Any way i can protect my software from decompiling with a hacked decompiler

[Jos]

It's a script platform with a stub file,are you calling that a language?

Just out of curiosity: What would you call it?

[AlmarM]

Hello,

You could also use the ProcessExists() and Close function!

While 1
    If ProcessExists("<Hack Program .exe>") Then
        ProcessClose("<Hack Program .exe>")
    EndIf
WEnd

-AlmarM-

Edited June 29, 2008 by AlmarM

[Anonymouse]

Hello,

You could also use the ProcessExists() and Close function!

While 1
    If ProcessExists("<Hack Program .exe>") Then
        ProcessClose("<Hack Program .exe>")
    EndIf
WEnd

-AlmarM-

That would only work if you were to always have the program running. If you think you're actually going to make money, depending on what the program does, run it from a server. Only very popular programs get cracked anyway. Use a serial key that reads directly from file on a server. Works for BNET, if they enter the wrong serial have it deleted from the PC. When it comes down to it though, no matter what language or 'non-language' you use, anything is breakable. Just depends on the market you're selling to.

[baaba]

That would only work if you were to always have the program running. If you think you're actually going to make money, depending on what the program does, run it from a server. Only very popular programs get cracked anyway. Use a serial key that reads directly from file on a server. Works for BNET, if they enter the wrong serial have it deleted from the PC. When it comes down to it though, no matter what language or 'non-language' you use, anything is breakable. Just depends on the market you're selling to.

My english and grammer are bad because its not my native tongue. sorry about that im from Israel.

is that it ? any autoit program is so easy decomplied?

i have been working on this program for almost 3 months.

what i had in mind was selling it

I dont mind buying the software to protect it but how do i know its gonna work ?

I dont want super protection. just the kind of protection that this program wont be decompiled with the hacked decompiler thats out there...

my program is about 15000 lines (dont know if it matter but still.) without the includes,,

[bhoar]

My english and grammer are bad because its not my native tongue. sorry about that im from Israel.

is that it ? any autoit program is so easy decomplied?

i have been working on this program for almost 3 months.

what i had in mind was selling it

I dont mind buying the software to protect it but how do i know its gonna work ?

I dont want super protection. just the kind of protection that this program wont be decompiled with the hacked decompiler thats out there...

my program is about 15000 lines (dont know if it matter but still.) without the includes,,

Search the forums for "obfuscator". It doesn't block the ability to see the script, but what they get is so completely stripped of contextual clues to be almost useless.

-brendan

[MyDream]

Try this petite tool which someone in the forum suggested in another thread.

http://www.un4seen.com/petite/

I was go suggest nspack( since I read about it somewhere on the net but havent use it or manage to find the latest version which is 3.7 ). But I came across some news theres an unpacker for nspack now, so skip this tool). muttley

Let me know whether this petite works or not.

[Jos]

Try this petite tool which someone in the forum suggested in another thread.

http://www.un4seen.com/petite/

I was go suggest nspack( since I read about it somewhere on the net but havent use it or manage to find the latest version which is 3.7 ). But I came across some news theres an unpacker for nspack now, so skip this tool). muttley

Let me know whether this petite works or not.

Did you try it ?

It does't work on a compiled version of AutoIt3Wrapper that isn't UPXed.

Jos

[mrbond007]

Overcomplicating the script might help, maybe add some unnecessary functions and variables for example

#include <String.au3>
Global $001010110,$110010101,$011001101,$101101010
$001010110=($110010101+($011001101*@Hour)-$101101010)+(@HOUR+@SEC)
$110010101=$001010110-$101101010
$011001101&=$110010101+Int($001010110*@SEC)
$101101010=Binary(BinaryLen(Binary($001010110)))
$011011001=Call("_111110110",Execute($001010110+$101101010))
MsgBox(0,"",StringLen(Int(Hex(Int($011011001)))))
Func _111110110($101011001)
    _StringEncrypt(1,$001010110,@HOUR&@SEC&StringLeft($001010110,StringLen(@HOUR)),StringLen($001010110))
    Return _StringEncrypt(1,$101101010,StringLen($110010101)&StringTrimRight($011001101,StringTrimLeft($011001101,@SEC)) & _
                          StringLeft($110010101,StringRight($011001101,StringLen($101101010))),StringLen($001010110))
EndFunc

[SmOke_N]

Overcomplicating the script might help, maybe add some unnecessary functions and variables for example

#include <String.au3>
Global $001010110,$110010101,$011001101,$101101010
$001010110=($110010101+($011001101*@Hour)-$101101010)+(@HOUR+@SEC)
$110010101=$001010110-$101101010
$011001101&=$110010101+Int($001010110*@SEC)
$101101010=Binary(BinaryLen(Binary($001010110)))
$011011001=Call("_111110110",Execute($001010110+$101101010))
MsgBox(0,"",StringLen(Int(Hex(Int($011011001)))))
Func _111110110($101011001)
    _StringEncrypt(1,$001010110,@HOUR&@SEC&StringLeft($001010110,StringLen(@HOUR)),StringLen($001010110))
    Return _StringEncrypt(1,$101101010,StringLen($110010101)&StringTrimRight($011001101,StringTrimLeft($011001101,@SEC)) & _
                          StringLeft($110010101,StringRight($011001101,StringLen($101101010))),StringLen($001010110))
EndFunc

