Sign in to follow this  
Followers 0
DaProgrammer

AutoIt Security

8 posts in this topic

#1 ·  Posted (edited)

i am thinking to create a USB ThumbDrive Token(OTS password generator)

now i was thinking to link the exe file to the USB Thumb Drive so it will only run if its on the ThunbDrive and not anywhere else, using stuff like :

DriveGetSerial()

DriveGetLabel()

DriveGetFileSystem()

DriveGetType()

DriveSpaceTotal()

since its a password generator security is a major concern for me.

my question is how secure is autoit ?

Question 1 : if this file ends up in the wrong hands will he be able to: run it on his Hard Drive skipping these checks ?

Question 2 : if this file ends up in the wrong hands will he be able to: find out how the passwords are generated and duplicate the process ?

Question 3 : is there a way to make the file in a way it cannot be copied from the ThumbDrive ?

ty for any help you can provide.

Edited by DaProgrammer

Share this post


Link to post
Share on other sites



1: Unfortunetly yes, when you "compile" a script you only compress it with UPX and there are programs which let you decompress UPX, and after that he will have full access to your source (and can therefore remove the checking part).

2: Same as number 1

3: Don't think so, if you can run it you can copy it :)

My suggestion is to try to do the same thing but with c++ or any other language that let you do true compiles.


Broken link? PM me and I'll send you the file!

Share this post


Link to post
Share on other sites

1: Unfortunetly yes, when you "compile" a script you only compress it with UPX and there are programs which let you decompress UPX, and after that he will have full access to your source (and can therefore remove the checking part).

This doesn't sound correct ... but bottom line is that its retrievable.

My suggestion is to try to do the same thing but with c++ or any other language that let you do true compiles.

Correct but everything is "crackable" as most software developers know. :)

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

I would obfuscate your code. This will make it very difficult to reverse engineer.

http://www.autoitscript.com/forum/index.ph...mp;hl=obfuscate

If you want it to work, DO NOT create your token with DriveSpaceTotal(), this changes every millisecond.

Maybe put a password prompt at the beginning of your script, a simple InputBox() with a static password in the script.

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Correct but everything is "crackable" as most software developers know. :)

But it's a lot harder.

The securest way to protect the data is to encrypt it (Or locking it up in a bank vault somewhere :)).

Edited by monoceres

Broken link? PM me and I'll send you the file!

Share this post


Link to post
Share on other sites

Obfuscating the script adds a lot of extra kbs to the compiled script right? Will it be slower to run?

Yes.. but that's a given, but the important questions are: Is that important and if so, how much is it slower?

That dependsw on many things so try it and let us know. :)


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Question 3 : is there a way to make the file in a way it cannot be copied from the ThumbDrive ?

To stop someone moving it off the drive to defeat it, now that would be a challenge to try to stop. Truecrypt is perhaps a better solution to use. Encrypt the drive is what the norm is AFAIK.

Share this post


Link to post
Share on other sites

Obfuscating is a given :D ofcourse i will do that ^^

true crypt is a problem couse then it needs to be mounted which makes the procees alot slower.

i made an alpha already and it looks pretty nice, now im just working on the encryption which ill use.

anyone know of an encryption that can be done in autoit and then decrypted in asp/vbscript ?


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0