Jump to content

AutoCamo - 98.18b


Mobius
 Share

Recommended Posts

  • 4 weeks later...

I crypted a small file using your tool but some AV don't like it...

https://www.virustotal.com/file/a6599271a83f49d7b40fb73c73ec57c763b829b8fb3fa0da0b269cce5ec9263d/analysis/1331311247/

File "defi.au3"

msgbox(0, "Password", "Tu ne trouveras jamais le password mouhahaha !")
$gv86t4rhg4b8tr = "autoitscriptfr"

Is it possible that someone warn the AVs that they do false positive ?

Link to comment
Share on other sites

  • Moderators

lesolutionneur,

Why not do it yourself? :oops:

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites

  • Developers

Yes, I'm doing this but I just can't contact pctools: we must have a licence and I won't buy their crappy AV only for warning them that their AV make false positives...

That is fine, but then don't complain about it here to see if others can do it for you.

Jos

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

61.8 Update

New - Changed or Fixed in this release.

> Solution for retaining user options and content <

The file USR.pref which previously was only used to store default
  build options can now also be used to store entrances that are used
  in the menu definition file MNU.pref.

  Definitions within the user preference file are added alongside any
  that exist in the main menu file.

  Also useful is that macros defined within the user preference file
  that have the same macro id as a macro defined in the menu file can
  be used to override the contents of the menu file macro.

    Example: MNU.pref

    [A3C_MAC]
    AutoItDir = AU3D , %PROGRAMFILES%AutoIt3

    Example: USR.pref

    [A3C_MAC]
    ; What you put for the key  does not matter as long as you
       ; put at least 1 character to initialize the item.
    AU3D override = AU3D , X:MyDirAutoIt3
    ; Only the value is important which contains 'MACROID,Content'
    ; Items such as these are not added as macro menu items.

  The override occurs at runtime and only the macro's content alters
  not its menu item text.

  The file USR.pref will no longer be distributed with any new updates
  of AutoIt3Camo only a USR.pref.def file, which means that it should
  be safe to extract the contents of the update archive directly to
  your existing A3C install directory without the risk of losing your
  additions to any of the default options and menu's or macro's.

> A3C.pref settings moved <

The following options previously looked for in the main preference
  file have been moved to the user file.

    Window position storage
    A3C_MAINWIN
    A3C_LOGWIN

    Modifying output format for date and time macros & evars
    A3C_DATEFORMAT
    A3C_TIMEFORMAT

> Resource string type definition fix <

Silly persistent bug when using a user defined string as a resource
  type has been fixed permanently.

  Example:
    [A3C_RES]
    ; This will now work as expected
    = SOUND } MYSOUND_1 } 1049 } MySound.wav

> AutoItWrapper resource type id update <

You can now use the RT_... id's used by AutoItWrapper as well as
  the api and native id's when defining the resource type.

  Example:
    [A3C_RES]
    ; Wrapper type id method
    = RT_RCDATA } DATA_1 } 1049 } MyFile1.dat
    ; Camo type id method
    = RC } DATA_2 } 1049 } MyFile2.dat
    ; Api type id method
    = 10 } DATA_3 } 1049 } MyFile3.dat

  For a full list of supported type id's see embedded reference
    Help (Button) -> Interface -> Resources

> Additional Input popup menu entrances <

Import AutoItWrapper directives:
  A way to execute AWC.exe on an au3 file via the graphic interface.

  Import from clipboard:
  Saves the text content on the clipboard to A3CLast settings.a3c
  and attempts to retrieve build config options from it.

> Pop out log window improvements <

The following main menu items have been added to the log window to
  provide basic (but much needed) control over the explorer tab(s).

    Back    : Navigate backward to a previous path
    Up    : Go up to the parent directory of the current sub dir
    Forward : Navigate forward to a previous path
    Refresh : Recycle shell context menu able explorer control
    Browse  : Dialog to select a file whose path to use as current.

  Another explorer tab has been added in addition to the basic context
  menu capable tab.

  Both explorer tabs track the same directory when you browse within
  them or change thier directory via other means.

  This new X explorer is not context menu capable but it does provide
  the following:

    Realtime macros

    These can be used anywhere but generally intended for use in
    custom menu items.

