Hidden file reappear after getting replaced

[apiznse]

Hi Guys,

I need to hide my config file because my software is using those file for updating. Apparently people knows the setting and they modified that file as they want.

This is causing my software to behave abnormal.

I tried to hide the file using attrib +HS. but when the file get replaced, the file appear again using new attrib without HS.

Is there anyway to force even if get replaced it will use the old file attribute?

Thanks guys

[FrancescoDiMuro]

Hi @apiznse, and welcome to the AutoIt forum
You can use a program like WinRAR or 7-Zip to create a self-extracting archive, so, when you update your file(s), their properties remain unchanged.
There are a lot UDF about Data compression, if you don't want to display things  

[apiznse]

1 hour ago, FrancescoDiMuro said:

Hi @apiznse, and welcome to the AutoIt forum
You can use a program like WinRAR or 7-Zip to create a self-extracting archive, so, when you update your file(s), their properties remain unchanged.
There are a lot UDF about Data compression, if you don't want to display things  

Hi FrancescoDiMuro,

 

Thanks for the tips.

Unfortunately i dont think it is applicable in my situation.

To make things clearer.

I'm handling system software for manufacturing. I have a software that using ini files to works.

Inside ini file also have option to bypass some test. Operator always went to this file and replace the dont bypass option into bypass.

The software already have password. But they are using backdoor step straight open as notepad and edit.

After each part process, this INI file will be dynamically updated. thus i cannot use Zip function.

i already have the function to detect which part was changed inside the INI file. 

In the meantime I want to try to hide the config, while maintaining it attrib even if the file get replaced. Because operator knows where the file location.

It would be hard to change the file path as multiple software is accessing the same file. I need to recompile all 3/4 software.

My code is:

 Func Lock()
   $iStatus = IniReadSection($iFilePath,"Status")
   $sInvent = FileSetAttrib ("C:\Windows\Inv_3.0.ini","+HS")
   $sInvent = FileSetAttrib ("C:\etp\Config\etp.ini","+HS")
   MsgBox(0,"","Success lock")
 EndFunc

 Func Unlock()
   Local $iKeyin
   Local $iPassBox =InputBox("Password needed","Please enter the password to proceed", "", "*")
   If $iPassBox = "SystemIT123$" Then
      $sInvent = FileSetAttrib ("C:\Windows\Inv_3.0.ini","-HS")
      $sInvent = FileSetAttrib ("C:\etp\Config\etp.ini","-HS")
      MsgBox(0,"", "Success")
   Else
      MsgBox(0,"WARNING!", "Wrong Password!")
   EndIf

 EndFunc

 

I've tested this and when i create new file with the same name. It will replaced the ini file and it attributes. 

Hence the file will reappear.

[FrancescoDiMuro]

24 minutes ago, apiznse said:

I have a software that using ini files to works.

Is this software created with AutoIt?
I'm asking this because you could use some crypting/decrypting methods, like this:

expandcollapse popup

#include <Crypt.au3>
#include <File.au3>

Global $strFileName = @ScriptDir & "\NotCryptedFile.ini", _
       $strCryptedFileName = @ScriptDir & "\CryptedFile.ini", _
       $arrFileContent

; Read the content of the file before encryption
_FileReadToArray($strFileName, $arrFileContent, $FRTA_NOCOUNT)
If @error Then
    ConsoleWrite("Error while reading the file '" & $strFileName & "' in the array. Error: " & @error & @CRLF)
Else
    ; Content of the file Before the encryption
    _ArrayDisplay($arrFileContent, "Before crypting the file:")

    ; Crypting of the file
    _Crypt_EncryptFile($strFileName, $strCryptedFileName, "abcd", $CALG_3DES)
    If @error Then
        ConsoleWrite("Error while crypting the file '" & $strFileName & "'.Error: " & @error & @CRLF)
    Else
        ; If the encryption has been done, then delete the file not encrypted
        FileDelete($strFileName)

        ; Read the content of the file after encryption
        _FileReadToArray($strCryptedFileName, $arrFileContent, $FRTA_NOCOUNT)
        If @error Then
            ConsoleWrite("Error while reading the file '" & $strCryptedFileName & "' in the array. Error: " & @error & @CRLF)
        Else

            ; Content of the file after encryption
            _ArrayDisplay($arrFileContent, "After crypting the file:")

            ; Decrypt the file
            _Crypt_DecryptFile($strCryptedFileName, $strFileName, "abcd", $CALG_3DES)
            If @error Then
                ConsoleWrite("Error while decrypting the file '" & $strFileName & "'. Error: " & @error & @CRLF)
            Else

                ; Read the content of the file after decryption
                _FileReadToArray($strFileName, $arrFileContent, $FRTA_NOCOUNT)
                If @error Then
                    ConsoleWrite("Error while reading the file '" & $strFileName & "' in the array. Error: " & @error & @CRLF)
                Else
                    ; Content of the file after decryption
                    _ArrayDisplay($arrFileContent, "After decrypting the file:")
                EndIf
            EndIf
        EndIf
    EndIf
EndIf

Just create a .ini file named "NotCryptedFile.ini", and run the code above.
Tell me if it could fit your request

Cheers
 

Edited August 27, 2018 by FrancescoDiMuro

[caramen]

I got exemple of encrypting data in autoit if needed pm me./

[TheSaint]

You could just store encrypted values in the INI file and decrypt after reading.

