Autoit Security

[TDark]

Hi all, my first post and i think this is the right place where ask this type of question, many expert here.
I'll do short:
Autoit security is a big lack, a compiled script, obfuscated but the internal scite ( or better *****? ) or not, can decompiled in a few second, with a couple of click by "automated" tools around the web.
I want to avoid that tools, i know the script will be never secure but at least if someone what to see the .exe it must be decompile it manually, so not for the first lamer

I have think to:
-Maybe change the header or something in the strucuture of the exe to make it unrecognized by this tools? I know the header can be rebuilded, but read up ( avoid the automated tools, not the hackers with knowledge )
-Or maybe obfuscate the AutoIt Stub?

Obviously, i can't do nothing by myself and i don't know where to start, if someone was so gentle to post a step-by-step i'm very gratefully.
Thanks

[Shadow992]

Quote:

Originally Posted by TDark

Hi all, my first post and i think this is the right place where ask this type of question, many expert here.
I'll do short:
Autoit security is a big lack, a compiled script, obfuscated but the internal scite ( or better Shite? ) or not, can decompiled in a few second, with a couple of click by "automated" tools around the web.
I want to avoid that tools, i know the script will be never secure but at least if someone what to see the .exe it must be decompile it manually, so not for the first lamer

I have think to:
-Maybe change the header or something in the strucuture of the exe to make it unrecognized by this tools? I know the header can be rebuilded, but read up ( avoid the automated tools, not the hackers with knowledge )
-Or maybe obfuscate the AutoIt Stub?

Obviously, i can't do nothing by myself and i don't know where to start, if someone was so gentle to post a step-by-step i'm very gratefully.
Thanks

Both will not prevent tools from decompiling.
Because decompilers are searching for the given start of the script and this is (normally) always the same key. You have to change the key in the .exe and in the script if you want to confuse these decompilers.
Thats also what i did:



But there are some memory dumping decompilers which are also able to decompile that way of making secure. You have to use my tool and some tool which disables memory dumping. You could also try to implement a function for this by yourself, would be possible. You need to use several Anti-Hacking-Strategies (like hackshields do).

So if you combine Safe.exe, some Hack-Shield-Strategies, an unofficial obfuscator and a program which secures your .exe, you did all what you are able to do.

My Obfuscator:


Something that is free and still secures your script a little bit (not that much but enough to make some decompilers getting confused):
Enigma Virtual Box (just google it its freeware)

So in a nutshell:
1. Use an unofficial Obfuscator (recommended but it can destroy codes)
2. Use Safe.exe
3. Get some possible Anti-Hacking-Scripts and implement them in AutoIt
4. Use Enigma Virtual Box

[YatoDev]

-Crypt some text in your script
-Return some script functions from a php script and execute() them
-Execute() some strings from a crypted.txt
-Checks your own .exe :
//check md5 with the crypt.au3
//checks if @compiled
-Run a little "hackshield" on startup (FileInstall) or create the .exe within runtime
-Use the new obfuscator on the scite website (or shadows)
-Mayby you can write your own compiler
-Use ressource hacker to delete the autoit signature

[Shadow992]

Have a look at that:

[TDark]

Thanks, i'm checking ( i was think was easier to protect an exe for the automatic tools )
For the last link, what is the correct procedure?
1) Compile a script without UPX
2) ???

[Shadow992]

Download tool --> unpack it --> Start Protecter.exe or .au3 does not matter --> Select the files you want to select if you need help click the help button or ask in that thread what exactly seems strange to you. Use you created file but do not rename it! For more degails read thread.

[K1ramoX]

maybe the use of virtual machines can help or adding some junkcode in your executable ;o