Jump to content

Recommended Posts

Posted

@BrewManNH I don't know what the size ratio typically is for obfuscated code, but I was using Mat's example. 105 bytes to 2826, which results in 26.91 times larger. It looks like you're saying that a non-obfuscated script would be compiled to be far larger than 27x the source (which I know it is), that also seems to imply that obfuscated code isn't much smaller than after compiling. Is obfuscated about the size of compiled or is it just a smaller multiplier?

Posted (edited)

When I compile a script with obfuscator using default settings, original source is about 1760 lines and 84K in size, the end result file is 1602k in size and 20600 lines long due to all the includes I use.

If I obfuscate it with just /sv and /sf which removes unused functions and variables (similar to what /so does) but still obfuscates all the functions and variables and whatnot the end result is 564K in size and 7240 lines or so.

If I do the same script with just the /striponly parameter it comes out at 536K and around 6240 lines.

So, by looking at the results of this, if you do not use Obfuscator at all, your file is going to be a lot larger than just your source code if you use any of the larger include files. If you run it and just use Obfuscator to strip the unused functions etc., it's about the same size (+/- 30K or so in my case) with or without obfuscation.

Edited by BrewManNH

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

  • Developers
Posted (edited)

@Jos I'm just one of those people that considers source code that is 27 times larger to be massive. Actually, in general I consider 27x to be quite a bit larger.

This is only for short scripts without Includes due to some overhead Func's being added. You will find that it is different for larger scripts and there are a couple of things to minimise the size by an option to obfuscate minimum to shorten all variable/func names and the Strip function, which removes all unused Func's and Global Variables.

You will find that the script in the EXE is many times smaller than simply compiling it. (Hence my remark ;) )

Jos

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Posted

@Jos I can see why some calls and executes would break it (since it seems a lot of what it does is converting everything to be called or executed), but what causes event/GUI related things to break it?

Posted (edited)

@Jos I can see why some calls and executes would break it (since it seems a lot of what it does is converting everything to be called or executed), but what causes event/GUI related things to break it?

Anything requiring a string function name is broken. (Edit: apart from in the case where obfuscator can read the string as Jos said above) Edited by Mat
Posted

Wrong, they'd both work just fine.

You should probably test these things for yourself prior to asking if they'd work. 1 minute of typing up some workable code would have answered the question.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Posted

@BrewManNH I'd prefer to know why they would work over simply knowing they would. Learning the rules of what works in the obfuscator is a lot easier than guessing at it all of the time. I thought it wouldn't work because Mat said that anything using a string variable name wouldn't work, but flipping back to Jos' example it looks like trying to concatenate or store a string in variable would break it. Is that the only rule? All of those works as long as you don't try to concatenate a string or store a string in a variable?

Posted

@BrewManNH I'd prefer to know why they would work over simply knowing they would. Learning the rules of what works in the obfuscator is a lot easier than guessing at it all of the time. I thought it wouldn't work because Mat said that anything using a string variable name wouldn't work, but flipping back to Jos' example it looks like trying to concatenate or store a string in variable would break it. Is that the only rule? All of those works as long as you don't try to concatenate a string or store a string in a variable?

No, string representations of functions will break IF its not a string literal. So your close, but its if you try and do anything to a string, not just concatenating or storing in a variable.
Posted

Basically, obfuscator cannot know the value of a variable at runtime. So this would break:

#Obfuscator_Parameters=/sf /sv /om /cs=0 /cn=0

$startButton = GUICtrlCreateButton("Start", 81, 160, 75, 25)
GUICtrlSetOnEvent($startButton,"begin")

$func = '_return'
GUIRegisterMsg($wm_command,$func)

Func _return()
EndFunc

So when obfuscating, it looks at the registered function $func, has no idea what the value is (remember it is not the interpreter and has no idea about variable values, etc), and removes Func _return() because it seems it is not used.

$0 = GUICtrlCreateButton("Start", 81, 160, 75, 25)
GUICtrlSetOnEvent($0,"begin")
$1 = '_return'
GUIRegisterMsg($2,$1)

Versus your example, obfuscator knows that GUIRegisterMsg takes a function name as its second parameter, and since it is a literal string it can find it, alter its name, whatever.