You could even have another INI entry that is a timestamp, that is the encryption password, that changes after every use ... so self updating if using current time each time.

 

[AutoBert]

2 hours ago, apiznse said:

Operator always went to this file and replace the dont bypass option into bypass.

don't give him this option, just ignore in new update from your app.

[TheDcoder]

@apiznse I would like to address the fact that you are not responsible for any abnormal behaviour caused by modification of your INI files, the responsibility should be fully on the "operator" who works on the manufacturing system. It really isn't possible to "secure" your software from being modified when the computer is not in your control

So I would recommend educating the operators and transfer the responsibility to them, Ideally they wouldn't need a software to baby sit them if they are working on a manufacturing system.

If you still insist on somehow dettering or discouraging this behaviour, you should try @AutoBert's solution of removing these options from the production version... but if you don't want to even do that, then I'd recommend applying some kind of encryption/obfuscation as suggested by @TheSaint.

You have to remember that you cannot fully make sure that they don't change anything which can modify the behaviour, the user is responsible for what the software does, not the developer!

Edited August 27, 2018 by TheDcoder
Complete the post...

[caramen]

I can add anyway you use for encoding your *.ini .... Nothing will dodge the fact that the user will always be able to corrupt used data.

 

If it s not by bypassing your option it will be possible to enter wrong data inside your ini that will make it crash anyway.

Edited August 27, 2018 by caramen

[rudi]

Hello,

You could use the ini values in a way, that they must present some secret string, if not present or not as expected, then the options will work "default".

An easy way to do so might be the hash code of the EXE file, that will change every time you rollout a new version. Have a look at

 

C:\Program Files (x86)\AutoIt3\Examples\Helpfile\_Crypt_HashFile.au3

 

Regards, Rudi.

[ViciousXUSMC]

You can put values in a registry and that should be harder for users to find, and if properly locked out of admin rights they cant edit.

[apiznse]

21 hours ago, FrancescoDiMuro said:

Is this software created with AutoIt?
I'm asking this because you could use some crypting/decrypting methods, like this:

expandcollapse popup

#include <Crypt.au3>
#include <File.au3>

Global $strFileName = @ScriptDir & "\NotCryptedFile.ini", _
       $strCryptedFileName = @ScriptDir & "\CryptedFile.ini", _
       $arrFileContent

; Read the content of the file before encryption
_FileReadToArray($strFileName, $arrFileContent, $FRTA_NOCOUNT)
If @error Then
    ConsoleWrite("Error while reading the file '" & $strFileName & "' in the array. Error: " & @error & @CRLF)
Else
    ; Content of the file Before the encryption
    _ArrayDisplay($arrFileContent, "Before crypting the file:")

    ; Crypting of the file
    _Crypt_EncryptFile($strFileName, $strCryptedFileName, "abcd", $CALG_3DES)
    If @error Then
        ConsoleWrite("Error while crypting the file '" & $strFileName & "'.Error: " & @error & @CRLF)
    Else
        ; If the encryption has been done, then delete the file not encrypted
        FileDelete($strFileName)

        ; Read the content of the file after encryption
        _FileReadToArray($strCryptedFileName, $arrFileContent, $FRTA_NOCOUNT)
        If @error Then
            ConsoleWrite("Error while reading the file '" & $strCryptedFileName & "' in the array. Error: " & @error & @CRLF)
        Else

            ; Content of the file after encryption
            _ArrayDisplay($arrFileContent, "After crypting the file:")

            ; Decrypt the file
            _Crypt_DecryptFile($strCryptedFileName, $strFileName, "abcd", $CALG_3DES)
            If @error Then
                ConsoleWrite("Error while decrypting the file '" & $strFileName & "'. Error: " & @error & @CRLF)
            Else

                ; Read the content of the file after decryption
                _FileReadToArray($strFileName, $arrFileContent, $FRTA_NOCOUNT)
                If @error Then
                    ConsoleWrite("Error while reading the file '" & $strFileName & "' in the array. Error: " & @error & @CRLF)
                Else
                    ; Content of the file after decryption
                    _ArrayDisplay($arrFileContent, "After decrypting the file:")
                EndIf
            EndIf
        EndIf
    EndIf
EndIf

Just create a .ini file named "NotCryptedFile.ini", and run the code above.
Tell me if it could fit your request

Cheers
 

Wow impressive stuff. I might use it for another project. Thanks!.

