auit5 Posted November 28, 2004 Share Posted November 28, 2004 Hi, Which method is more secure? When the script is compiled, not checking the AllowDecompile, or using a long passphrase? I read that this is not really totally secure, but which is generally harder to decompile? Link to comment Share on other sites More sharing options...
Valik Posted November 28, 2004 Share Posted November 28, 2004 The no decompile option just implicitly adds a random password to the compiled file, I believe. So basically, the level of security is the same if you were to just randomly type in characters for a password. Using actual words, of course, would reduce the security since a dictionary attack could hit that word. Link to comment Share on other sites More sharing options...
auit5 Posted November 28, 2004 Author Share Posted November 28, 2004 Thank you, Valik! Link to comment Share on other sites More sharing options...
ezzetabi Posted November 28, 2004 Share Posted November 28, 2004 If you need a really high security you should code a passphrase needed for executing the script. And in the case that the user used a wrong password the script delete it self. For more security you should also securely delete the script, for even more you should also delete the scrip if the user just DON'T put the password (IE, press Cancel at the inputbox or doesn't set any inline argument) If you are really crazy you can do a container script that actually keeps the secured script (the nomal decompiler don't returns FileInstall()ed files!) and fileinstall it, decrypher it and execute, delete and leaves. All password protected. Link to comment Share on other sites More sharing options...
Administrators Jon Posted November 28, 2004 Administrators Share Posted November 28, 2004 Hi,Which method is more secure? When the script is compiled, not checking the AllowDecompile, or using a long passphrase? I read that this is not really totally secure, but which is generally harder to decompile?The nodecompile option just makes up a long random password (about 200+ characters if I remember correctly)... It's just easier and safer than trying to make up a long/random password yourself. Deployment Blog:Â https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming:Â https://www.autoitconsulting.com/site/sccm-sdk/ Link to comment Share on other sites More sharing options...
sugi Posted November 28, 2004 Share Posted November 28, 2004 But do not forget that the exe has to decrypt itself to execute the script stored within. So even when you "compile" it with a very long random password (or the "no decompile option") it's still possible to decrypt and get the script back without too much[1] trouble. [1] For someone with skills cryptology and decoding programs it should be an easy task. For others it can be a pretty hard task Link to comment Share on other sites More sharing options...
t0ddie Posted November 29, 2004 Share Posted November 29, 2004 just to mention, anyone serious about decompiling a program with probably have a backup copy. so self deletion is pointless, although it may thwart SOME attempts Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you. Link to comment Share on other sites More sharing options...
erebus Posted November 29, 2004 Share Posted November 29, 2004 just to mention, anyone serious about decompiling a program with probably have a backup copy.so self deletion is pointless, although it may thwart SOME attempts<{POST_SNAPBACK}>I think ezzetabi was talking about the FileInstall function. If you FileInstall and delete the file (which will be the actual script), even if you decrypt the original exe, you would (probably) be unable of decrypting the FileInstalled script.. At least unless you know how to unpack it from the original exe..This is a good case however. Link to comment Share on other sites More sharing options...
sugi Posted November 29, 2004 Share Posted November 29, 2004 (edited) I think ezzetabi was talking about the FileInstall function. If you FileInstall and delete the file (which will be the actual script), even if you decrypt the original exe, you would (probably) be unable of decrypting the FileInstalled script.. At least unless you know how to unpack it from the original exe..You just need something like Norton Protection. Every file you delete is still saved and can be recovered easily. Voila there are all deleted files... including all temporary extracted FileInstalls Edited November 29, 2004 by sugi Link to comment Share on other sites More sharing options...
erebus Posted November 30, 2004 Share Posted November 30, 2004 (edited) Ok, now stop correcting me all the time.. You are right, I was stuck in the old DOS undelete/unerase utilities :} Edit: So, and to be insane, we just need a function to delete the files that Norton Protection keeps in this case.. :} Edited November 30, 2004 by erebus Link to comment Share on other sites More sharing options...
sugi Posted December 1, 2004 Share Posted December 1, 2004 Ok, now stop correcting me all the time.. I'll stop when there's nothing left to correct Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now