You can manually make my example work by using the #Obfuscator_Ignore_Funcs directive.

#Obfuscator_Parameters=/sf /sv /om /cs=0 /cn=0
#Obfuscator_Ignore_Funcs=_return

$startButton = GUICtrlCreateButton("Start", 81, 160, 75, 25)
GUICtrlSetOnEvent($startButton,"begin")

$func = '_return'
GUIRegisterMsg($wm_command,$func)

Func _return()
EndFunc

#Obfuscator_Ignore_Funcs=_return
$0 = GUICtrlCreateButton("Start", 81, 160, 75, 25)
GUICtrlSetOnEvent($0,"begin")
$1 = '_return'
GUIRegisterMsg($2,$1)
Func _return()
EndFunc
Posted (edited)

Further, since I think this might be your next question, what happens if _return() is called somewhere else and not removed entirely?

#Obfuscator_Parameters=/sf /sv /om /cs=0 /cn=0

$startButton = GUICtrlCreateButton("Start", 81, 160, 75, 25)
GUICtrlSetOnEvent($startButton,"begin")

$func = '_return'
GUIRegisterMsg($wm_command,$func)

_return()

Func _return()
EndFunc

It gets renamed and breaks anyway.

$0 = GUICtrlCreateButton("Start", 81, 160, 75, 25)
GUICtrlSetOnEvent($0,"begin")
$1 = '_return'
GUIRegisterMsg($2,$1)
_3()
Func _3()
EndFunc

Of course the Ignore_Funcs situation is handled as well, and is the safest way out. _return() retains its original name everywhere.

#Obfuscator_Ignore_Funcs=_return
$0 = GUICtrlCreateButton("Start", 81, 160, 75, 25)
GUICtrlSetOnEvent($0,"begin")
$1 = '_return'
GUIRegisterMsg($2,$1)
_return()
Func _return()
EndFunc
Edited by wraithdu
  • 1 month later...
Posted

Hi

I'm trying to decompile an .exe autoit file using exe2aut.exe

I get na obfuscated script which is fine since i'm not really interested in editing it, but when i try to run the .au3 script that i got, it gives me an error asking for a .tbl file.

I don't get that .tbl file after the exe2aut.exe decompile, so how can i extract it from the autoit .exe? Or is there some other way?

Thanks

  • Moderators
Posted

EQuSu,

Welcome to the AutoIt forum. :)

Unfortunately you appear to have missed the Forum rules on your way in. Please read them now (there is also a link at bottom right of each page) - particularly the bit about not discussing decompilation - and then you will understand why you will get no help. And if you ever mention decompiling a script again you will be permanently removed from the forum. :naughty:

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Posted (edited)

@Thread Starter

thank you for your wonderful program and you did the best thing to secure our source code...

however, i tried to compare and use exe2aut(decompiler application) with the 64bit and 32bit

64bit:

@Obfuscator

-fully obfuscated

@exe2aut

-fully unreadable for human

32bit:

@Obfuscator

-fully obfuscated

@exe2aut

-readable some text, and other personal strings shows up

my problem is that, i cant release a 32bit application to my users it is because maybe others know how to use autoit and they can decompile it...

can you suggest an alternative way to obfuscate the source code like the 64bit does.

thank you...

Edited by doppelGanger
  • Developers
Posted (edited)

@Thread Starter

thank you for your wonderful program and you did the best thing to secure our source code...

You are welcome.. BUT where have your read it make the sourcecode secure? Believe I made it pretty clear it doesn't make it secure at all! ;)

however, i tried to compare and use exe2aut(decompiler application) with the 64bit and 32bit

There is NO supported exe2aut and any other illegal stuff has been pretty much beaten to dead and isn't up for discussion in our forums any more.

Please read our forum rules.

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Posted

You are welcome.. BUT where have your read it make the sourcecode secure? Believe I made it pretty clear it doesn't make it secure at all! ;)

There is NO supported exe2aut and any other illegal stuff has been pretty much beaten to dead and isn't up for discussion in our forums any more.

Please read our forum rules.

sorry about those things i've said, but sir can't we discuss about the security about 32bit that I had post?

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...