Jump to content

How Secure is AutoIT?

emergc

By emergc
in AutoIt General Help and Support

 Share

Recommended Posts

emergc Seeker

emergc

Posted
Posted

I have been using and studying AutoIT scripting for almost a year now. I am very happy with the software and I there is no doubt that it is very useful. o:)

AutoIT has also become a part of my day to day activities at work and at home. I have never doubted its security until an officemate mentioned the program in an email.

The guy is a member of the Power Users group in his Windows XP computer in the office. He seems to know a lot about computers and even makes comments and gives his suggestion as to how we should do our job in the IT department. :)

He has given me the impression that he can actually analyse and disassemble our compiled AutoIT scripts. I am not sure about him but I have tried to "hack" or crack my own scripts just to find out if it could be done.

I am not a hacker or a cracker but sometimes I have to be one or at least, try and pretend to be one, just to check a script. :)

In our case, some scripts contain administrator passwords.We want to be sure that end-users will never find out what these passwords are. Actually, I am the one who brought AutoIT in the office. :lmao:

Are there tools that allow anyone to see what's inside an AutoIT script? Or is it enought to disallow decompilation in the compiler options?

Thank you. :)

  • Administrators
Jon Universalist

Jon

Posted
  • Administrators
Posted

From the helpfile

Technical Details

The compiled script and additional files added with FileInstall are compressed with my own (Jon) compression scheme. 

Because a compiled script must "run" itself without a password it needs to be able to decrypt itself - i.e., the encryption is two-way.  For this reason you should regard the compiled exe as being encoded rather than completely safe.  For example, if I wrote a script that contained a username and password (say, for a desktop rollout) then I would be happy using something like a workstation-level user/password but I would not consider it safe for a domain/entire network password unless I was sure that the end-user would not have easy access to the .exe file.

Deployment Blog: https://www.autoitconsulting.com/site/blog/
SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...