Unc3nZureD Posted January 20, 2014 Share Posted January 20, 2014 I'm planning to make an obfuscator which is 3.3.10.2 compatible and will use some unique methods and will even obfuscate basic commands (like msgbox etc) with the brand new ability to be able to use the following method $asd = msgbox Well, yes I'm not one of the worlds best coder, and yes, it will take quite long time to develope it, but I'd like to try it I made a small list what I have to take care: Quoted Funcs: - #OnAutoitStartRegister "asd" - OnAutoItExitRegister( "asd" ) - OnAutoItExitUnRegister( "asd" ) - AdlibRegister( "asd" ) - AdlibUnRegister( "asd" ) - Call( "asd" ) - Hotkeyset( x, "asd" )Quoted Vars: - Assign( "var" ) - IsDeclared( "var" )Don't change: - $CmdLine - $CmdLineRaw - Include Variables/Funcs (Might have to include/obfuscate all, so won't cause problem -> but +time)Warning: - Execute() [Doesn't seem to be hard to deal with it, but who knows] - FileInstall() [mustn't encode string] - Change unique execute with real return value [unique function, makes Executable return the real return instead of 1/0] __________________________________________________________ Any more ideas what cases do I have to take care, which could cause trouble? Link to comment Share on other sites More sharing options...
guinness Posted January 20, 2014 Share Posted January 20, 2014 (edited) ...and your question is what exactly? You will soon understand why Jos (quite rightfully so) decided to consider dropping the Obfuscation portion of Obfuscator, because you're giving a false sense of protection to your users. I hope you understand that?! Edit: I also think using this feature $asd = msgbox is kind of pointless and insulting to those with some common sense, because it's not hard to work out that just by looking at it that it's a MsgBox(), I mean a simple search and replace would show that. Edited January 20, 2014 by guinness UDF List: _AdapterConnections() • _AlwaysRun() • _AppMon() • _AppMonEx() • _ArrayFilter/_ArrayReduce • _BinaryBin() • _CheckMsgBox() • _CmdLineRaw() • _ContextMenu() • _ConvertLHWebColor()/_ConvertSHWebColor() • _DesktopDimensions() • _DisplayPassword() • _DotNet_Load()/_DotNet_Unload() • _Fibonacci() • _FileCompare() • _FileCompareContents() • _FileNameByHandle() • _FilePrefix/SRE() • _FindInFile() • _GetBackgroundColor()/_SetBackgroundColor() • _GetConrolID() • _GetCtrlClass() • _GetDirectoryFormat() • _GetDriveMediaType() • _GetFilename()/_GetFilenameExt() • _GetHardwareID() • _GetIP() • _GetIP_Country() • _GetOSLanguage() • _GetSavedSource() • _GetStringSize() • _GetSystemPaths() • _GetURLImage() • _GIFImage() • _GoogleWeather() • _GUICtrlCreateGroup() • _GUICtrlListBox_CreateArray() • _GUICtrlListView_CreateArray() • _GUICtrlListView_SaveCSV() • _GUICtrlListView_SaveHTML() • _GUICtrlListView_SaveTxt() • _GUICtrlListView_SaveXML() • _GUICtrlMenu_Recent() • _GUICtrlMenu_SetItemImage() • _GUICtrlTreeView_CreateArray() • _GUIDisable() • _GUIImageList_SetIconFromHandle() • _GUIRegisterMsg() • _GUISetIcon() • _Icon_Clear()/_Icon_Set() • _IdleTime() • _InetGet() • _InetGetGUI() • _InetGetProgress() • _IPDetails() • _IsFileOlder() • _IsGUID() • _IsHex() • _IsPalindrome() • _IsRegKey() • _IsStringRegExp() • _IsSystemDrive() • _IsUPX() • _IsValidType() • _IsWebColor() • _Language() • _Log() • _MicrosoftInternetConnectivity() • _MSDNDataType() • _PathFull/GetRelative/Split() • _PathSplitEx() • _PrintFromArray() • _ProgressSetMarquee() • _ReDim() • _RockPaperScissors()/_RockPaperScissorsLizardSpock() • _ScrollingCredits • _SelfDelete() • _SelfRename() • _SelfUpdate() • _SendTo() • _ShellAll() • _ShellFile() • _ShellFolder() • _SingletonHWID() • _SingletonPID() • _Startup() • _StringCompact() • _StringIsValid() • _StringRegExpMetaCharacters() • _StringReplaceWholeWord() • _StringStripChars() • _Temperature() • _TrialPeriod() • _UKToUSDate()/_USToUKDate() • _WinAPI_Create_CTL_CODE() • _WinAPI_CreateGUID() • _WMIDateStringToDate()/_DateToWMIDateString() • Au3 script parsing • AutoIt Search • AutoIt3 Portable • AutoIt3WrapperToPragma • AutoItWinGetTitle()/AutoItWinSetTitle() • Coding • DirToHTML5 • FileInstallr • FileReadLastChars() • GeoIP database • GUI - Only Close Button • GUI Examples • GUICtrlDeleteImage() • GUICtrlGetBkColor() • GUICtrlGetStyle() • GUIEvents • GUIGetBkColor() • Int_Parse() & Int_TryParse() • IsISBN() • LockFile() • Mapping CtrlIDs • OOP in AutoIt • ParseHeadersToSciTE() • PasswordValid • PasteBin • Posts Per Day • PreExpand • Protect Globals • Queue() • Resource Update • ResourcesEx • SciTE Jump • Settings INI • SHELLHOOK • Shunting-Yard • Signature Creator • Stack() • Stopwatch() • StringAddLF()/StringStripLF() • StringEOLToCRLF() • VSCROLL • WM_COPYDATA • More Examples... Updated: 22/04/2018 Link to comment Share on other sites More sharing options...