    XDRV = Drive being explored.
    XDIR = Directory being explored.
    XSEL = Selected item text.
    XOBJ = Full path of selected item.

    Additional modifyable menu config groups

    These are used when you right click on an item within the X
    explorer tab.

    A3C_EXP_DIR_MNU = For menu items when a directory is selected
    A3C_EXP_OBJ_MNU = For menu items when a file is selected
    A3C_EXP_ALL_MNU = For menu items to always add to both menus.

    Currently all three of the new menus use identical config
    rules for its items as the the main window Kit button menu

> Character alternatives for previously numerical parameters <

The Run or Run When parameter for execution config now supports:
    2 or P = Pre processing
    0 or B = Before build
    1 or A = After build

  The Existence parameter for patch config now supports:
    0 or B = Both
    1 or C = Compiler
    2 or I = Interpreter

> No hiding main A3C window <

Previously executing an external program from the 'Kit' button menu
  and waiting for it to finish would cause A3C to hide its main window
  and create a tray icon. This really got on my nerves so I removed it

  I will probably add additional character tokens to allow the user to
  tell A3C what to do with its main window in a future build.

> AWC.exe <

Fixed some incorrect generation options for the USEUPX wrapper
  directive concerning the target file and when the packer should
  be run.

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

62.9 Update

Fixed problems concerning

  • Both explorer like tabs in the pop out log window
  • Default mnu.pref entrances.
Added or updated
  • An AutoIt script to quickly set the AU3D macro in the 'etc' sub directory
  • From a Kit based menu a console apps output can be appended to the log using "<<Program.exe}..."
Download: A3C_62.9.7z Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

  • 1 month later...

Replying to this PM here since it is what the thread is for.

Hey. Thank you for soft but I, as a Developer, need some help.

Clearly...

How to make it more automatical, like Au3Wrapper which launchs Tidy, Obfuscator and etc.

Try running awc.exe on your existing AutoItWrapper Config file.

(you can also import wrapper directives from a3c's gui)

It's annoying to go to the program, and load file (or through cmdline)

You have just disregarded two primary ways of using most applications.

Until I have learned the finer points of windows mind reader for applications api, I am afraid my tool must suffer your bluntness.

Any suggestion? ;)

Read the mother lovin manual, or alternatively continue to use AutoItWrapper. (i would consider the latter a personal favor)

(posted from cell in work, now thats patience.)

Vlad

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

I'm sorry but your manual and gui hard to understand.

I suggest you to make step-by-step manual of integration.

Now using by this way

;~ #AutoIt3Wrapper_Run_Before=.......{PATH}.....A3C.exe ~awc %in%

How to override wrapper settings? I've found examples.

#cs A3C
; AutoIt3Camo
A3C_IN=WaspHider.au3
A3C_ICO=C:Program Files (x86)AutoIt3Aut2ExeIconsSETUP04.ICO
A3C_OUT=Obfuscated.exe
;A3C_INC=Dummy.au3
A3C_NFO=Example of using obfuscator.exe *Requires the OBF macro*/NIts a littly tricky due to the static script references used./N/NCheck the execute tab.
[A3C_PBE]
Obfuscating:=?@OBF>}Dummy.au3}@SD>}0}P
[A3C_VER]
FileDescription=Dummy Example
FileVersion=1,0
[]
#ce ;A3C

How to make Scite understand this?

IMHO, it's hard to find something at your interface.

Edited by Loller5
Link to comment
Share on other sites

I'm sorry but your manual and gui hard to understand.

I suggest you to make step-by-step manual of integration.

Now using by this way

;~ #AutoIt3Wrapper_Run_Before=.......{PATH}.....A3C.exe ~awc %in%

How to override wrapper settings? I've found examples.

#cs A3C
; AutoIt3Camo
A3C_IN=WaspHider.au3
A3C_ICO=C:Program Files (x86)AutoIt3Aut2ExeIconsSETUP04.ICO
A3C_OUT=Obfuscated.exe
;A3C_INC=Dummy.au3
A3C_NFO=Example of using obfuscator.exe *Requires the OBF macro*/NIts a littly tricky due to the static script references used./N/NCheck the execute tab.
[A3C_PBE]
Obfuscating:=?@OBF>}Dummy.au3}@SD>}0}P
[A3C_VER]
FileDescription=Dummy Example
FileVersion=1,0
[]
#ce ;A3C

How to make Scite understand this?

