Sign in to follow this  
Followers 0
auit5

Which has better serurity

11 posts in this topic

Hi,

Which method is more secure? When the script is compiled, not checking the AllowDecompile, or using a long passphrase? I read that this is not really totally secure, but which is generally harder to decompile?

Share this post


Link to post
Share on other sites



The no decompile option just implicitly adds a random password to the compiled file, I believe. So basically, the level of security is the same if you were to just randomly type in characters for a password. Using actual words, of course, would reduce the security since a dictionary attack could hit that word.

Share this post


Link to post
Share on other sites

Thank you, Valik!

Share this post


Link to post
Share on other sites

If you need a really high security you should code a passphrase needed for executing the script. And in the case that the user used a wrong password the script delete it self.

For more security you should also securely delete the script,

for even more you should also delete the scrip if the user just DON'T put the password (IE, press Cancel at the inputbox or doesn't set any inline argument)

If you are really crazy you can do a container script that actually keeps the secured script (the nomal decompiler don't returns FileInstall()ed files!) and fileinstall it, decrypher it and execute, delete and leaves. All password protected.

Share this post


Link to post
Share on other sites

Hi,

Which method is more secure?  When the script is compiled,  not checking the AllowDecompile, or using a long passphrase?  I read that this is not really totally secure, but which is generally harder to decompile?

The nodecompile option just makes up a long random password (about 200+ characters if I remember correctly)... It's just easier and safer than trying to make up a long/random password yourself.

Share this post


Link to post
Share on other sites

But do not forget that the exe has to decrypt itself to execute the script stored within. So even when you "compile" it with a very long random password (or the "no decompile option") it's still possible to decrypt and get the script back without too much[1] trouble.

[1] For someone with skills cryptology and decoding programs it should be an easy task. For others it can be a pretty hard task

Share this post


Link to post
Share on other sites

just to mention, anyone serious about decompiling a program with probably have a backup copy.

so self deletion is pointless, although it may thwart SOME attempts


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

just to mention, anyone serious about decompiling a program with probably have a backup copy.

so self deletion is pointless, although it may thwart SOME attempts

<{POST_SNAPBACK}>

I think ezzetabi was talking about the FileInstall function. If you FileInstall and delete the file (which will be the actual script), even if you decrypt the original exe, you would (probably) be unable of decrypting the FileInstalled script.. At least unless you know how to unpack it from the original exe..

This is a good case however.

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

I think ezzetabi was talking about the FileInstall function. If you FileInstall and delete the file (which will be the actual script), even if you decrypt the original exe, you would (probably) be unable of decrypting the FileInstalled script.. At least unless you know how to unpack it from the original exe..

You just need something like Norton Protection. Every file you delete is still saved and can be recovered easily. Voila there are all deleted files... including all temporary extracted FileInstalls Edited by sugi

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

Ok, now stop correcting me all the time.. :idiot:

You are right, I was stuck in the old DOS undelete/unerase utilities :}

Edit: So, and to be insane, we just need a function to delete the files that Norton Protection keeps in this case.. :}

Edited by erebus

Share this post


Link to post
Share on other sites

Ok, now stop correcting me all the time.. :idiot:

I'll stop when there's nothing left to correct :D

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0