Unc3nZureD Posted January 20, 2014 Author Share Posted January 20, 2014 Yes, the problem is that people can easily replace it however I'll try to make something new. I've got some new ideas which would be harder to replace (nothing is impossible) Lol, of course it won't be just simply $asd = msgbox, that was just a fast example. I will encrypt it, since you can execute them the following way: $asd = Execute("msgbox") Where you can easily encrypt anythign between "..." What am I waiting? Ideas which can be script breaking. For example commands which I forgot to mention in my notes (for example if you replace all the variables, but forgot to match it with assign it will cause trouble) I just want to know if someone knows anything which I forgot to note at the starting post. Maybe any helpful comment or something like that Link to comment Share on other sites More sharing options...
guinness Posted January 20, 2014 Share Posted January 20, 2014 Well so long as you mention that there will be an increase in execution who am I to tell you what to do. Good luck. UDF List: _AdapterConnections() • _AlwaysRun() • _AppMon() • _AppMonEx() • _ArrayFilter/_ArrayReduce • _BinaryBin() • _CheckMsgBox() • _CmdLineRaw() • _ContextMenu() • _ConvertLHWebColor()/_ConvertSHWebColor() • _DesktopDimensions() • _DisplayPassword() • _DotNet_Load()/_DotNet_Unload() • _Fibonacci() • _FileCompare() • _FileCompareContents() • _FileNameByHandle() • _FilePrefix/SRE() • _FindInFile() • _GetBackgroundColor()/_SetBackgroundColor() • _GetConrolID() • _GetCtrlClass() • _GetDirectoryFormat() • _GetDriveMediaType() • _GetFilename()/_GetFilenameExt() • _GetHardwareID() • _GetIP() • _GetIP_Country() • _GetOSLanguage() • _GetSavedSource() • _GetStringSize() • _GetSystemPaths() • _GetURLImage() • _GIFImage() • _GoogleWeather() • _GUICtrlCreateGroup() • _GUICtrlListBox_CreateArray() • _GUICtrlListView_CreateArray() • _GUICtrlListView_SaveCSV() • _GUICtrlListView_SaveHTML() • _GUICtrlListView_SaveTxt() • _GUICtrlListView_SaveXML() • _GUICtrlMenu_Recent() • _GUICtrlMenu_SetItemImage() • _GUICtrlTreeView_CreateArray() • _GUIDisable() • _GUIImageList_SetIconFromHandle() • _GUIRegisterMsg() • _GUISetIcon() • _Icon_Clear()/_Icon_Set() • _IdleTime() • _InetGet() • _InetGetGUI() • _InetGetProgress() • _IPDetails() • _IsFileOlder() • _IsGUID() • _IsHex() • _IsPalindrome() • _IsRegKey() • _IsStringRegExp() • _IsSystemDrive() • _IsUPX() • _IsValidType() • _IsWebColor() • _Language() • _Log() • _MicrosoftInternetConnectivity() • _MSDNDataType() • _PathFull/GetRelative/Split() • _PathSplitEx() • _PrintFromArray() • _ProgressSetMarquee() • _ReDim() • _RockPaperScissors()/_RockPaperScissorsLizardSpock() • _ScrollingCredits • _SelfDelete() • _SelfRename() • _SelfUpdate() • _SendTo() • _ShellAll() • _ShellFile() • _ShellFolder() • _SingletonHWID() • _SingletonPID() • _Startup() • _StringCompact() • _StringIsValid() • _StringRegExpMetaCharacters() • _StringReplaceWholeWord() • _StringStripChars() • _Temperature() • _TrialPeriod() • _UKToUSDate()/_USToUKDate() • _WinAPI_Create_CTL_CODE() • _WinAPI_CreateGUID() • _WMIDateStringToDate()/_DateToWMIDateString() • Au3 script parsing • AutoIt Search • AutoIt3 Portable • AutoIt3WrapperToPragma • AutoItWinGetTitle()/AutoItWinSetTitle() • Coding • DirToHTML5 • FileInstallr • FileReadLastChars() • GeoIP database • GUI - Only Close Button • GUI Examples • GUICtrlDeleteImage() • GUICtrlGetBkColor() • GUICtrlGetStyle() • GUIEvents • GUIGetBkColor() • Int_Parse() & Int_TryParse() • IsISBN() • LockFile() • Mapping CtrlIDs • OOP in AutoIt • ParseHeadersToSciTE() • PasswordValid • PasteBin • Posts Per Day • PreExpand • Protect Globals • Queue() • Resource Update • ResourcesEx • SciTE Jump • Settings INI • SHELLHOOK • Shunting-Yard • Signature Creator • Stack() • Stopwatch() • StringAddLF()/StringStripLF() • StringEOLToCRLF() • VSCROLL • WM_COPYDATA • More Examples... Updated: 22/04/2018 Link to comment Share on other sites More sharing options...
Unc3nZureD Posted January 21, 2014 Author Share Posted January 21, 2014 Heh, well, true... true... I should find a way which is secure at least a bit, and fast enough. I was just curious if I missed any command like thoose upper I think I will start it and later it will turn out if it works. Or I have to look for other ways to protect which is some more secure... Already got some ideas... Got so much things to do, but so little time Link to comment Share on other sites More sharing options...
Developers Jos Posted January 21, 2014 Developers Share Posted January 21, 2014 I'm planning to make an obfuscator which is 3.3.10.2 compatible and will use some unique methods and will even obfuscate basic commands (like msgbox etc) with the brand new ability to be able to use the following method $asd = msgbox I say go for it. I am sure it will be a learning experience as it was for me. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
trancexx Posted January 21, 2014 Share Posted January 21, 2014 Obfuscator would be wellcome as far as I'm concerned. guinness, don't be like that. Obfuscation can be done in many different ways, so Unc3nZureD you shouldn't be limiting yourself inside the box of existing solutions. What you should take into consideration is that you should make it non-reversble without number of manual intervention. This will kill the desire for deobfuscation very soon, even in "determined" hackers. For example (basic GuiCreate example from the help file): #include <GUIConstantsEx.au3> $_ = ObjCreate("Scripting.Dictionary") $_.Add(-1, $_) $_.Add(0, GUICreate) $_.Add(1, GUICtrlCreateButton) $_.Add(2, GUISetState) $_.Add(3, @SW_SHOW) $_.Add(5, Example) $_.Add(6, $GUI_EVENT_CLOSE) $_.Add(7, GUIDelete) $_.Add(8, $GUI_EVENT_CLOSE) $_.Add(9, "Example") $_.Add(10, "OK") $_.Add(11, GUIGetMsg) $_.Add(40, $_(-1)) $_.Add(17, -1) $_.Add(12, $_(-1)(40)) ($_(5))() Func Example() Local $hGUI = ($_($_(-1)(17))(0))(($_(9))) Local $idOK = ($_(1))((($_($_(40)(17)))(10)), 310, 370, 85, 25) ($_(-1)(2))(($_(40)(3)), $hGUI) While 1 Switch ($_(40)(11))() Case ($_(8)), $idOK ExitLoop EndSwitch WEnd ($_(-1)(7))($hGUI) EndFunc That can be obfuscated to the level which would make it impossible to be run through some de-obfuscator tool for source. Hiding code by encrypting strings and whatnot isn't really what obfuscation should be about. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
michaelslamet Posted January 21, 2014 Share Posted January 21, 2014 @trancexx: there must be something if you are the one who said that. If its possible, why not somebody create one? Link to comment Share on other sites More sharing options...
