AutoIt string & files encryption

[PELock]

Hi folks,

I've extended my service StringEncrypt to include code generation in AutoIt. With StringEncrypt you can encrypt strings / files and generate decryption code in AutoIt code.

https://www.stringencrypt.com/autoit-encryption/

Generated code is different each time since the encryption algorithm is polymorphic (random encryption commands are used each time). StringEncrypt can be used via Web, WebAPI (you can automate whole encryption process) and Windows client.

Sample decryption code:

; encrypted with https://www.stringencrypt.com (v1.0.0) [AutoIt]
#include <Array.au3>
 
; $Label = "Fast & easy AutoIt string and file encryption."
Global $Label[47] = [ 0xC254, 0xC273, 0xC261, 0xC260, 0xC212, 0xC236, 0xC202, 0xC24B, _
                      0xC253, 0xC281, 0xC277, 0xC20C, 0xC22B, 0xC277, 0xC27E, 0xC27D, _
                      0xC21B, 0xC280, 0xC22A, 0xC281, 0xC27E, 0xC25A, 0xC237, 0xC232, _
                      0xC255, 0xC21C, 0xC24F, 0xC22A, 0xC24E, 0xC214, 0xC248, 0xC247, _
                      0xC23E, 0xC237, 0x3E0A, 0xC233, 0xC234, 0xC251, 0xC27C, 0xC227, _
                      0xC282, 0xC280, 0xC247, 0xC27D, 0xC224, 0xC23E, 0x3D92 ];
 
For $SYdIB = 0 to 46
    $fWyHA = $Label[$SYdIB];
    $fWyHA += $SYdIB;
    $fWyHA = BitNOT($fWyHA);
    $fWyHA = BitXOR($fWyHA, $SYdIB);
    $fWyHA += $SYdIB;
    $fWyHA -= $SYdIB;
    $fWyHA = BitXOR($fWyHA, $SYdIB);
    $fWyHA = $fWyHA - 1;
    $fWyHA = BitXOR($fWyHA, $SYdIB);
    $fWyHA = $fWyHA + 1;
    $fWyHA += $SYdIB;
    $fWyHA = BitXOR($fWyHA, 0xC212);
    $fWyHA = BitNOT($fWyHA);
    $fWyHA += $SYdIB;
    $Label[$SYdIB] = ChrW(BitAND($fWyHA, 0xFFFF));
Next
 
$Label = _ArrayToString($Label, "")
 
ConsoleWrite($Label);

I have a favour to you, since this was my first time with AutoIt code generation, if you could spot any errors or / and can suggest any changes - feel free to tell me about it

https://www.stringencrypt.com/contact/

Here is a free activation code so you can use all of the features without any limitations

4259-B117-58DD-54D8

(if it expires, please PM me I will update it)

[iamtheky]

I think that is a fair first post, eventhough it is technically a link to paid software.  Can I see an encrypted string in use, such that if the autoit exe was decompiled, that string would still be encrypted AND that the map to unencryption not exist in plain text?  Or any other scenarios where this is more than a minor hurdle to overcome?

[PELock]

I think that is a fair first post, eventhough it is technically a link to paid software.  Can I see an encrypted string in use, such that if the autoit exe was decompiled, that string would still be encrypted AND that the map to unencryption not exist in plain text?  Or any other scenarios where this is more than a minor hurdle to overcome?

I make so little money from it it's more like a passion to me  but the price on the thing motivates me to constantly upgrade the service, pay for the servers etc., recently I've added support for Ruby and I already support most popular programming languages.

Yes, it stays encrypted even after decompilation.

<snip>

Edited October 21, 2015 by Melba23
Part of post removed

[PELock]

Recently I've coded AutoIt deobfuscator and I really like its syntax and for 99% I will create code obfuscator for AutoIt. I already created obfuscator for assembler source code, you can check the screenshots at https://www.pelock.com/products/obfuscator/screenshots this also is a niche software made more from the love to the assembly and software protection technolgies than from the money making perspective

[PELock]

I've upgraded encryption module, added bit rotations to the available encryption commands set + a few optimizations to avoid scenarios like eg. two XOR operations are used one after another, the result looks like this now:

; encrypted with https://www.stringencrypt.com (v1.1.0) [AutoIt]
#include <Array.au3>
 
; $Label = "More complex encryption in AutoIt!"
Global $Label[35] = [ 0x6544, 0x3B54, 0x9F24, 0xA334, 0x677D, 0xFB94, 0xBD64, 0xFB74, _
                      0x1FC5, 0x29D5, 0x71A5, 0x2DB5, 0x57FE, 0xF015, 0x9FE5, 0x1FF6, _
                      0xDC45, 0xF055, 0x3426, 0x1E36, 0x9E86, 0x8496, 0xC866, 0x0E77, _
                      0xF6C6, 0x16D7, 0x849F, 0x5CB7, 0x2707, 0x7317, 0x86E7, 0x94F7, _
                      0xB147, 0x2150, 0xB3AA ];
 