Too easy to "un-Complicate"

expandcollapse popup

$s_text = ClipGet()
ConsoleWrite(_UnComplicate($s_text) & @CRLF)

Func _UnComplicate($s_string)
    ;Vars
    Local $a_sre = StringRegExp($s_string, "(?s)(?i)(\$\w+)", 3), $i
    _ArrayUnique($a_sre)
    For $i = 0 To UBound($a_sre) - 1
        $a_sre[$i] = StringReplace($a_sre[$i], "$", "\$")
        $s_string = StringRegExpReplace($s_string, "(?i)(" & $a_sre[$i] & ")(\W)", "\$" & $i & "\2")
    Next
    ;Funcs
    $a_sre = StringRegExp($s_string, "(?s)(?i)\n\s*func\s*(\w+)", 3)
    _ArrayUnique($a_sre)
    For $i = 0 To UBound($a_sre) - 1
        $s_string = StringRegExpReplace($s_string, "(?i)(\W)(" & $a_sre[$i] & ")(\W)", "\1_" & $i & "\3")
    Next
    Return $s_string
EndFunc

Func _ArrayUnique(ByRef $aArray, $vDelim = '', $iBase = 0, $iCase = 0)
    If Not IsArray($aArray) Then Return SetError(1, 0, 0)
    If $vDelim = '' Then $vDelim = Chr(1)
    Local $sHold = ""
    For $iCC = $iBase To UBound($aArray) - 1
        If Not StringInStr($vDelim & $sHold, $vDelim & $aArray[$iCC] & $vDelim, $iCase) Then
            $sHold &= $aArray[$iCC] & $vDelim
        EndIf
    Next
    $sHold = StringTrimRight($sHold, StringLen($vDelim))
    If $sHold And $iBase = 1 Then
        $aArray = StringSplit($sHold, $vDelim)
        Return SetError(0, 0, $aArray)
    ElseIf $sHold And $iBase = 0 Then
        $aArray = StringRegExp($sHold & $vDelim, "(?s)(.+?)" & $vDelim, 3)
        Return SetError(0, 0, $aArray)
    EndIf
    Return SetError(2, 0, 0)
EndFunc

Edited July 12, 2008 by SmOke_N

[mrbond007]

Too easy to "un-Complicate"

For someone with your super knowledge muttley

[Mobius]

My advice to you if you are serious about this, is to get your hands on some real Hacker/Cracker tools and learn for yourself how they protect their apps.

I don't mean become an uber cracker yourself, just by using say: Disassemblers - Hex editors - The host of free Packers that are out there - Crypt Tools &

Patchers Resource editors ... etc, You will learn how to further modify your binary after applying certain protections, plus gain a greater understanding of the

relative futility of releasing a program for money, given the passion of the community you're trying to defy!

I would do all of the above and still release it freely! At least initially, just so that you can get some feedback on it!

WARNING

If you actually intend to tinker with your binary be careful of what you change, and what methods you use! Most antivirus software flag a binary if it so much as

looks at it funny these days, which could hamper you're release.

Wish you all the best with your project. muttley

[cppman]

My advice to you if you are serious about this, is to get your hands on some real Hacker/Cracker tools and learn for yourself how they protect their apps.

I don't mean become an uber cracker yourself, just by using say: Disassemblers - Hex editors - The host of free Packers that are out there - Crypt Tools &

Patchers Resource editors ... etc, You will learn how to further modify your binary after applying certain protections, plus gain a greater understanding of the

relative futility of releasing a program for money, given the passion of the community you're trying to defy!

I would do all of the above and still release it freely! At least initially, just so that you can get some feedback on it!

WARNING

If you actually intend to tinker with your binary be careful of what you change, and what methods you use! Most antivirus software flag a binary if it so much as

looks at it funny these days, which could hamper you're release.

Wish you all the best with your project. muttley

If security is a major issue, he shouldn't even consider using AutoIt. Edited July 12, 2008 by cppman

[Mobius]

True, But he seems to have spent some time and effort on his project, don't know what other langs the guy is proficient in so I thought I'd give him something

to try on his autoit binary.

Security eh! Nothing is SECURE, its all down to how important someone else deems your work, worthy of the sheer Time, Effort & knowledge that goes into

Reverse engineering!

Edited July 13, 2008 by vladmobius

[cppman]

Personally I have a jaded view on people who try to make money from free software, but thats just me!

g++ is a free C++ compiler and lots of commercial software is compiled with it. muttley

Security eh! Nothing is SECURE, its all down to how important someone else deems your work, worthy of the sheer Time, Effort & knowledge that goes into Reverse engineering!