Unc3nZureD Posted January 21, 2014 Author Share Posted January 21, 2014 Well, that's a good idea. String encryption should be secondary. I think I should find solutions to make it real hard to reverse. Anyways your example gives some error for me. expandcollapse popup>"D:\Program Files\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.exe" /run /prod /ErrorStdOut /in "C:\Users\Unknown User\Desktop\ShellMod.au3" /UserParams +>12:01:32 Starting AutoIt3Wrapper v.2.1.4.0 SciTE v.3.3.7.0 ; Keyboard:0000040E OS:WIN_81/ CPU:X64 OS:X64 Environment(Language:0409 Keyboard:0000040E OS:WIN_81/ CPU:X64 OS:X64) >Running AU3Check (3.3.10.1) from:D:\Program Files\AutoIt3 "C:\Users\Unknown User\Desktop\ShellMod.au3"(18,18) : error: syntax error $_.Add(12, $_(-1)( ~~~~~~~~~~~~~~~~~^ "C:\Users\Unknown User\Desktop\ShellMod.au3"(20,9) : error: syntax error ($_(5))() ~~~~~~~~^ "C:\Users\Unknown User\Desktop\ShellMod.au3"(24,29) : error: syntax error Local $hGUI = ($_($_(-1)( ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^ "C:\Users\Unknown User\Desktop\ShellMod.au3"(25,26) : error: syntax error Local $idOK = ($_(1))( ~~~~~~~~~~~~~~~~~~~~~~~~~^ "C:\Users\Unknown User\Desktop\ShellMod.au3"(26,12) : error: unbalanced paranthesis expression. ($_(-1)( ~~~~~~~~~~~^ "C:\Users\Unknown User\Desktop\ShellMod.au3"(26,15) : error: syntax error ($_(-1)(2)) ~~~~~~~~~~~~~~^ "C:\Users\Unknown User\Desktop\ShellMod.au3"(26,24) : error: unbalanced paranthesis expression. ($_(-1)(2))(($_(40)( ~~~~~~~~~~~~~~~~~~~~~~~^ "C:\Users\Unknown User\Desktop\ShellMod.au3"(26,24) : error: unbalanced paranthesis expression. ($_(-1)(2))(($_(40)( ~~~~~~~~~~~~~~~~~~~~~~~^ "C:\Users\Unknown User\Desktop\ShellMod.au3"(26,27) : error: syntax error ($_(-1)(2))(($_(40)(3)) ~~~~~~~~~~~~~~~~~~~~~~~~~~^ "C:\Users\Unknown User\Desktop\ShellMod.au3"(28,23) : error: unbalanced paranthesis expression. Switch ($_(40)( ~~~~~~~~~~~~~~~~~~~~~~^ "C:\Users\Unknown User\Desktop\ShellMod.au3"(28,23) : error: syntax error Switch ($_(40)( ~~~~~~~~~~~~~~~~~~~~~~^ "C:\Users\Unknown User\Desktop\ShellMod.au3"(33,12) : error: unbalanced paranthesis expression. ($_(-1)( ~~~~~~~~~~~^ "C:\Users\Unknown User\Desktop\ShellMod.au3"(33,15) : error: syntax error ($_(-1)(7)) ~~~~~~~~~~~~~~^ C:\Users\Unknown User\Desktop\ShellMod.au3 - 13 error(s), 0 warning(s) !>12:01:32 AU3Check ended. Press F4 to jump to next error.rc:2 >Exit code: 2 Time: 0.452 Link to comment Share on other sites More sharing options...
trancexx Posted January 21, 2014 Share Posted January 21, 2014 There are no errors in that code. It can only be error in Au3Check. I see you use Jos' wrapper tool. You have directive there to disable AU3Check. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Unc3nZureD Posted January 21, 2014 Author Share Posted January 21, 2014 Heh, interesting. I compiled it and it works perfectly. I will disable AU3Check and analyze your code Thanks for the suggestion. Link to comment Share on other sites More sharing options...
