Jump to content

Recommended Posts

Posted (edited)

98.18b

Represents the last time we touched this product before doing other things.

Although recently compiled and tested on windows 10 from a repaired archive it's still bloody old, and the same issues still follow with its use.

It is what it is, an old and unfinished glance at older builds of Autoit and the topic this program covers.

Edited by Mobius

wtfpl-badge-1.png

Posted

Hi,

Great Job Dude as always.

TYVM for such tools.

5 stars from me & Thx again.

Respect!

[size="5"] [/size]
Posted

You don't specify any conditions for get it working but

I had to place your files in autoit3 directory, otherwise i get a Building Error 65535.

Thanks to share ! Posted Image

AutoIt 3.3.14.2 X86 - SciTE 3.6.0WIN 8.1 X64 - Other Example Scripts

Posted

You don't specify any conditions for get it working but

I had to place your files in autoit3 directory, otherwise i get a Building Error 65535.

Thanks to share ! Posted Image

wakillon,

I understand the embedded help text (also those within the MAN directory) are very bad.

When you download AutKit for best results you could:

Put it within the Compiler directory of you Au3 installation

or

Put it in a directory of its own say "AutKit" within the root directory of your Au3 installation directory.

both locations will be searched for the build files Aut2Exe AutoItSC.bin and UPX., I know you probably might not like that idea but using any of the 2 above directories will mean that relative paths to the include directory and other relative paths used by Aut2Exe (modified name A2ECamo) will not be affected.

If AutoIt3Camo does not find the build files Aut2Exe and AutoItSC.bin It will also search the directory of your script, or alternatively you could enter or drag these two files into thier respective edit fields on the MAIN tab.

wtfpl-badge-1.png

Posted

Posting this from my phone but it looks nice. Of course I've never writtin any code (at least in autoit) that I Wouldn't want people to see. Good job anyways. Also just an idea but (while being far to complicated) perhaps just going with your own post compile wrapper would be more secure? That is a wrapper for the wrapper on the compiled code. Still just 'another layer' but a thicker one then the others I would think.

Hope that made any semblance of sense.

[center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw

Posted (edited)

Posting this from my phone but it looks nice. Of course I've never writtin any code (at least in autoit) that I Wouldn't want people to see.

I imagine that a greater percentage of the community feel the same way.

Also just an idea but (while being far to complicated) perhaps just going with your own post compile wrapper would be more secure? That is a wrapper for the wrapper on the compiled code. Still just 'another layer' but a thicker one then the others I would think.

Hope that made any semblance of sense.

I am not sure I understand what you mean BillLuvsU, would you mind elaborating please?

I am guessing here but...

Do you mean ditch or merge the smaller utils with the main wrapper (AutoIt3Camo)?

Or perhaps you mean that the fuzzed A3x component should be wrapped in a fake original A3x header and tail data sequence to further confuse?

Edited by Mobius

wtfpl-badge-1.png

Posted (edited)

Nice!!!

It works great.

I had to find out how it all works, but I’m happy with it.

Keep up the great work!

Edited by nend
Posted (edited)

I concede it is desperately lacking a help file, if you are really stuck you could have a glance at this and wherever you read AutoHotkey read AutoIt3. Lame I know; so much has changed I doubt it will be of much use. :) But you could use it in conjunction with the embedded or nfo references in AutKit.

Edited by Mobius

wtfpl-badge-1.png

  • 2 weeks later...
Posted

A couple of my observations:

1 - Symantec will detect anything compiled/built using this as a Bloodhound.Malautoit threat unless you check both "Strip default interpreter resources" and "Crop A3X Tail bytes" on the Options tab.

2 - If I include an ICO file, I get the "A2ECamo.exe has encountered a problem and needs to close." error with the following information in the error report:

AppName: a2ecamo.exe

AppVer: 3.3.6.1

ModName: a2ecamo.exe

ModVer: 3.3.6.1

Offset: 000037d1

I have tried multiple ICO files with different resolutions, but get the same results. I can compile using the normal method supplied with AutoIt/SciTe.

The ????_appcompat.txt file generated contains the following:

