Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate

Obfuscator for AutoHotkey


  • Please log in to reply
20 replies to this topic
PhiLho
  • Moderators
  • 6850 posts
  • Last active: Jan 02 2012 10:09 PM
  • Joined: 27 Dec 2005

I'm curious about how quickly a script with file change notification could react. The file change script would have to be scanning all the folders in every disk, because you could have a script randomly place the plain AutoHotkey script anywhere.

No. Althought I don't have experience in this field, I believe the system offers filesystem change notification, ie. it is the system that detects any change on the disk (and in cache?) and notify the requester: no scan of disk.
I don't know if that is what shimanov implemented (problem with callback?), but it can be done in another language (at least in C).

I just checked the AU3 link, the sources are indeed quite unreadable, not far of what I suggested, perhaps with additional encryption of strings and numbers, and very long variable names.

The idea of source preprocessor is interesting, I think Laszlo suggested it in days of less advanced syntax (no expressions, etc.): either you write obfuscated code to be more or less decrypted before running, or you write in a slightly different language, more friendly for programmers, to be translated in pure AHK code.
Posted Image vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")

AHKnow*
  • Guests
  • Last active:
  • Joined: --

I'm curious about how quickly a script with file change notification could react. The file change script would have to be scanning all the folders in every disk, because you could have a script randomly place the plain AutoHotkey script anywhere.

No. Althought I don't have experience in this field, I believe the system offers filesystem change notification, ie. it is the system that detects any change on the disk (and in cache?) and notify the requester: no scan of disk.
I don't know if that is what shimanov implemented (problem with callback?), but it can be done in another language (at least in C).


I'm not saying that the appearance of the file can't be detected, because it can be detected. I'm saying can a "file change notification and read script/program" detect and read the file before its deleted. I have some doubts that it could. Especially, if the location of where the file would be is very random. Then there is the whole issue of tweaking the time of the file existence to the very minimum necessary, so that by the time the "file change notification and read" program tries to copy/read the file, the file will not be there.

The file change and read program, would also have to be very specific to trying to read AutoHotkey files/specific files, because many legitimate files can appear and then disappear (like in the temp directory).

The idea of source preprocessor is interesting, I think Laszlo suggested it in days of less advanced syntax (no expressions, etc.): either you write obfuscated code to be more or less decrypted before running, or you write in a slightly different language, more friendly for programmers, to be translated in pure AHK code.


I also think the source preprocessor seems good too. But would you not have to change how the AutoHotkey.exe in some way to accept data from the preprocessor? If that is the case, why not have the AutoHotkey.exe accept input from a pipe or variable? The advantage of the pipe or variable would seem to allow you to use outright encryption.

  • Guests
  • Last active:
  • Joined: --
Ist there now an Obfuscator for Autohotkey?

  • Guests
  • Last active:
  • Joined: --

Ist there now an Obfuscator for Autohotkey?


No.

greynite
  • Members
  • 40 posts
  • Last active: Jan 12 2011 03:28 PM
  • Joined: 17 May 2008
Eh, why not take one of the associative hash table variable solutions, and tweak it so that everything be run through TEA (both the names & the values). Once written & debugged, it would be fairly easy to search & replace the association [variable] names with gobbledygook names (e.g. run the meaningful names though a hash algorithm).

Would make reading the code very annoying, and debugging the code quite annoying as well. You could go a step further even, and replace various built-ins with wrapper functions, and then hash the wrapper function names too.

(This does not make it "impossible", just exceedingly annoying)

Cheers,
Shawn

DevX
  • Members
  • 43 posts
  • Last active: Jan 12 2011 06:44 PM
  • Joined: 07 Jan 2009
Greynite has what you guys are looking for. Just make it really annoying and not worth it to undue the distributed source code.

It is impossible to completely deny source code from other users, as noone needs source code in the first place, its called reverse engineering.

They have been trying to stop it since the comodore 64, and have still failed =\

If you want to try to best those with 70 years experience in the field, give it a shot =\

Success in this field can only be measured by time between release to time it is cracked.