trancexx Posted January 21, 2014 Share Posted January 21, 2014 After that analyze this: $_ = ObjCreate("Scripting.Dictionary") $_.Add(-1, $_) $_.Add(0, GUICreate) $_.Add(1, GUICtrlCreateButton) $_.Add(2, GUISetState) $_.Add(3, @SW_SHOW) $_.Add(3.21, Example) $_.Add(7, GUIDelete) $_.Add(21.3, 7) $_.Add(8, $GUI_EVENT_CLOSE) $_.Add(1/10, @AutoItPID) $_.Add(9, "Example") $_.Add(10.1, "OK") $_.Add(11, GUIGetMsg) $_.Add(40, $_(-1)) $_.Add(17, -1) $_.Add(0.75, $_(-1)(40)) $_.Add($_(.1), $_.item(8)) ($_(.321*10))() Func Example() Local $hGUI = ($_($_(-1)(17))(0))(($_(9))) Local $idOK = ($_(1))((($_($_(40)(17)))(9 + 1.1)), 310, 370, 85, 25) ($_(-1)(2))(($_(40)(3)), $hGUI) While 1 Switch ($_(3/4 + $_(0))(11))() Case ($_($_(.1))), $idOK ExitLoop EndSwitch WEnd ($_(-1)($_(21.3)))($hGUI) EndFunc ...It's the same thing only access is randomized more. Both examples are forms of simple obfuscation, so now imagine what would happen if I would add few more functions that would dynamically set dictionary elements (and then set it to its own elements). There would be no way to figure out what's going down, nor any chance of writting successful deobfuscator. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
michaelslamet Posted January 21, 2014 Share Posted January 21, 2014 trancexx, why dont you write one? it will be very useful for many people! Link to comment Share on other sites More sharing options...
trancexx Posted January 21, 2014 Share Posted January 21, 2014 Why do you think I haven't already? Maybe I wrote different compiler for AutoIt scripts too. One that wouldn't freak out AV-s. Maybe Jon knows that but doesn't want me to share it with you? Maybe he thinks that would make him look incompetent? Maybe things are different below surface than on top? Things are sometimes very different below surface than on top. I'm not interested in fighting wars. jaberwacky 1 ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Factfinder Posted January 21, 2014 Share Posted January 21, 2014 I'm aware of the fact that the topics about prevention of decompiling scripts are forbidden for good reasons and I'm not arguing that in any sense. The mods know what they are doing, thanks to them for the good job. I have also no issues with security workers who need to know if a program is malicious or not, but there are others over there that don't use reverse engineering for right reasons. I appreciate any effort to make it harder to decompile or understand the decompiled autoit programs. Link to comment Share on other sites More sharing options...
michaelslamet Posted January 21, 2014 Share Posted January 21, 2014 Why do you think I haven't already? Maybe I wrote different compiler for AutoIt scripts too. One that wouldn't freak out AV-s. Maybe Jon knows that but doesn't want me to share it with you? Maybe he thinks that would make him look incompetent? Maybe things are different below surface than on top? Things are sometimes very different below surface than on top. I'm not interested in fighting wars. I believe non of us interested to starting a fighting wars You both are very very very competent in your field, I believe nobody will think you both are not. And yes, I believe compiler that wont freak out AV-s and a really good obfuscator will be benefit for many good people. What is the goodness and happiness if we have something good but keep it for ourself? Link to comment Share on other sites More sharing options...
Mobius Posted January 22, 2014 Share Posted January 22, 2014 Why do you think I haven't already?Maybe I wrote different compiler for AutoIt scripts too. One that wouldn't freak out AV-s. Maybe Jon knows that but doesn't want me to share it with you? Maybe he thinks that would make him look incompetent? Maybe things are different below surface than on top? Things are sometimes very different below surface than on top. I'm not interested in fighting wars. So tell us trancexx don't flirt, what manner of polymorphic wizardry did you come up with in this private compiler build of yours that could consistently weather the abuse all other public tools get from haxor wannabes (your words) and antivirus companies alike? Far better than the method chosen to obstruct compiler and interpreter modification no doubt. Yes yes I know if you had your way such things would be irrelevant for the betterment of scriptdom. Anything and everything released publicly will get abused and flagged eventually even something crafted by your fair hand. The self belief that one might succeed where ALL others have failed is healthy and drives us to excel as individuals, however publicly promoting yourself as succeeding consistently where all others have failed is as big a joke as application security is. Link to comment Share on other sites More sharing options...
trancexx Posted January 22, 2014 Share Posted January 22, 2014 Who are ALL others? I remember when I was suggesting adding one particular feature to AutoIt, I was turned off because "it can't be done", because "if it would be possible other languages would have had it already", because "at least one would have done it before you". Later when I added it to the language, making it unique therefore, it was "Oh cool, it's possible". Your "ALL others" is invalid argument. I invented the current compiler which is better and more correct than the old one, and I invented new compiler which is better and more correct than the current. Why is that hard for you or anyone else to believe really isn't something I'll be losing sleep over. ...And saying I'm cracking jokes. Ouch. Exit 1 ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now