ficofico Posted July 13, 2008 Share Posted July 13, 2008 But using obfuscator.... it's so simple to watch the original code for an hacker? I hope that it's not true......... all ftp project here, mine too, if this assume it's true, are useless... Can i sleep tonight .......??? muttley Link to comment Share on other sites More sharing options...
cppman Posted July 13, 2008 Share Posted July 13, 2008 Here's a suggestion for the both of you, assuming you know your stuff. Rather than telling the person basically they wasted 3 months of their time, show them a solution for their specific issue (AutoIt).The sad thing is, they did waste 3 months of their time. So, I provided a recommendation for next time: research a little bit before writing commercial software (I don't mean for this to come out rude). And I know, I was horrible at everything a while back. But I was pushed into learning C++ and ASM, and it really taught me a lot of concepts I would have otherwise never learned. And these concepts were the foundations of nearly everything in programming. Miva OS Project Link to comment Share on other sites More sharing options...
mrbond007 Posted July 13, 2008 Share Posted July 13, 2008 (edited) Another ideaSplit your script into 5, 10 or more pieces, encrypt each piece using different methods (don't use the same method on all pieces). Create a new script and before compiling it use Zedna's Resouce.au3 method to embed all the pieces into the new script. ex:#AutoIt3Wrapper_Run_After=ResHacker.exe -add %out%, %out%, part1_of_script_encrypted.au3, rcdata, Part1, 0 #AutoIt3Wrapper_Run_After=ResHacker.exe -add %out%, %out%, fake_part_1.au3, rcdata, FakePart1, 0; add fake files as well #AutoIt3Wrapper_Run_After=ResHacker.exe -add %out%, %out%, part2_of_script_encrypted.au3, rcdata, Part2, 0 #AutoIt3Wrapper_Run_After=ResHacker.exe -add %out%, %out%, fake_part_2.au3, rcdata, FakePart2, 0 ...........The pieces can be retrieved using _ResourceGetAsString(). The new script should dencrypt all the good pieces and write them to an temporary external au3 file somewhere on the harddrive, run it and before deleting it, overwrite it with junk so that it cannot be recovered if data recovery tools were used.If programs like CPUKiller were used to slow down the machine (this way users will have time to see what is being written inside the temporary au3 file), use TimerInit() and TimerDiff() to fix this. ex :$Piece_1_Finished = _StringEncrypt(0, $Piece1, $Password);decrypt the first piece $Begin = TimerInit() $Split = StringSplit($Piece_1_Finished, "") For $i = 1 To $Split[0] FileWrite("external.au3", $Split[$i]) If TimerDiff($Begin) > 200 Then _Cancel_Operation(); it's taking too long NextAlso the passwords to decrypt the pieces should be scattered around the script. Edited July 13, 2008 by mrbond007 Projects : Space Regain - Memory Fusion - PWGT - Chip-ITGames : BrainPain - BrainPain Director's Cut - ProSpeed Games Pack (New)Vista vs XP : the forbidden fight Link to comment Share on other sites More sharing options...
Mobius Posted July 13, 2008 Share Posted July 13, 2008 In advance I am not Flaming your suggestion mrbond007, before mod comes in guns blazing! As your suggestion of using Resource.au3's capabilities is the most constructive yet! Using different crypto methods, fake files, Could even use a random table for which output folder(s) to use, Split your program over separately built exe's which pass encrypted commandline parameters to one another & check for each others existence at runtime, either via class, process ID etc. Use false file extensions, steganography methods, Obfuscation which AU3 handles well. Anything you can think of and replicate in AU3 to further you're cause. I would not however dump ANY decrypted source to the disk, No matter how much time you allocate with timer functions, as these can be easily worked around with: Filemonitor, Suspend & Resume functions and a debugger with step into and breakpoints. Only problem with using resources as your method, is that without any of the above programs, someone could still dump all resources from all binary's using Resource Hacker, Once they have Decrypted whatever packing method you decide to employ. Despite what I have just written, I Prefer & use myself the Embedded resource method, coupled with fileinstall. Experiment with different packers and ResMethod though, some alter the physical structure of the resource table making it hard to retrieve via Resource.au3 muttley After You have used all Autoit methods to protect your code, compile with password, Pack with your favourite packer, Tinker, Then pack with Packman.exe, Tinker some more. Link to comment Share on other sites More sharing options...
Xand3r Posted July 13, 2008 Share Posted July 13, 2008 the only real way of protecting your code... is making the app not able to run without an active connection to a server (your server muttley) and most of the work being done on the server part...(just like online games.... such as wow.. the client is free but in order to play it you really need to buy it.. ) Only two things are infinite, the universe and human stupidity, and i'm not sure about the former -Alber EinsteinPractice makes perfect! but nobody's perfect so why practice at all?http://forum.ambrozie.ro Link to comment Share on other sites More sharing options...
ficofico Posted July 13, 2008 Share Posted July 13, 2008 of course, and when hacker find user and passwd inside of your autoit script? Link to comment Share on other sites More sharing options...