IMHO, it's hard to find something at your interface.

I apologize, use of the term "developer" in your PM led me astray.

After reading what I have quoted I can see that you are probably very new to all of this.

With this in mind I guess I can relate to some of your gripes concerning AutoIt3Camo.

Concerning your frustration with interface Vs commandline?:

In the AutoIt3Camo download browse to the ETC subdirectory, in it you will find an AutoIt3 script called 'A3CSHLINT.au3', which will add file context shell integration for .au3 .cfg & .a3c files.

(All 3 supported files)

Camouflage (silent) : Auto builds, displays no interface, dumps its log to a file in the script directory.

(.cfg & .a3c)

Camouflage (con) : Auto builds & displays its log to a console window.

(.au3 only)

Camo wrapper : Attempts to convert AutoIt3Wrapper directives into an AutoIt3Camo config.

(It is still early days on this as most but not all wrapper functionality is supported)

Concerning your attempt to run AutoIt3Camo through AutoItWrapper

Don't.

Both A3W and A3C are similar classes of tool, you are meant to use either one or the other.

Concerning your attempt to convert an example:

Put the following in a config file that is in your scripts directory.

A3C_IN=WaspHider_obfuscated.au3
A3C_ICO=@CMPD>IconsSETUP04.ICO
A3C_OUT=WaspHider.exe
[A3C_PBE]
Obfuscating:=?@OBF>}WaspHider.au3}@SD>}0}P
[A3C_VER]
FileDescription=I hide wasps apparently ;)
FileVersion=1.0.0.0

Or this exactly as it appears inside your script.

#cs A3C
A3C_IN=WaspHider_obfuscated.au3
A3C_ICO=@CMPD>IconsSETUP04.ICO
A3C_OUT=WaspHider.exe
[A3C_PBE]
Obfuscating:=?@OBF>}WaspHider.au3}@SD>}0}P
[A3C_VER]
FileDescription=I hide wasps apparently ;)
FileVersion=1.0.0.0
[]
#ce ;A3C

And build either through your newly aquired shell integration or through the interface until you know what you are doing.

In case you did not know you can drag and drop a config / script containing AutoIt3Camo config options if you wish.

How to make Scite understand this?

Your guess is as good as mine, perhaps Scite has its own manual in which it describes how you edit its own config files.

Vlad

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

After reading what I have quoted I can see that you are probably very new to all of this.

3 years.. Hmm. I'm simply too lazy :D

But Laziness is the mother of invention! ;)

Thanks for help. I've understood without reading your answers. Sorry for "brainfuck" :D

I've writen some False-Positive reports to Kaspersky Lab because of compilation software and MPRESS heuristics detections. :

But I still have one problem, can you help me?

So, When I want to obfuscate my source and use MPRESS, I get error. When I use obfuscator and UPX, same error.

Error screen:

Posted Image

a3c content:

; AutoIt3Camo

A3C_IN=Dummy_obfuscated.au3

A3C_ICO=RES\MMAN13.ico

A3C_OUT=Obfuscated.exe

;A3C_INC=Dummy.au3

A3C_NFO=Example of using obfuscator.exe *Requires the OBF macro*/NIts a littly tricky due to the static script references used./N/NCheck the execute tab.

[A3C_PBE]

Obfuscating:=?@OBF>}Dummy.au3}@SD>}0}P

MPRESS packing before attaching a3x:=?UPX.exe}-9 "@BIN>"}@SD>}0}B

[A3C_VER]

FileDescription=Dummy Example

FileVersion=1,0

[]

If I uncomment the A3C_INC line - it will work fine. But A3C_INC : Filepath to include config data from. (opt)

Dear Dev, is it correct? :) Thank you very much for your answers :dance:

Is it compiles and obfuscated script?

P.S. in this way I use UPX, but no difference.