That's only partially true. A scripting language can be "decompiled" because it is never compiled in the first place, which makes it extremely easy to get the source.

Now, a programming language can't be decompiled. It can be dissassembled into ASM; however, that isn't going to do too much unless you know the structure of the source code in the first place.

Edited July 12, 2008 by cppman

[Mobius]

g++ is a free C++ compiler and lots of commercial software is compiled with it. muttley

Ok Cppman, My comment was lacking in clarity, But the sheer effort & knowledge involved in producing a project in low level languages warrants some sort

of payback, even if only via kudos. Anyway I was talking about AUTOIT3 as a piece of Excellent free software, which has obviously taken blood and sweat

to make it what it is, being used by someone in Script form to make money!

That's only partially true. A scripting language can be "decompiled" because it is never compiled in the first place, which makes it extremely easy to get the source.

Now, a programming language can't be decompiled. It can be dissassembled into ASM; however, that isn't going to do too much unless you know the structure of the source code in the first place.

Quite right, You will never retrieve the source asis.( I Bet theres people working on this very thing)

Like I said thought this guy was asking about Autoit3 anyway?

Don't get me wrong C(any) and ASM are kings within thier own domain, But this guy doesn't seem to wan't to spend a GREAT deal of time porting something that

took him to create in 3 months in autoit3.

[cppman]

I understand what you're saying. But my point is this... When you develop software, you need to plan. One of the first things you need to decide is what language you are going to use, and what language is suitable for your needs. That is what programming is all about. Obviously, this person either didn't know AutoIt was so easily "decompilable" (lack of research) or just didn't care at the time. Either way, he should have researched a bit. The CIA isn't going to just start writing a security-critical application without looking into what languages to use, or researching proper protection measures before writing it.

I don't want this to come out the wrong way to the original poster, but you just need to research before you start developing. I personally wouldn't recommend using AutoIt to develop full blown programs in the first place, unless of course it is the best language to do so (in this case it wasn't).

This is just my opinion.

Edited July 12, 2008 by cppman

[Mobius]

I utterly agree man, Every lang has its strengths and weaknesses, which is thankfully why there a so many diverse languages out there.

Research is key to any project, and protection of source is something that everyone would like to achieve, But in the end resistence is futile.

This also is only my opinion! muttley

Edited July 19, 2008 by MOBIUS

[SIone]

I have two schools of thought on practical advice here.

The first is to use your current code as a template and translate it to another language, as suggested by other posters, but you will still never have a 'bomb proof' solution.

The second is to work with what you have and look at it from the other side (no im not a code hacker).

Split your code into different parts, and use an encoded file for messaging of variables to the other components.

This makes more work for those who may try to decomplile your code.

I've used this approach in the past and to honest all it does it buy you time, but if your code can be made into many small modules then you stand a reasonable chance to slow them down until you are able to release v2.2.

Hope this helps,

SIone

[SmOke_N]

@vladmobius and @cppman ...

You two are totally out of line here.

Your opinions aren't even on topic ("How do I protect my AutoIt applications" ... "Use another language" muttley )

Hindsight being 20/20 here, I'm sure he would have written it in a compiled language had he known any better or how.

@Chris, I remember when you first came to AutoIt and how clueless you were toward anything really. It's nice you've broadened your horizons, but you should not push those things on everyone until they are ready to take the time to do so themselves.

@vladmobius, I can't even imagine where your mind is here. You say that because someone uses a free language they shouldn't charge for their work. I'm curious on what "paid for" language you suggest they use so they can get paid for their time. Last I checked, it didn't cost me anything to code in C(any) or ASM. If his work meets the requirements of his clients, or fulfills a need for others that don't know how to do it or don't have time themselves to do it, why shouldn't he get paid for his time?

Here's a suggestion for the both of you, assuming you know your stuff. Rather than telling the person basically they wasted 3 months of their time, show them a solution for their specific issue (AutoIt).

Keep this in mind. A viable solution here for AutoIt doesn't just help the individual, it helps the masses... what you are saying here doesn't just apply to the OP, but to everyone, including myself (and some of us can code in other languages, but like how fast AutoIt rolls out).

[Mobius]

Hey mod,

Sorry for any offence caused, if you check my first post you'll see that I was actually recommending that the author of this post attempt to modify or

inspect his program after applying certain PROTECTION techniques to get a feel for the type of Protection they are after and like SIone said look at it from

a different perspective. Other users had pretty much covered Obfuscation, which I also highly recommend.

I was NOT suggesting that the author had wasted 3 months of their lives developing a project in Autoit3, I myself am spending much longer than that

trying to convert my simple c projects to autoit3 after falling in love scripting langs in general. I myself hold AU3 in such high regard that I use it as my

sole language for releasing binaries exe/a3x.

Yeah I was out of line with the free lang for payed apps remark, off on a tangent somewhere! muttley

If your skill is such that you can make money from your project then more power to you, but before you think of pricing take a look at the sourceforge.net

the GNU project, a bit closer to home, KODA, a program of such quality I would happily pay money for!