Jump to content
Sign in to follow this  
Armand

.exe packers [like UPX]

Recommended Posts

Armand

Are there any .exe packars you know of which are not reversable ?

As UPX is easily reversable I am looking for some other packer to protect my compiled scripts with....


[u]My Au3 Scripts:[/u]____________(E)Lephant, A Share download manager (RS/MU etc)Http1.1 Console, The Ez Way!Internet Reconnection Automation Suite & A Macro Recording Tool.SK's Alarm Clock, Playing '.MP3 & .Wav' Files._________________Is GOD a mistake of the Humanity Or the Humanity is a mistake of GOD ?!

Share this post


Link to post
Share on other sites
alc

@ Armand:

Hi.

Im pretty sure that anyone with the right tools and knowledge can reverse anything. However, if you are looking for a "hard to reverse" exe, you may google for UPolyX.

alc (another Armand)

Share this post


Link to post
Share on other sites
Mobius

Edit :: Method does not apply to autoit *

Armand,

I recommend Packman, since you can apply it after using another packer like UPX.

This WILL increase the size of the output binary no matter what method (apLib,Lzma)

you choose. Not much more secure than upx but when combined.... :)

If you wish to stop anyone who owns UPX to be able to unpack your app say by using

the -d switch, you can overwrite ALL upx header information with zeroes with a hex

editor or a patch script. Upx will then give an error saying Not packed with upx or

Modified - Hacked or similar when someone tries to unpack with this method.

Won't stop a cracker but it Will stop joe bloggs.

JamesBrooks is right, Certain methods like UPolyX, Morphine, Npack and Tons more are

commonly used by the hacker/cracker community to protect and obfuscate thier apps.

Nothing wrong with them that I have found, they are simply flagged because of who

uses them, Don't recommend you use them either simply because of this.

stage 1 :: Compile and pack with UPX. Since it is the best Compressor around.

stage 2 :: Optionally but recommended strip the upx header info (UPX0 to UPX!) Plus version info.

stage 3 :: Optionally but recommended pack with packman, experiment with it's options.

muttley

Edited by MOBIUS

wtfpl-badge-1.png

Share this post


Link to post
Share on other sites
Armand

@MOBIUS

Thanks A LOT FOR THE TIP !!!!

Will try what you've mentioned...

P>S >> Any other suggestions maybe ?

___________

>>>>EDIT:::

___________

Where can i find and download that PacMan packer ?

Edited by Armand

[u]My Au3 Scripts:[/u]____________(E)Lephant, A Share download manager (RS/MU etc)Http1.1 Console, The Ez Way!Internet Reconnection Automation Suite & A Macro Recording Tool.SK's Alarm Clock, Playing '.MP3 & .Wav' Files._________________Is GOD a mistake of the Humanity Or the Humanity is a mistake of GOD ?!

Share this post


Link to post
Share on other sites
Mobius

@Armand

Don't worry so much about protection, This method will only slow someone down a little. If at all! I agree with alc in that department.

Time better spent creating Quality Autoit3 Apps! :)

Glad you liked it though, I personally use this method even though I know resistance is futile.

muttley

Nice work KB, Could not find it myself!

Like I said don't worry about protection, because theres always someone out there with some tool or other!

Edited by MOBIUS

wtfpl-badge-1.png

Share this post


Link to post
Share on other sites
NELyon

Its available at Softpedia. I'll post a link in a sec.

http://www.softpedia.com/get/PORTABLE-SOFT...e-Packman.shtml

EDIT: May I mention that after packing a script with Packman, I could still decompile it with a hacked decompiler. Interesting...

Edited by KentonBomb

Share this post


Link to post
Share on other sites
Armand

@KentonBomb & MOBIUS

Well... there is no question about making the app "Unbreakable" I just want to prevent every kiddie from UPX -D / run the app in a pre'made tool to open and spread the open-source as is... that's all muttley


[u]My Au3 Scripts:[/u]____________(E)Lephant, A Share download manager (RS/MU etc)Http1.1 Console, The Ez Way!Internet Reconnection Automation Suite & A Macro Recording Tool.SK's Alarm Clock, Playing '.MP3 & .Wav' Files._________________Is GOD a mistake of the Humanity Or the Humanity is a mistake of GOD ?!

Share this post


Link to post
Share on other sites
SmOke_N

Its available at Softpedia. I'll post a link in a sec.

http://www.softpedia.com/get/PORTABLE-SOFT...e-Packman.shtml

EDIT: May I mention that after packing a script with Packman, I could still decompile it with a hacked decompiler. Interesting...