P.P.S Thank for software! *DRINK* ;]

Edited by Loller5
Link to comment
Share on other sites

3 years.. Hmm. I'm simply too lazy :D

But Laziness is the mother of invention! ;)

Is that So... (rhetoric)

Thanks for help. I've understood without reading your answers. Sorry for "brainfuck" :

:)

I've writen some False-Positive reports to Kaspersky Lab because of compilation software and MPRESS heuristics detections. :dance:

Posted Image

But I still have one problem, can you help me?

So, When I want to obfuscate my source and use MPRESS, I get error. When I use obfuscator and UPX, same error.

Error screen:

If you wan't to see what the actual error message is then tell A3C to 'keep the original resources' then rebuild and rerun.

You can find this in the options tab or alternatively put within a config file A3C_KOR=1

a3c content:

; AutoIt3Camo

A3C_IN=Dummy_obfuscated.au3

A3C_ICO=RESMMAN13.ico

A3C_OUT=Obfuscated.exe

;A3C_INC=Dummy.au3

A3C_NFO=Example of using obfuscator.exe *Requires the OBF macro*/NIts a littly tricky due to the static script references used./N/NCheck the execute tab.

[A3C_PBE]

Obfuscating:=?@OBF>}Dummy.au3}@SD>}0}P

MPRESS packing before attaching a3x:=?UPX.exe}-9 "@BIN>"}@SD>}0}B

[A3C_VER]

FileDescription=Dummy Example

FileVersion=1,0

[]

I just built the example using the exact options you posted and recieve no errors.

Try posting the A3C construction log, with "Extra log info" enabled before you build.

A couple of things to remember concerning packers, thier parameters and when to run them.

upx supports the a3x data so you can safely run it After the build on the Output exe file.

=?UPX.exe}--best "@OUT>"}@SD>}0}A

You could also run it Before the build, but must direct it to the modified interpreter if you do so since the output exe does not exist yet.

=?UPX.exe}--best "@BIN>"}@SD>}0}B

mpress does NOT support the a3x data so must be executed Before the build on the modified interpreter

=?MPRESS.exe}-s "@BIN>"}@SD>}0}B

Many such quirks exist with other types of softarmor (packers) where executable overlay content is not supported or claims to be supported but is not, so you must tailor the executable request to cater for such tools.

If I uncomment the A3C_INC line - it will work fine. But A3C_INC : Filepath to include config data from. (opt)

Dear Dev, is it correct? :D Thank you very much for your answers :ILA2:

Is it compiles and obfuscated script?

P.S. in this way I use UPX, but no difference.

P.P.S Thank for software! *DRINK* ;]

Yes that is exactly what the A3C_INC option does, its use in the examples in this case is simply to show how a user could

split A3C options between two files.

If you look at Obfuscating.a3c and Dummy.au3 in a code editor you will see that Obfuscating.a3c already contains the same

version info config as Dummy.au3, which is why it is disabled within the template, enabling it (in this case) will do nothing at all. :ILA2:

Vlad

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

Hello Mobius. I'm using AutoIt since some weeks only and discover your power tool today. I've started to read the embedded help (step-by-step:) and seen your file called SATVA.chm. I'm planning to use AutoIt (because of its short dev-cycle in automation field) for commercial tool, so, I'm very concerned about anti-reverse-engeneering (but knowing I'm an independant developer, price does matter and I have to found the right and smart threshold). Well, considering A3C, what you say in SATVA.chm and your obvious experience in all of this protection field, what "best combination" you could advice me ? AutoIt3Camo and what other tool ? Knowing I don't need any trial nor licensing management, but a safe-enough protection against decompiling and access to my script code - A3X part of the EXE if I've well understood).

And bravo! for your work on A3C ;)

Link to comment
Share on other sites

Hello Mobius. I'm using AutoIt since some weeks only and discover your power tool today. I've started to read the embedded help (step-by-step:) and seen your file called SATVA.chm. I'm planning to use AutoIt (because of its short dev-cycle in automation field) for commercial tool, so, I'm very concerned about anti-reverse-engeneering (but knowing I'm an independant developer, price does matter and I have to found the right and smart threshold). Well, considering A3C, what you say in SATVA.chm and your obvious experience in all of this protection field, what "best combination" you could advice me ? AutoIt3Camo and what other tool ? Knowing I don't need any trial nor licensing management, but a safe-enough protection against decompiling and access to my script code - A3X part of the EXE if I've well understood).