SIone Posted July 13, 2008 Share Posted July 13, 2008 (edited) Another idea Split your script into 5, 10 or more pieces, encrypt each piece using different methods (don't use the same method on all pieces). Create a new script and before compiling it use Zedna's Resouce.au3 method to embed all the pieces into the new script. ex: #AutoIt3Wrapper_Run_After=ResHacker.exe -add %out%, %out%, part1_of_script_encrypted.au3, rcdata, Part1, 0 #AutoIt3Wrapper_Run_After=ResHacker.exe -add %out%, %out%, fake_part_1.au3, rcdata, FakePart1, 0; add fake files as well #AutoIt3Wrapper_Run_After=ResHacker.exe -add %out%, %out%, part2_of_script_encrypted.au3, rcdata, Part2, 0 #AutoIt3Wrapper_Run_After=ResHacker.exe -add %out%, %out%, fake_part_2.au3, rcdata, FakePart2, 0 ........... Now this I like!!! I was only considering methods, not means, on how this could be done. Just wondering though if there has ever been any form of forum based competition based on cracking with these methods? Edited July 13, 2008 by SIone Perilous to all of us are the devices of an art deeper than we ourselves possess. Link to comment Share on other sites More sharing options...
mrbond007 Posted July 14, 2008 Share Posted July 14, 2008 I wouldn't recommmend altering compiled files/adding your own binary modifications because it will only attrack experts who like to crack/bypass protections methods for fun. What i recommended was only a suggestion, the OP can come up with his own methods, but he must not share them, and i doubt that experts will try to crack his compiled script, because they are mostly intersted in populair programs that are packed (for ex) with PECompact 2.x muttley Projects : Space Regain - Memory Fusion - PWGT - Chip-ITGames : BrainPain - BrainPain Director's Cut - ProSpeed Games Pack (New)Vista vs XP : the forbidden fight Link to comment Share on other sites More sharing options...
MyDream Posted July 29, 2008 Share Posted July 29, 2008 Did you try it ?It does't work on a compiled version of AutoIt3Wrapper that isn't UPXed.JosSorry the software link was provided by the thread below.http://www.autoitscript.com/forum/index.ph...ompile+securityAnd I didnt try it, but its already mention in the link that it doesnt work anymore, so theres no point trying it out.And I still havent figure out how to use Autoit3Wrapper, the gui version since it never rename the compiled exe version info. Anyway, I found another freeware tool, it isnt a packer but something else. Once I figure out how to get the program to work, I'll post it. Its an old freeware which I found accidently on the internet, the newer version you need to paid for it. Link to comment Share on other sites More sharing options...
MyDream Posted August 24, 2008 Share Posted August 24, 2008 Ok, I give up testing since everytime I compile into exe, my antivirus grabbed it as a virus. Anyway, heres the link to the nbinder tool.http://www.portablefreeware.com/?id=482#commentsIts free as long as you dont update it and you also need to download two files and put into its installed folder after you install it.When you run the program after installation, it'll prompt two missing files, just the download the appropriate files from the link below and put into your nbinder folder and it'll work fine.http://www.portablefreeware.com/resources.phpFeedback on this product is welcome. Thanks. Link to comment Share on other sites More sharing options...
FlintBrenick Posted August 24, 2008 Share Posted August 24, 2008 Ask the big Software companies how they do it, that is, if you can find one that managed to protect any program against piracy.This brings up the point that if companies like Adobe cannot keep their software protected, then chances are we don't have a great shot ourselves. At the same time, I don't think we're about to make a program that is as useful as, oh lets say Adobe Photoshop CS3. If someone wanted to figure out how a program works bad enough, I think anything can be done; given the time and resources. Link to comment Share on other sites More sharing options...
Developers Jos Posted August 24, 2008 Developers Share Posted August 24, 2008 And I still havent figure out how to use Autoit3Wrapper, the gui version since it never rename the compiled exe version info. Can't be that difficult.Install the seperate SciTE4AutoIt3 installer.Add the needed directives manually or press Ctrl+F7 to show the gui.Hit Compile.That is all that is needed.Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
MyDream Posted August 29, 2008 Share Posted August 29, 2008 Can't be that difficult.Install the seperate SciTE4AutoIt3 installer.Add the needed directives manually or press Ctrl+F7 to show the gui.Hit Compile.That is all that is needed.JosThanks, anyway, I downloaded the new scite version recently and use its pulldown menu and select compile and configure the setting in compile menu and it works. It generate an obfuscator .au3 and a exe(I guess the the compiled exe file is already obfuscator rite?).One thing I dont understand is the value box option in the obfuscator menu, whats it for? Link to comment Share on other sites More sharing options...
xrxca Posted August 30, 2008 Share Posted August 30, 2008 Of course one could always look at this from the point of view that if (when) the program gets cracked it's a pretty good indicator that the program is popular, and depending on your target user base, a high enough adoption rate should include enough 'honest' users. I had a shareware app specific to Win9X out a few years ago and for a while I was putting out regular updates just to counter that latest crack, I reached the point that it wasn't worth the effort, I was getting regular registrations and didn't see a change up or down when I defeated a crack for a couple months. That silly little program I'd originally written for my own use ended up covering the down payment on my current house. By far, the worst four letter word (swear word) out there has to be USER Link to comment Share on other sites More sharing options...
MyDream Posted September 5, 2008 Share Posted September 5, 2008 Of course one could always look at this from the point of view that if (when) the program gets cracked it's a pretty good indicator that the program is popular, and depending on your target user base, a high enough adoption rate should include enough 'honest' users.I had a shareware app specific to Win9X out a few years ago and for a while I was putting out regular updates just to counter that latest crack, I reached the point that it wasn't worth the effort, I was getting regular registrations and didn't see a change up or down when I defeated a crack for a couple months. That silly little program I'd originally written for my own use ended up covering the down payment on my current house.Wow, how much does your little program cost? Link to comment Share on other sites More sharing options...
sl4y3r Posted February 28, 2009 Share Posted February 28, 2009 Add ALL IncludesThis would hang up the decompiling software... or the decompiling process will take more than an half hour xD Link to comment Share on other sites More sharing options...
Developers Jos Posted February 28, 2009 Developers Share Posted February 28, 2009 Add ALL IncludesThis would hang up the decompiling software... or the decompiling process will take more than an half hour xDWhat a load of BS.*click* SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Recommended Posts