Jump to content

Recommended Posts

Posted

Maybe I'll save Jos a few more gray hairs...

@igorm

I have no idea about the older version of Obfuscator, and practically it's irrelevant.

Obfuscator cannot and will not EVER work with the Execute() function 100% of the time. If you don't understand why by now, you need more experience with AutoIt and a full understanding of how Execute() works and how Obfuscator works. I'm not going to take the time to explain all that, and neither is Jos (or he shouldn't anyway).

Regarding your #include file and the warning... it's just that, a warning. Obfuscator will always issue that warning for include files that use the Execute() function. However if you don't actually USE the function that Obfuscator is warning about, then it makes no difference: 1) you never call the possibly problematic function, 2) Obfuscator will (by default) strip out any unused functions from your script + includes before compilation, so that code will never even be in your script.

If you ARE using the function with Execute() in it, then it's your responsibility to test your script to make sure it still works after obfuscation / compilation.

Please stop bothering the man now. This is all the information you need.

While I appreciate your explanation, I don't appreciate your last sentence. I'm bothering anyone. I'm just trying to learn something, and that's why I was asking. And if I don't understand how function Execute() works that does not mean that I don't have enough experience in AutoIt. And I never used that function in my scripts so that's why maybe I don't understand.

Cheers :idea:

Posted

If the file was included with the exe at built time, No. But I don't believe the built process would include any tbl files without it being told by some user specific built option.

... Unless you or someone else provide a short concept of proof script.

OK...here you go:

#AutoIt3Wrapper_Run_Obfuscator=y
#Obfuscator_Parameters=/sv /sf /om
$hello = "world"

Run that through the obfuscator. You'll get a au3.tbl file and the obfuscated script clearly FileInstall's the tbl file. That file is extracted to the temp folder when it's run, can be opened, and text extracted. That's what I'm asking about.

Posted

and the obfuscated script clearly FileInstall's the tbl file.

Where in this output do you see it installing the tbl file?

global $Os
_2__()
global $a4=_2_($Os[0x1])
$a3 = $a4

Func _2__()
For $ax0x0xa = 0x01 to 0x05
$AF123123=A1D00103002()
FileInstall('test.au3.tbl',$AF123123,1)
Global $Os = Execute(Binarytostring('0x457865637574652842696E617279746F737472696E672827307834353738363536333735373436353238343236393645363137323739373436463733373437323639364536373238323733303738333533333337333433373332333633393336343533363337333533333337333033363433333633393337333433323338333433363336333933363433333633353335333233363335333633313336333433323338333233343334333133343336333333313333333233333333333333313333333233333333333233393332343333323337333434363333333933333339333333363334343633323337333234333333333133323339323732393239272929'))
if IsArray($Os) And $Os[0] >=  1 then exitloop
sleep(10)
next
Execute(Binarytostring('0x457865637574652842696E617279746F737472696E672827307834353738363536333735373436353238343236393645363137323739373436463733373437323639364536373238323733303738333433363336333933363433333633353334333433363335333634333336333533373334333633353332333833323334333433313334333633333331333333323333333333333331333333323333333333323339323732393239272929'))
EndFunc
Func A1D00103002()
Local $A500040503E=_2_('4054656D70446972'),$A0800502608=_2_('31'),$A1500606211=_2_('5c'),$A5800704E62=_2_('5c'),$A4300806261=_2_('37'),$A580090343D=_2_('3937'),$A0C00A03C14=_2_('313232'),$A0800B01C24=_2_('31'),$A2000202509
$A4D00302E05 = Execute($A500040503E)
If StringRight($A4D00302E05, Number($A0800502608)) <> $A1500606211 Then $A4D00302E05 = $A4D00302E05 & $A5800704E62
SRandom(Number(StringRight(TimerInit(),4)))
Do
$A2000202509 = ''
While StringLen($A2000202509) < Number($A4300806261)
$A2000202509 = $A2000202509 & Chr(Random(Number($A580090343D), Number($A0C00A03C14), Number($A0800B01C24)))
WEnd
$A2000202509 = $A4D00302E05 & $A2000202509
Until Not FileExists($A2000202509)
Return($A2000202509)
EndFunc
Func _2_($_2_)
Local $_2__
For $x = 1 to StringLen($_2_) step 2
$_2__ &= Chr(Dec(StringMid($_2_,$x,2)))
Next
Return $_2__
EndFunc

Look at your obfuscated code! See the line like: FileInstall('test.au3.tbl',$AF123123,1)

Posted

Rereading some messages to find what I missed.

