[Release] Tool to prevent decompilation of your Autoit-Code

[link]

It's on, junge!
Dann geht auch unser *****-fight weiter :)

[Shadow992]

Quote:

Originally Posted by link

It's on, junge!
Dann geht auch unser *****-fight weiter

Ich weiss ich habe es ja sogar schon kommentiert. :P
Hab momentan aber kaum Zeit. Aber keine Sorge wir machen schon noch weiter so schnell kriegste mich nicht los. :P

[gian615]

Quote:

Originally Posted by gigi5

Hi, I also have a problem with autoIt 3.3.10

running safe.exe returns this on the command prompt:

PHP Code:

Error: 1Press any key to continue . . . 


Thanks for the great work so far!

edit: same error with or without antivirus.

I got same error with this but your AutoIt Obfuscator work perfectly to me

[GGili]

Thank you,
I really want to use your security solution.

But I can not afford to do that.
It's too dangerous ...

What really bothers me is that your software is identified as a virus in 60% of all anti-virus softwares.
It seems too fishy ...

You have to give me a convincing explanation why your software is identified as a virus in 60% of antivirus softwares.
and i want to get a the piece of code(in your software) that causes exactly this problem.

[Shadow992]

Quote:

Originally Posted by GGili

Thank you,
I really want to use your security solution.

Then use it.

Quote:

Originally Posted by GGili

But I can not afford to do that.
It's too dangerous ...

What really bothers me is that your software is identified as a virus in 60% of all anti-virus softwares.
It seems too fishy ...

You could have a look at all my other tools. I were Mod some time ago too.
You have to trust me if you want to use it.

Quote:

Originally Posted by GGili

You have to give me a convincing explanation why your software is identified as a virus in 60% of antivirus softwares.

It is because its similiar to a generic packer/crypter with Anti-Debugging functions.
It is using many of the functions that viruses use too.

Quote:

Originally Posted by GGili

and i want to get a the piece of code(in your software) that causes exactly this problem.

Nice try mate xD

Edit:
I will not force you to use this tool so it does not matter for me if you use it or not.
I do not have to show anything because it is a free project with no commercial intention so it is just a "just for fun" project and if you do not trust me it does not even care me.

[GGili]

OK..

Quote:

It is using many of the functions that viruses use too.

This means that many of these functions(that viruses use too) are available to the public..
so it should be no problem for you to give me a list of all these functions if they are puplic..
if so then please give this information because it will help me to trust you.

In addition,
I read it will not work with x64 exe.
this is still true? if so then i can't use it..

[Shadow992]

Quote:

Originally Posted by GGili

OK..

This means that many of these functions(that viruses use too) are available to the public..
so it should be no problem for you to give me a list of all these functions if they are puplic..
if so then please give this information because it will help me to trust you.

In addition,
I read it will not work with x64 exe.
this is still true? if so then i can't use it..

x86 works on 64 and 32 Bit so for me it does not make sense to use x64.
But yes it only works with x86.

Some techniques?
There are many I am using:
- Self-Modifying Code
- Encryptions
- Code Cave Injections
- IsDebuggerPresent Check
- NtQuerySystemInformation Check
- DbgPrint
- Modified Code Detection
- Some tiny Polymorphic Code Snippets
- Packing AutoIt-Exe
- UPX-Packing

These things are all used by me if you want to know more have a look at that:



Edit:
You will not get source code until I decide to release source code.
I also think you are not able to understand C/C++ so this wouldnt even matter I think.

[GGili]

Thank you.
What you're doing is still good even though I do not understand what you did.
When you give such information It shows that you probably do not have something bad to hide.

You've convinced me. I trust you now ..
I hope I'm right about that.

And do not release the source code. if you will release the source code then pepole can try to break your security with the source code..

[DuguWudi]

Like Shadow mention above, its a freeware tool.

Even official autoit compiled exe files also give out antivirus false alarm in the past.

If you really want a clean white list exe file, you have to contact each antivirus company requesting them to whitelist your exe files in their next signature update.

[elmarcia]

Why file install function isn't working when protected... Original file seems to work but when i protect it, the file install function don't work.

[Shadow992]

Quote:

Originally Posted by elmarcia

Why file install function isn't working when protected... Original file seems to work but when i protect it, the file install function don't work.

Because AutoIt file gets packed but does not matter this security solution got cracked by Aut2Exe so you should not use it anymore. Just use Obfuscators instead.

[elmarcia]

Quote:

Originally Posted by Shadow992

Because AutoIt file gets packed but does not matter this security solution got cracked by Aut2Exe so you should not use it anymore. Just use Obfuscators instead.

ok i will try one of your obfuscators then . Thanks sir.

[GGili]

Quote:

Originally Posted by Shadow992

Because AutoIt file gets packed but does not matter this security solution got cracked by Aut2Exe so you should not use it anymore. Just use Obfuscators instead.

I am happy to tell you you're wrong.
It is true that the solution will not defeat now Exe2Aut.

But your solution effectively hides the fact that the exe file is a AutoIt compiled exe.

so this is still good idea to use it just for hiding this fact.

but because my program must be compiled to 64bit (because in my case my the software use several functions that must work in 64 bit)
I can't use your solution.

In addition, your solution make the exe file to be identified as a virus by a lot ant-virus programs.


Because of these facts, it is good idea that you will develop a solution that is not designed to defeat Exe2Aut but still designed to hide the fact that the exe is AutoIt exe.

This way, you can delete several anti-debugging and decompiltion techniques(Because the goal is only to hide that the exe file is AutoIt)
and other functions that not required now.
and this can cause to less false positives by anti-virus.

I ask you to rebuild this security solution but without all the unnecessary stuff that cause to false positives and i want that the solution will be for 64bit also.

this may not defeat Exe2Aut. but it will enough to hide this fact and less false positives.

It should not be a big deal for you because you already know how to do it ..
You just have to do it again but without any anti-decompiltion techniques.

And I'd appreciate it if you post the source code (in this way I will start learn C++)

[Shadow992]

Quote:

Originally Posted by GGili

I am happy to tell you you're wrong.
It is true that the solution will not defeat now Exe2Aut.

But your solution effectively hides the fact that the exe file is a AutoIt compiled exe.

so this is still good idea to use it just for hiding this fact.

but because my program must be compiled to 64bit (because in my case my the software use several functions that must work in 64 bit)
I can't use your solution.

In addition, your solution make the exe file to be identified as a virus by a lot ant-virus programs.


Because of these facts, it is good idea that you will develop a solution that is not designed to defeat Exe2Aut but still designed to hide the fact that the exe is AutoIt exe.

This way, you can delete several anti-debugging and decompiltion techniques(Because the goal is only to hide that the exe file is AutoIt)
and other functions that not required now.
and this can cause to less false positives by anti-virus.

I ask you to rebuild this security solution but without all the unnecessary stuff that cause to false positives and i want that the solution will be for 64bit also.

this may not defeat Exe2Aut. but it will enough to hide this fact and less false positives.

It should not be a big deal for you because you already know how to do it ..
You just have to do it again but without any anti-decompiltion techniques.

And I'd appreciate it if you post the source code (in this way I will start learn C++)

I will post Source-Code but not now. Because there are many things that were done quick and dirty and I have to comment things otherwise no one will ever understand it. xD

But it will take a lot time until I release it, coz at the moment I havent got really time.

[Nobita2014]

Please update, Exe2Aut can decomplie. How protecer cool ??