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="A2ECamo.exe" FILTER="GRABMI_FILTER_PRIVACY">
    <MATCHING_FILE NAME="A2ECamo.exe" SIZE="305536" CHECKSUM="0x9FDADA46" BIN_FILE_VERSION="3.3.6.1" BIN_PRODUCT_VERSION="3.3.6.1" PRODUCT_VERSION="3, 3, 6, 1" FILE_DESCRIPTION="Aut2Exe" COMPANY_NAME="AutoIt Team" PRODUCT_NAME="Aut2Exe" FILE_VERSION="3, 3, 6, 1" ORIGINAL_FILENAME="Aut2Exe.exe" INTERNAL_NAME="Aut2Exe.exe" LEGAL_COPYRIGHT="©1999-2010 Jonathan Bennett &amp; AutoIt Team" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4E5A4" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.3.6.1" UPTO_BIN_PRODUCT_VERSION="3.3.6.1" LINK_DATE="04/16/2010 07:47:56" UPTO_LINK_DATE="04/16/2010 07:47:56" VER_LANGUAGE="English (United Kingdom) [0x809]" />
    <MATCHING_FILE NAME="A3C.exe" SIZE="146432" CHECKSUM="0x2F87CBB3" BIN_FILE_VERSION="0.11.0.0" BIN_PRODUCT_VERSION="0.11.0.0" PRODUCT_VERSION="0.11.0.0" FILE_DESCRIPTION="Armored Aut2Exe Wrapper" COMPANY_NAME="Darkside" PRODUCT_NAME="AutoIt3 Camo" FILE_VERSION="0.11.0.0" LEGAL_COPYRIGHT="© Vlad Mobius ~ 2011" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x0" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="0.11.0.0" UPTO_BIN_PRODUCT_VERSION="0.11.0.0" LINK_DATE="05/27/2011 18:54:02" UPTO_LINK_DATE="05/27/2011 18:54:02" VER_LANGUAGE="Language Neutral [0x0]" />
    <MATCHING_FILE NAME="A3XINJ.exe" SIZE="18944" CHECKSUM="0x2DC438E0" BIN_FILE_VERSION="0.1.0.0" BIN_PRODUCT_VERSION="0.1.0.0" PRODUCT_VERSION="0.1.0.0" FILE_DESCRIPTION="A3x Resource inject &amp; fuzz" COMPANY_NAME="Darkside" PRODUCT_NAME="A3XINJ" FILE_VERSION="0.1.0.0" LEGAL_COPYRIGHT="© Vlad Mobius ~ 2011" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x0" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="0.1.0.0" UPTO_BIN_PRODUCT_VERSION="0.1.0.0" LINK_DATE="05/27/2011 18:54:07" UPTO_LINK_DATE="05/27/2011 18:54:07" VER_LANGUAGE="Language Neutral [0x0]" />
    <MATCHING_FILE NAME="A3XMAP.exe" SIZE="27648" CHECKSUM="0xCD5C48AC" BIN_FILE_VERSION="0.1.0.0" BIN_PRODUCT_VERSION="0.1.0.0" PRODUCT_VERSION="0.1.0.0" FILE_DESCRIPTION="A3x Structure Mapper for AutKit" COMPANY_NAME="Darkside" PRODUCT_NAME="A3XMAP" FILE_VERSION="0.1.0.0" LEGAL_COPYRIGHT="© Vlad Mobius ~ 2011" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x0" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="0.1.0.0" UPTO_BIN_PRODUCT_VERSION="0.1.0.0" LINK_DATE="05/27/2011 18:54:12" UPTO_LINK_DATE="05/27/2011 18:54:12" VER_LANGUAGE="Language Neutral [0x0]" />
    <MATCHING_FILE NAME="A3XSH.exe" SIZE="13312" CHECKSUM="0x9A7E125" BIN_FILE_VERSION="0.1.0.0" BIN_PRODUCT_VERSION="0.1.0.0" PRODUCT_VERSION="0.1.0.0" FILE_DESCRIPTION="A3x overlay shunter" COMPANY_NAME="Darkside" PRODUCT_NAME="A3XSH" FILE_VERSION="0.1.0.0" LEGAL_COPYRIGHT="© Vlad Mobius ~ 2011" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x0" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="0.1.0.0" UPTO_BIN_PRODUCT_VERSION="0.1.0.0" LINK_DATE="05/27/2011 18:54:16" UPTO_LINK_DATE="05/27/2011 18:54:16" VER_LANGUAGE="Language Neutral [0x0]" />
    <MATCHING_FILE NAME="FAHKIT.exe" SIZE="14848" CHECKSUM="0xEAE1ED70" BIN_FILE_VERSION="0.1.0.0" BIN_PRODUCT_VERSION="0.1.0.0" PRODUCT_VERSION="0.1.0.0" FILE_DESCRIPTION="Fake AutoHotkey Interpreter Tail" COMPANY_NAME="Darkside" PRODUCT_NAME="FAHKIT" FILE_VERSION="0.1.0.0" LEGAL_COPYRIGHT="© Vlad Mobius ~ 2011" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x0" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="0.1.0.0" UPTO_BIN_PRODUCT_VERSION="0.1.0.0" LINK_DATE="05/27/2011 18:54:23" UPTO_LINK_DATE="05/27/2011 18:54:23" VER_LANGUAGE="Language Neutral [0x0]" />
    <MATCHING_FILE NAME="test.exe" SIZE="707584" CHECKSUM="0x7CA969CE" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA4491" LINKER_VERSION="0x0" LINK_DATE="04/16/2010 07:47:33" UPTO_LINK_DATE="04/16/2010 07:47:33" />
    <MATCHING_FILE NAME="UPX.exe" SIZE="271872" CHECKSUM="0x9377AB32" BIN_FILE_VERSION="3.3.0.0" BIN_PRODUCT_VERSION="3.3.0.0" PRODUCT_VERSION="3.03 (2008-04-27)" FILE_DESCRIPTION="UPX executable packer" COMPANY_NAME="The UPX Team [url="http://upx.sf.net"]http://upx.sf.net"[/url] PRODUCT_NAME="UPX" FILE_VERSION="3.03 (2008-04-27)" ORIGINAL_FILENAME="upx.exe" INTERNAL_NAME="upx.exe" LEGAL_COPYRIGHT="© 1996-2008 Markus F.X.J. Oberhumer" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x10000" UPTO_BIN_FILE_VERSION="3.3.0.0" UPTO_BIN_PRODUCT_VERSION="3.3.0.0" LINK_DATE="04/27/2008 07:42:39" UPTO_LINK_DATE="04/27/2008 07:42:39" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="kernel32.dll" SIZE="989696" CHECKSUM="0x2D998938" BIN_FILE_VERSION="5.1.2600.5781" BIN_PRODUCT_VERSION="5.1.2600.5781" PRODUCT_VERSION="5.1.2600.5781" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFE572" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5781" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5781" LINK_DATE="03/21/2009 14:06:58" UPTO_LINK_DATE="03/21/2009 14:06:58" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>