 

To answer your question. No my software is visual C++. Very old software just maintained by me.

I dont want to messed up the code by doing major adjustment thats why im trying to do a continous check file should be hidden even after replaced.

I come out with a workaround although in progress.

=======================================================

While 1 ; 1 for infinite loop

;------------------------------------------------------------
   Local $iFilePath = ("C:\HP\map_drives\do not delete this folder.ini")
   $iStatus = IniRead($iFilePath,"Status","Status","Unknown")
   If $iStatus = ("UH") Then
      ;do nothing
   Else
      $aInvent = FileGetAttrib("C:\Windows\Invent_3.0.ini")
      $aEtpanel = FileGetAttrib("C:\etpanel\Config\etpanel.ini")
      ;MsgBox(0,"", $aInvent & " / " & $aEtpanel) ;Hidden is ASH. Un hide is A
      If $aInvent <> ("ASH") Then
         MsgBox(0,"",$aInvent)
         ;Call ("Lock")
         $sInvent = FileSetAttrib ("C:\Windows\Invent_3.0.ini","+HS")
         _FileWriteLog($pathChangelog,@ComputerName & " "& @UserName &" invent re-locked!")
      EndIf
      If $aEtpanel <> ("ASH") Then
         ;Call ("Lock")
         $sEtpanel = FileSetAttrib ("C:\etpanel\Config\etpanel.ini","+HS")
         _FileWriteLog($pathChangelog,@ComputerName & " "& @UserName &" etpanel re-locked!")
      EndIf
      ;IniWrite ($iFilePath,"Status","Status","UH")
   EndIf

WEnd

======================================

 

So i create an ini file for status. If status is UH means i want the file to be unhide and not been re-hide.

if status is other then means i already done used the config and i already hide it. So whenever someone clever enough to replaced the file. AutoIt will autohide it again. (File obviously already replaced but its fine for now)

Unfortunately $sInvent = FileSetAttrib ("C:\Windows\Invent_3.0.ini","+HS") was denied. 

I need to enable #RequireAdmin to access windows file. However other function in this same code need to access network drive. I have tried several times; Whenever Admin is enabled autoit cannot get to the network drive. so I need to comment this ;#RequireAdmin.

Other ways is to create another exe with the requireadmin function and call. But I want to try combine in one exe only.

 

[apiznse]

19 hours ago, TheDcoder said:

@apiznse I would like to address the fact that you are not responsible for any abnormal behaviour caused by modification of your INI files, the responsibility should be fully on the "operator" who works on the manufacturing system. It really isn't possible to "secure" your software from being modified when the computer is not in your control

So I would recommend educating the operators and transfer the responsibility to them, Ideally they wouldn't need a software to baby sit them if they are working on a manufacturing system.

If you still insist on somehow dettering or discouraging this behaviour, you should try @AutoBert's solution of removing these options from the production version... but if you don't want to even do that, then I'd recommend applying some kind of encryption/obfuscation as suggested by @TheSaint.

You have to remember that you cannot fully make sure that they don't change anything which can modify the behaviour, the user is responsible for what the software does, not the developer!

I agree @TheDcoder. It just that, whenever wrong modification happen I need to get to know what was happening in order to debug. Operator b*lls*it answer is always "I don't know, it suddenly happen" or "This happen in other shift. I don't know". 

Yes, I had to follow @AutoBert solution if this is getting out of control. 

Handling people is very hard. 

[apiznse]

Thanks guys who posted to use encryption. This is like another level for me. 

But I will look at it.

It is very useful tho for my job environment.

[Simpel]

Just another note. If someone knows the name of the file it’s enough to go inside the folder and append the file name in the adressbar, even when it’s hidden. So you don’t have to make it visible if you want to edit but on the other hand the user can act the same way.

Simpel

[apiznse]

1 hour ago, Simpel said:

Just another note. If someone knows the name of the file it’s enough to go inside the folder and append the file name in the adressbar, even when it’s hidden. So you don’t have to make it visible if you want to edit but on the other hand the user can act the same way.

Simpel

Wow it is new knowledge for me. HAHA im so bad.

Then to edit my config I can just autoit the directory into browser or run and no need for unhide again. This just simplified my code much smaller!
Thanks @Simpel

[benched42]

In the past, I have used what I consider to be a simple solution to this. I put the INI file somewhere on the network that I have full rights to access but users have read-only access. Then I use a variable for the UNC to the INI file. Users can read the INI file without issue; they cannot change the contents of the INI. I use this method a lot so that when some things change, I simply change the INI file myself and it's instantly changed for all the users as well. NOTE: I also include code to check to see if the user can "see" the INI file.