Sign in to follow this  
Followers 0
qwert

Seeking protection against malcode

6 posts in this topic

I'm looking for a straightforward way to protect a distributed script -- not necessarily against someone getting at the script code, but rather against someone inserting malicious code and passing the script along under the original name.

The script, itself, is obfuscated and compiled in order to provide a measure of code protection. But I've realized how easy it would be for someone just place their "code" under the same name and just give it away to an unwary user who would think they were getting the real application.

The first way I've thought of is simply to use an MD5 checksum that's posted on a web site for the user to confirm. The drawback is that it takes special action by the user -- and too many people would not really know what it meant, anyway.

So does anyone have a suggestion of a technique to bundle a script in such a way that it either won't install or won't execute if it's accompanying "hash" doesn't match?

Thanks for any help.

Share this post


Link to post
Share on other sites



I'm a little confused, if your worried about someone executing an exe that they think is your code but isn't... there isn't really anything you can do to prevent someone from renaming 'bad code.exe' to 'useful code.exe' and giving it out, ya know?

Are you worried about someone decompiling your code, inserting their own, and distrbuting?

I keep writing more and deleting it... before I go on can you give some more info?


While ProcessExists('Andrews bad day.exe')
	BlockInput(1)
	SoundPlay('Music.wav')
	SoundSetWaveVolume('Louder')
WEnd

Share this post


Link to post
Share on other sites

You answered your own question really. CRC or MD5 or any other checksum.

If it's for "distribution", why not just have it downloaded from a secure site and that way you can not only keep track of the distribution but drop your concerns of malice.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

I'm a little confused, if your worried about someone executing an exe that they think is your code but isn't... there isn't really anything you can do to prevent someone from renaming 'bad code.exe' to 'useful code.exe' and giving it out, ya know?

Are you worried about someone decompiling your code, inserting their own, and distrbuting?

Thanks for the responses. My answer is: both, I guess.

The main concern is that it will appear to be my code, but will have been altered maliciously. I realize that if it's totally different code, that would be difficult to prevent -- i.e., a virus renamed MyWare.exe. I'm rather new at distributing applications and I had hoped this was a common concern with some more-or-less standard approaches already in use.

I've seen MD5 used frequently. If that's all that's really practical, then I suppose it will have to do. An exact file size (in Kbytes) plus a matching MD5 number would probably be difficult to fake. Does anyone know of an Installer or Wrapper that could present the MD5 for confirmation as a required step in the install process?

Edited by qwert

Share this post


Link to post
Share on other sites

Thanks for the responses. My answer is: both, I guess.

The main concern is that it will appear to be my code, but will have been altered maliciously. I realize that if it's totally different code, that would be difficult to prevent -- i.e., a virus renamed MyWare.exe. I'm rather new at distributing applications and I had hoped this was a common concern with some more-or-less standard approaches already in use.

I've seen MD5 used frequently. If that's all that's really practical, then I suppose it will have to do. An exact file size (in Kbytes) plus a matching MD5 number would probably be difficult to fake. Does anyone know of an Installer or Wrapper that could present the MD5 for confirmation as a required step in the install process?

Like a dog chasing it's tail.

Your concern being the ability to input malicious code into your app, then you want a wrapper that checks md5 checksums. What is to prevent them from changing the data in that?

I think I posted your only viable solution. If you are the only "secure" or "trustworthy" distributor, then they should only download from you. What they get from getting it from others is their own fault.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

I think I posted your only viable solution. If you are the only "secure" or "trustworthy" distributor, then they should only download from you.

I follow what you're saying. I was hoping there was some "magic wand" solution that I wasn't aware of. But from the points you made, I now see it's basically a game in which the opposition would always have the last move -- so a trustworthy copy of the original is the only remaining alternative.

Thanks for your responses.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0