Let me know if I can provide any other information.

Posted

@Mobius

I have tried all directories you mentionned but it does not work, I always get this in the log :

Compiler unpack - Not packed with upx warning
Auto detect version from vdf failed!

Br, FireFox.

Posted (edited)

@All,

All I can say is that I have released some buggy shit in my time but the first release of AutoIt3Camo (which I never really expected to see the light of day) is right at the top of a stagnant steaming pile of excrement. :unsure:

Spent the last week and a half tearing it apart with extreme prejudice, and although this download is not the finished release of A3C 0.16.1.0 it is what I have in my repository until I post the finished article over the weekend.

There are still many bugs in this release, but hopefully many less than before.

A couple of my observations:

1 - Symantec will detect anything compiled/built using this as a Bloodhound.Malautoit threat unless you check both "Strip default interpreter resources" and "Crop A3X Tail bytes" on the Options tab.

2 - If I include an ICO file, I get the "A2ECamo.exe has encountered a problem and needs to close." error with the following information in the error report:

I have tried multiple ICO files with different resolutions, but get the same results. I can compile using the normal method supplied with AutoIt/SciTe.

The ????_appcompat.txt file generated contains the following:

1 Sequentially that is an example of why antivirus utils suck so badly, and why such a tool as AutoIt3Camo might not be such a hot idea, anything premade attracts n00b malware authors like shit does flies.

2 Please see the download above, that problem hopefully should be now fixed.

Let me know if I can provide any other information.

Bug reports are always welcome. :>

@Mobius

I have tried all directories you mentionned but it does not work, I always get this in the log :

Compiler unpack - Not packed with upx warning
Auto detect version from vdf failed!

Br, FireFox.

Regarding your directory problem, unfortunately I have not touched that region of A3C because I did not find any bugs regarding the location of the build files.

A3C will try to locate the files Aut2Exe and AutoItSC in the following directory regions:

  • In its own directory
  • In a directory called compiler above its own directory (..\compiler)
  • In the directory of your script / config file.
  • Or the path and filename you specify in the config / gui
Regarding your quoted log output, please see the download above.

Removed all that build detection and separate offset map file business (vdf), it was a retarded workaround when I should have just had A3C do it all, which it should now do.

Upx.exe has been removed as a dependency, which means A3C will not abort the build if it fails to find this file; it will just warn you that it is missing.

Plus a list of other things as long as my arm which I will post about upon release.

Edited by Mobius

wtfpl-badge-1.png

Posted (edited)

Nice tool, and for people concerned, about people decompiling their source. I would switch #AutoIt3Wrapper option #AutoIt3Wrapper_UseUpx= to N and pack your exe with something stronger then UPX, like themida.

:unsure: Besides most people don't use packers (like upx - mpress ...) for security reasons dude because it is futile, they merely want to reduce the overall size of the output binary which is something that bloaters like armadillo or themida certainly cannot do.

Edited by Mobius

wtfpl-badge-1.png

Posted (edited)

@Mobius

Thanks, it works like a charm !

Br, FireFox.

Thanks FireFox,

There are a number of bugs in it still, just this moment found a nasty one to do with the pack and alternate packer string mechanism which I thought I sorted. OM NOM NOM

:unsure:

Edited by Mobius

wtfpl-badge-1.png

Posted

There are a number of bugs in it still, just this moment found a nasty one to do with the pack and alternate packer string mechanism which I thought I sorted. OM NOM NOM

If there weren't bugs to chase, what would we all do in our spare time? :unsure:

After I get a couple of quick projects knocked out, I will re-test with the latest version.

Posted (edited)

If there weren't bugs to chase, what would we all do in our spare time? :unsure:

Spare Time?? sorry concept does not compute. :>;) Edited by Mobius

wtfpl-badge-1.png

  • 2 weeks later...
Posted (edited)

Yay no more bugs in editing posts :unsure:

A little later than planned but AutoIt3Camo Updated to 0.16.2.0

Edited by Mobius

wtfpl-badge-1.png

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...