollout) then I would be happy using something like a workstation-level user/password but I would not consider it safe for a domain/entire network password unless I was sure that the end-user would not have easy access to the .exe file.

Share this post


Link to post
Share on other sites

Wonder who made that .. :)

... but don't you think its a bit of an old thread you just resurrected ? :)

Edited by Jos

Share this post


Link to post
Share on other sites

i think there is no way to make your script safe from being cracked or reversed engineering.

Anything has been proven to be "crackable" till now, often the same day the software is released.

Share this post


Link to post
Share on other sites

Wonder who made that .. :)

... but don't you think its a bit of an old thread you just resurrected ? :P

Ooohs, its you. :)

Just found this thread by accident while searching for some info. :)

Share this post


Link to post
Share on other sites

There is a way of starting Aut2Exe from the command prompt (I'm not sure if its really in the command prompt) and you can put a password/passphrase in your script.

Another thing: The decompiler with AutoIt3 (Exe2Aut) only works with scripts compiled with version 3.2.5.1 and below. But I am not sure that it is the only AutoIt decompiler in the world.

(Correct me if I'm wrong.)


[center]It's a question of mind over matter, if I don't mind, it doesn't matter.[/center]

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...