And bravo! for your work on A3C ;)

Hey eranon,

This is a commercial enterprise! Okay our most honest response for this would be:

Don't use AutoIt and don't use software armoring tools.

Then source level obfuscation is an essential delaying tactic, be it home grown or a modification of existing solutions,just nothing static or public. (anything else applied is purely optional in a false sense of security sort of way)

If you are charging for your work then put all your effort into its development and forget about trying to prevent reverse engineering, although you should be commended for avoiding crap like expire and signature countermeasures.

If you are not charging for your work then do what you must and don't worry about it.

wtfpl-badge-1.png

Link to comment
Share on other sites

Thanks for this honest replu, Mobius. But, maybe, I should present state of my side a little bit more : I'm basically a C++ developer, but - and this but is very important - these last year the use of right langae of right project is became more and more crucial... And more when you're an independent (ie. not an enterprise and one of these developer who earn money in enterprise and develop for fun during the reste of time - their spare-time). For the project(s) I talk about, my choice of AutoIt is directed by two things : speed of development and client budget (when you're an independent - don't know if you're one, but me, yes, since ten years - you've not always the choice, but you *MUST* sometimes do things the most reasonable way - ie. quickly and at low cost, just to gain the customer and go toward bigger project after this stage). All of this said, like Joe, I definitly will use AutoIt... So, I'll follow you advice : proprietary obfuscating, but is that enough ? Hum ? What about A3C and packers ?

Link to comment
Share on other sites

Mobius, so I've got the messages from Kasper.

They solved Trojan.Win32.Generic of EXE detection of compiler.

But the MPRESS detection left as HEUR:Trojan.Win32.Generic

Здравствуйте,

Файл детектируется, т.к. создан с помощью одного из компиляторов AutoIt, использующихся преимущественно для сокрытия вредоносного кода.

С Уважением, Ушков Артем

Вирусный аналитик

-----------------------------------------------------------------------

Translation.

Hello,

File is detecting because it's created with one of AutoIt compilers used principally for hidding malicious code.

Regard bla bla bla.

P.S. As I understand, I can simply UPX .bin stub and Aut2exe.exe and not use UPX packer in compiler script, cannot I? ;]

Edited by Loller5
Link to comment
Share on other sites

Thanks for this honest replu, Mobius. But, maybe, I should present state of my side a little bit more : I'm basically a C++ developer, but - and this but is very important - these last year the use of right langae of right project is became more and more crucial... And more when you're an independent (ie. not an enterprise and one of these developer who earn money in enterprise and develop for fun during the reste of time - their spare-time). For the project(s) I talk about, my choice of AutoIt is directed by two things : speed of development and client budget (when you're an independent - don't know if you're one, but me, yes, since ten years - you've not always the choice, but you *MUST* sometimes do things the most reasonable way - ie. quickly and at low cost, just to gain the customer and go toward bigger project after this stage). All of this said, like Joe, I definitly will use AutoIt... So, I'll follow you advice : proprietary obfuscating, but is that enough ? Hum ? What about A3C and packers ?

No of course unmodified already available obfuscation is not enough, but it is a start regarding your last line of defense.

A3C's defensive focus (what little there is) lies solely with decompilers that rely entirely upon static detection of the a3x component (something it achieves reasonably but it is a delaying tactic nothing more), It does nothing at all to make your code appear different nor does it in any way defend against memory detection.

Packers! the only thing a packer can do for a standalone AutoIt executable is reduce the interpreter size, most of them can do nothing at all for the a3x overlay. There isn't a public armoring tool on the planet that has not already been reversed and the directions for doing so clearly and freely documented. (mercifully)

Mobius, so I've got the messages from Kasper.

They solved Trojan.Win32.Generic of EXE detection of compiler.

But the MPRESS detection left as HEUR:Trojan.Win32.Generic

P.S. As I understand, I can simply UPX .bin stub and Aut2exe.exe and not use UPX packer in compiler script, cannot I? ;]

Cannot you?! (lost in translation somewhere I think, in case my attempt at humor falls flat the answer is no.) Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

  • 4 months later...
  • Mobius changed the title to AutoCamo - 98.18b

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...