Jump to content
Tuts 4 You
Sign in to follow this  
Modify

[Help] How to protect autoit script

Recommended Posts

mrexodia

@kao That was a fail I have slightly 'strengthened' the protection and it now shows:

Liv2zNf.png

Attached v2 binaries, also updated the repository. @JohnReese Try your tools on this protected script. It was really easy to make Exe2Aut fail and it shouldn't be hard to extend this with more methods of protection against specific tools that people might try before actually having to reverse something manually. It's completely open source and free too!

test1337_v2.rar

  • Like 1

Share this post


Link to post
Happening
On 05/11/2016 at 7:37 PM, mrexodia said:

@kao That was a fail I have slightly 'strengthened' the protection and it now shows:

Liv2zNf.png

Attached v2 binaries, also updated the repository. @JohnReese Try your tools on this protected script. It was really easy to make Exe2Aut fail and it shouldn't be hard to extend this with more methods of protection against specific tools that people might try before actually having to reverse something manually. It's completely open source and free too!

test1337_v2.rar

Decompiled

test1337.exe.au3

Share this post


Link to post
mrexodia
15 hours ago, Happening said:

Decompiled

test1337.exe.au3

Congratulations... My point was that without some manual reverse engineering you couldn't do it. What did you do to decompile?

Edited by mrexodia (see edit history)

Share this post


Link to post
evlncrn8

hang on a second, johnreese. your english isnt exactly fornicating perfect either "people here has understood" .. what ?

and you claim to be in usa...

oh you're out.. ok, byes...

  • Like 1

Share this post


Link to post
Happening
On 11/17/2016 at 1:52 PM, mrexodia said:

Congratulations... My point was that without some manual reverse engineering you couldn't do it. What did you do to decompile?

seek for a part of the AutoIt signature in memory (AU3!EA06 what's after the ! can change on older autoit versions), dump the memory page, execute myAut2Exe on it, or re-insert the script into the AutoIt stub (same version as original executable, version can be gotten by using the /AutoIt3ExecuteLine switch and macros), then use Exe2Aut (the reason to that is plain myAut2Exe may not support all scripts from newest versions of autoit while Exe2Aut does)

impossible to prevent unless core autoit script storage and parsing is modified, too sad its closed source, good luck modifying the autoit bin by hand if you want to be "protected" :)

  • Like 1

Share this post


Link to post
evlncrn8
Posted (edited)

new to github huh ? or just too lazy ?..

https://github.com/mrexodia/SimpleAutoItCrypter

read the readme.. its right there on the page when you visit...

grab the code either git clone, or grab the zip etc... its simple... even an idiot could understand it... oh wait.. 

Edited by evlncrn8 (see edit history)

Share this post


Link to post
SoloTurk
Posted (edited)

Not to download!
i am asking to apply it to my autoit exe file.
But there is a complex narrative ...
Where is the SCRIPT.bin file?
and
How to make PSAPI.DLL file "C: \ Windows \ System32 \ psapi.dll" or "C: \ Windows \ SysWOW64 \ psapi.dll" I need to change the file PSAPI.DLL in the import directory.

debug.jpg.37ae2e5d1ba1231c84ddc05bacbb0932.jpg

Edited by SoloTurk (see edit history)
  • Confused 1

Share this post


Link to post
evlncrn8
Posted (edited)

oh wow.. you dont make psapi.dll.. its a windows system component...

you load it using LoadLibrary api or in the imports.. a simple psapi.dll .. no path nothing.. and the system decides which one to run, depending on what bitness the process is...

do you even know what you're doing ? or what wow64 actually is ? 

did you even read the instructions on the github page ? (they explain where script.bin would be... hint : resources)...

also, your picture isnt viewable (403)...

 

Edited by evlncrn8 (see edit history)

Share this post


Link to post
SoloTurk

@evlncrn8 edited image edited

I don't have any script.bin

Share this post


Link to post
evlncrn8

open the exe in a resource editor, check its resources for the script... 

 

Share this post


Link to post
SoloTurk

Sorry :(  where did I fail. Does anyone know about how to do it?

 

 

Share this post


Link to post
evlncrn8

well that was painful to watch, i suggest you re-read the instructions before... and perhaps also learn how to use cff explorer...

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...