DaProgrammer Posted March 30, 2008 Posted March 30, 2008 (edited) i am thinking to create a USB ThumbDrive Token(OTS password generator)now i was thinking to link the exe file to the USB Thumb Drive so it will only run if its on the ThunbDrive and not anywhere else, using stuff like :DriveGetSerial()DriveGetLabel()DriveGetFileSystem()DriveGetType()DriveSpaceTotal()since its a password generator security is a major concern for me.my question is how secure is autoit ?Question 1 : if this file ends up in the wrong hands will he be able to: run it on his Hard Drive skipping these checks ?Question 2 : if this file ends up in the wrong hands will he be able to: find out how the passwords are generated and duplicate the process ?Question 3 : is there a way to make the file in a way it cannot be copied from the ThumbDrive ?ty for any help you can provide. Edited March 30, 2008 by DaProgrammer
monoceres Posted March 30, 2008 Posted March 30, 2008 1: Unfortunetly yes, when you "compile" a script you only compress it with UPX and there are programs which let you decompress UPX, and after that he will have full access to your source (and can therefore remove the checking part). 2: Same as number 1 3: Don't think so, if you can run it you can copy it My suggestion is to try to do the same thing but with c++ or any other language that let you do true compiles. Broken link? PM me and I'll send you the file!
Developers Jos Posted March 30, 2008 Developers Posted March 30, 2008 1: Unfortunetly yes, when you "compile" a script you only compress it with UPX and there are programs which let you decompress UPX, and after that he will have full access to your source (and can therefore remove the checking part).This doesn't sound correct ... but bottom line is that its retrievable.My suggestion is to try to do the same thing but with c++ or any other language that let you do true compiles.Correct but everything is "crackable" as most software developers know. SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
weaponx Posted March 30, 2008 Posted March 30, 2008 I would obfuscate your code. This will make it very difficult to reverse engineer.http://www.autoitscript.com/forum/index.ph...mp;hl=obfuscateIf you want it to work, DO NOT create your token with DriveSpaceTotal(), this changes every millisecond.Maybe put a password prompt at the beginning of your script, a simple InputBox() with a static password in the script.
monoceres Posted March 30, 2008 Posted March 30, 2008 (edited) Correct but everything is "crackable" as most software developers know. But it's a lot harder.The securest way to protect the data is to encrypt it (Or locking it up in a bank vault somewhere ). Edited March 30, 2008 by monoceres Broken link? PM me and I'll send you the file!
Developers Jos Posted March 30, 2008 Developers Posted March 30, 2008 Obfuscating the script adds a lot of extra kbs to the compiled script right? Will it be slower to run?Yes.. but that's a given, but the important questions are: Is that important and if so, how much is it slower?That dependsw on many things so try it and let us know. SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
MHz Posted March 30, 2008 Posted March 30, 2008 Question 3 : is there a way to make the file in a way it cannot be copied from the ThumbDrive ?To stop someone moving it off the drive to defeat it, now that would be a challenge to try to stop. Truecrypt is perhaps a better solution to use. Encrypt the drive is what the norm is AFAIK.
DaProgrammer Posted April 11, 2008 Author Posted April 11, 2008 Obfuscating is a given ofcourse i will do that ^^ true crypt is a problem couse then it needs to be mounted which makes the procees alot slower. i made an alpha already and it looks pretty nice, now im just working on the encryption which ill use. anyone know of an encryption that can be done in autoit and then decrypted in asp/vbscript ?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now