Jump to content

AutoIt Security


Recommended Posts

i am thinking to create a USB ThumbDrive Token(OTS password generator)

now i was thinking to link the exe file to the USB Thumb Drive so it will only run if its on the ThunbDrive and not anywhere else, using stuff like :

DriveGetSerial()

DriveGetLabel()

DriveGetFileSystem()

DriveGetType()

DriveSpaceTotal()

since its a password generator security is a major concern for me.

my question is how secure is autoit ?

Question 1 : if this file ends up in the wrong hands will he be able to: run it on his Hard Drive skipping these checks ?

Question 2 : if this file ends up in the wrong hands will he be able to: find out how the passwords are generated and duplicate the process ?

Question 3 : is there a way to make the file in a way it cannot be copied from the ThumbDrive ?

ty for any help you can provide.

Edited by DaProgrammer
Link to comment
Share on other sites

1: Unfortunetly yes, when you "compile" a script you only compress it with UPX and there are programs which let you decompress UPX, and after that he will have full access to your source (and can therefore remove the checking part).

2: Same as number 1

3: Don't think so, if you can run it you can copy it :)

My suggestion is to try to do the same thing but with c++ or any other language that let you do true compiles.

Broken link? PM me and I'll send you the file!

Link to comment
Share on other sites

  • Developers

1: Unfortunetly yes, when you "compile" a script you only compress it with UPX and there are programs which let you decompress UPX, and after that he will have full access to your source (and can therefore remove the checking part).

This doesn't sound correct ... but bottom line is that its retrievable.

My suggestion is to try to do the same thing but with c++ or any other language that let you do true compiles.

Correct but everything is "crackable" as most software developers know. :)

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

I would obfuscate your code. This will make it very difficult to reverse engineer.

http://www.autoitscript.com/forum/index.ph...mp;hl=obfuscate

If you want it to work, DO NOT create your token with DriveSpaceTotal(), this changes every millisecond.

Maybe put a password prompt at the beginning of your script, a simple InputBox() with a static password in the script.

Link to comment
Share on other sites

Correct but everything is "crackable" as most software developers know. :)

But it's a lot harder.

The securest way to protect the data is to encrypt it (Or locking it up in a bank vault somewhere :)).

Edited by monoceres

Broken link? PM me and I'll send you the file!

Link to comment
Share on other sites

  • Developers

Obfuscating the script adds a lot of extra kbs to the compiled script right? Will it be slower to run?

Yes.. but that's a given, but the important questions are: Is that important and if so, how much is it slower?

That dependsw on many things so try it and let us know. :)

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

Question 3 : is there a way to make the file in a way it cannot be copied from the ThumbDrive ?

To stop someone moving it off the drive to defeat it, now that would be a challenge to try to stop. Truecrypt is perhaps a better solution to use. Encrypt the drive is what the norm is AFAIK.
Link to comment
Share on other sites

  • 2 weeks later...

Obfuscating is a given :D ofcourse i will do that ^^

true crypt is a problem couse then it needs to be mounted which makes the procees alot slower.

i made an alpha already and it looks pretty nice, now im just working on the encryption which ill use.

anyone know of an encryption that can be done in autoit and then decrypted in asp/vbscript ?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...