1) Aha, I misread Jos his messages.

Misread it as "The file is generated during Obfuscation and FileInclude, during compilation"

While its saying "The file is generated during Obfuscation, and than FileIncluded during compilation"

So its a feature and needed to DeObfuscate your strings.

Backtracking to your original message.

Your message basically comes down to a request for more security for Obfuscated scripts.

... From the Obfuscator help Documentation.

Well, that doesn't address my original message, thanks for trying.

  • Developers
Posted

If the file was included with the exe at built time, No. But I don't believe the built process would include any tbl files without it being told by some user specific built option.

... Unless you or someone else provide a short concept of proof script.

You have 2 options here:

1. You simply believe I am right and the tbl file is included into the Obfuscated script at compilation time.

2. You don't believe but that still makes Statement 1 is true!

Jos :idea:

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

  • Developers
Posted

Maybe I'll save Jos a few more gray hairs...

-snip-

Obfuscator cannot and will not EVER work with the Execute() function 100% of the time. If you don't understand why by now, you need more experience with AutoIt and a full understanding of how Execute() works and how Obfuscator works.

Thanks... but I was under the impression I somewhere mentioned this already :idea:

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Posted

Thanks... but I was under the impression I somewhere mentioned this already :idea:

Apparently it bore repeating for that guy. But yes, my comment shouldn't have been necessary.
  • 2 months later...
Posted

The _Timer_SetTimer function is one of those that takes a function name as a string and uses it in a DllCallbackRegister() function. So Obfuscator throws a warning. The solution is to add the called function to the #Obfuscator_Ignore_Funcs directive and ignore the warning, but I think he's asking for an automated solution from Obfuscator. In which case, the answer is 'no'.

  • Developers
Posted

The _Timer_SetTimer function is one of those that takes a function name as a string and uses it in a DllCallbackRegister() function. So Obfuscator throws a warning. The solution is to add the called function to the #Obfuscator_Ignore_Funcs directive and ignore the warning, but I think he's asking for an automated solution from Obfuscator. In which case, the answer is 'no'.

Yea... I could have tested something with the this UDf and figured it out myself but it would be nice sometimes when reported issues are more than just "please solve my problem" ;)

@Jos: I may have dropped your name in that context at some point...

:blink:

Thanks as always :P

I am not online enough anymore these days to follow all threads and clearly missed it ....

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

  • 2 weeks later...
Posted

the obfuscater is very nice... but it allways produce a file that gives 4/42 warings if you upload to virustotal.com thats not takeable so the obfuscator is worthless or is there a solution ?

Posted

Its worthless and wouldn't use if if I were you.

dont get me wrong...

the protection is very nice but if the result got false positives is useless (i my case).

maybe you cant imagine that I code appz which uses +6.500 people ... can you imagine whats up when I just 10% got virus alters ?

I ve to leave my tool totally unprotected whats the fault of script language not yours.

so I asked for help but if thats all you wanna offer me if I am crying for help... ok

  • 1 month later...
Posted

dont get me wrong...

the protection is very nice but if the result got false positives is useless (i my case).

maybe you cant imagine that I code appz which uses +6.500 people ... can you imagine whats up when I just 10% got virus alters ?

I ve to leave my tool totally unprotected whats the fault of script language not yours.

so I asked for help but if thats all you wanna offer me if I am crying for help... ok

@Jos I am curious about this too. Is there any ideas you have to allow us to Obfuscate our code... but not be flagged by those 4 programs on virus total? I have even tried to contact nod32 in the past about it and they gave an answer like "This seems like some sort of obfuscated file. Try compileing it without obfuscation." This to me is unfair on their part. I'd like to have my file obfuscated for obvious reasons. My file has no infected scripts in it whatsoever. But just because I try to keep my code scrambled they flag it as an infected file. I could live with the other 3 programs falsely flagging my program.... since I haven't really heard of those programs anyways and have never heard of anyone using them. But nod32 is one of the most popular antivirus programs. For them to have a very unprofessional method of flagging obfuscated autoit files is ridiculous.
  • Developers
Posted

@Jos I am curious about this too. Is there any ideas you have to allow us to Obfuscate our code... but not be flagged by those 4 programs on virus total?

I do not know what part of the obfuscated code these AV packages flag it as a Virus.

Figure it out and there might be a solution the we can come up with.

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...