For $sEaxA = 0 to 34
    $GhDLV = $Label[$sEaxA];
    $GhDLV = BitRotate($GhDLV, 5, "W");
    $GhDLV = BitNOT($GhDLV);
    $GhDLV -= 0x45C2;
    $GhDLV += $sEaxA;
    $GhDLV = BitRotate($GhDLV, 15, "W");
    $GhDLV = $GhDLV + 1;
    $GhDLV += $sEaxA;
    $GhDLV -= 0x2BD0;
    $GhDLV = BitRotate($GhDLV, -8, "W");
    $GhDLV = BitXOR($GhDLV, $sEaxA);
    $GhDLV = BitXOR($GhDLV, 0x3E32);
    $GhDLV -= 0x132B;
    $GhDLV = BitRotate($GhDLV, -14, "W");
    $GhDLV = BitXOR($GhDLV, 0xB790);
    $GhDLV = BitRotate($GhDLV, 9, "W");
    $GhDLV += $sEaxA;
    $Label[$sEaxA] = ChrW(BitAND($GhDLV, 0xFFFF));
Next
 
$Label = _ArrayToString($Label, "")
 
ConsoleWrite($Label);

I plan to add more encryption keys within the main encryption / decryption loop and an additional conditional encryption commands. If you have any ideas - please tell me about it

[jchd]

Are the algorithms used documented somewhere?

[czardas]

Using random commands is just as likely to make an encryption weaker as it would make it stronger. That's my opinion. Randomness looks like something which, if identifiable, will leak some kind of information.

[PELock]

Are the algorithms used documented somewhere?

Using random commands is just as likely to make an encryption weaker as it would make it stronger. That's my opinion. Randomness looks like something which, if identifiable, will leak some kind of information.

It's a polymorphic encryption. It means the algorithms are generated randomly each time. There is no official specification, but that's the point of the polymorphic encryption to generate unique code each time. It's not a block cipher or any AES, Blowfish, but that's the point of this service, to generate random encryption commands with random decryption code.

Imagine you have some important string in your software and it gets cracked or analyzed each time you release a new version of it. You cannot avoid to put it in the script. If you would use static algorithm, even with a different key, the attacker could code a generic decryption tool and extract the secret text with ease. On the other hand if you would integrate the encryption process using StringEncrypt's WebAPI it would be very hard to write a generic decryption tool.

[czardas]

I'm generally suspicious of using random algorithms for encryption, however storing the password within the encryption is totally insecure. Perhaps the randomness solution may have some merit in this case. On the other hand, a random algorithm implies limited control over encryption strength. It would be interesting to see what jchd has to say.

[PELock]

I'm generally suspicious of using random algorithms for encryption, however storing the password within the encryption is totally insecure. Perhaps the randomness solution may have some merit in this case. On the other hand, a random algorithm implies limited control over encryption strength. It would be interesting to see what jchd has to say.

Again - that's the whole point of polymorphic encryption. To generate random code. I'm using polymorphic encryption in my exe-protector PELock to protect the code against generic unpacking methods. It's not designed for strong encryption but for fast encryption to hide things from prying eyes. Sometimes you need to store some secret stuff or you don't want your competitors see it in the plain text, it could be anything, paths, passwords, URLs, file contents. Please don't confuse polymorphic encryption with classic, strong encryption algorithms.

[czardas]

It's not designed for strong encryption but for fast encryption

My mistake.

[jchd]

Whatever strength or weakness is actually built into the scheme used, it does little to stop kid-sister prying eyes: simple reverse-engineering techniques will reveal the secret in the AutoIt case as well as in many other programmatic contexts.

[Melba23]

PELock,

It has been brought my attention that you have posted the output of a decompiled script in post #3 above. I realise it was in direct response to a previous question and intend to take no further action that removing it, but do NOT do such a thing again as it is in direct contravention of the AutoIt EULA and also against the Forum rules.

M23

 

[PELock]

Whatever strength or weakness is actually built into the scheme used, it does little to stop kid-sister prying eyes: simple reverse-engineering techniques will reveal the secret in the AutoIt case as well as in many other programmatic contexts.

But you cannot use generic methods to decrypt it. You have to analyze it each time something is re-encrypted. You cannot use deobfuscator unless you spend a plenty of time on it, implementing decryption code handling.

PELock,

It has been brought my attention that you have posted the output of a decompiled script in post #3 above. I realise it was in direct response to a previous question and intend to take no further action that removing it, but do NOT do such a thing again as it is in direct contravention of the AutoIt EULA and also against the Forum rules.

M23

I didn't know it was such a big secret  , sorry for that.