Does packman use lzma? If so, forget anything that uses it, it's not going to work against the hacked decompiler.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites
Armand

@All....

Bah... what's with UPX... it doesn't work... not with the Wrapper and not from CMD.... seems like AV is blocking it ?!


[u]My Au3 Scripts:[/u]____________(E)Lephant, A Share download manager (RS/MU etc)Http1.1 Console, The Ez Way!Internet Reconnection Automation Suite & A Macro Recording Tool.SK's Alarm Clock, Playing '.MP3 & .Wav' Files._________________Is GOD a mistake of the Humanity Or the Humanity is a mistake of GOD ?!

Share this post


Link to post
Share on other sites
Mobius

Does packman use lzma? If so, forget anything that uses it, it's not going to work against the hacked decompiler.

What about aplib?

@Armand

Uh oH!

Can you disable your AV temporarily?

Does your AV even allow you to run packman?

ED:: Could try using a backup of upx, or redownload it, And unpack after AV is disabled.

ED:: Some AV's allow you to add credentials for trusted programs.

Edited by MOBIUS

wtfpl-badge-1.png

Share this post


Link to post
Share on other sites
Armand

@MOBIUS

tried disabling and there's no change.....

About PacMan, it runs the file... it packs... but the .exe is failing to launch... float point error..... something like that .... [using the aplib]

Edited by Armand

[u]My Au3 Scripts:[/u]____________(E)Lephant, A Share download manager (RS/MU etc)Http1.1 Console, The Ez Way!Internet Reconnection Automation Suite & A Macro Recording Tool.SK's Alarm Clock, Playing '.MP3 & .Wav' Files._________________Is GOD a mistake of the Humanity Or the Humanity is a mistake of GOD ?!

Share this post


Link to post
Share on other sites
Mobius

@Armand

New one on me... I am using build 3.2.10.0 of AutoIt, and the following packman options

Packing Method :: Max(New Header)

ADVANCED TAB :: Retain Header & Retain Overlay

RESOURCE TAB :: Explorer icon 9x & NT , Version Info & Xp Manifiest.


wtfpl-badge-1.png

Share this post


Link to post
Share on other sites
NELyon

Aplib with a compiled script compiled with v3.2.12.1 runs fine.

Same script recompiled with 3.2.13.4 and compressed with UPX+Packman with Aplib... Also runs fine for me. I don't see any issue.

Share this post


Link to post
Share on other sites
Mobius

@KentonBomb

So are you going to tell us all whether this hacked decompiler you have works on aplib?

ED :: Sorry KentonBomb forgot you posted the link for PackMan!

@Armand

As KentonBomb has shown, it's most probably your AV or related?!? muttley

Edited by MOBIUS

wtfpl-badge-1.png

Share this post


Link to post
Share on other sites
NELyon

@KentonBomb

So are you going to tell us all whether this hacked decompiler you have works on aplib?

Aplib is the only one I've tried it on. I haven't even tried LZMA yet.

Share this post


Link to post
Share on other sites
Mobius

That is a damn shame Might as well keep it in script form then! muttley

Edit :: Statement retracted, Untrue!

Joking aside, thanks for the intel on this HD, was not aware it was such a

beast!

Edited by MOBIUS

wtfpl-badge-1.png

Share this post


Link to post
Share on other sites
Mattraks

Themida perhaps?

Share this post


Link to post
Share on other sites
Armand

wWell... any conclusions ?!

Should i use PacMan and that's it ?

What should i do about that "Blockage" ?!


[u]My Au3 Scripts:[/u]____________(E)Lephant, A Share download manager (RS/MU etc)Http1.1 Console, The Ez Way!Internet Reconnection Automation Suite & A Macro Recording Tool.SK's Alarm Clock, Playing '.MP3 & .Wav' Files._________________Is GOD a mistake of the Humanity Or the Humanity is a mistake of GOD ?!

Share this post


Link to post
Share on other sites
Mobius

I have been checking out this Decompiler for myself, the news is not great.

I suggest you do the same Armand.

Anything that I have previously mentioned will not protect an AutoIt3 Program

from this Tool. As far as I can tell, you cannot modify the the actual script portion

of the program near the tail of the binary in such a way that would make it recognisable

to the AU3Stub and not the Decompiler.

My advice is to stick with upx simply for compression, Don't worry its -d switch, it does

not apply here in this case anyway.

Damn, If I'd stuck to form and trawled through the output binary I would not have wasted

your time sorry Armand.

muttley


wtfpl-badge-1.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×