How to build Autohotkey_H source code? Topic is solved

Post AHK_H specific scripts & libraries and discuss the usage and development of HotKeyIt's fork/branch
User avatar
jeeswg
Posts: 6902
Joined: 19 Dec 2016, 01:58
Location: UK

Re: How to build Autohotkey_H source code?

09 Dec 2018, 10:57

1, 2, miss a few, 99, 100.
homepage | tutorials | wish list | fun threads | donate
WARNING: copy your posts/messages before hitting Submit as you may lose them due to CAPTCHA
elmo
Posts: 113
Joined: 09 Oct 2013, 09:08

Re: How to build Autohotkey_H source code?

09 Dec 2018, 11:12

jeeswg wrote:
05 Dec 2018, 18:58
- Btw I'm yet to try compiling with AutoHotkey_H, but may be doing so soon.
jeeswg - Hmmm ... Does this mean you were succesful ???
malcev
Posts: 1769
Joined: 12 Aug 2014, 12:37

Re: How to build Autohotkey_H source code?

10 Dec 2018, 13:00

Keep in mind that AutoHotkey_H can use the default password, so that can provide some protection unless the person knew what it was or was familiar with AutoHotkey_H, until you learn how to change the password and compile it.
Password can be easy extracted (by teadrinker):

Code: Select all

oFile := FileOpen("D:\Downloads\Test.exe", "r")
oFile.RawRead(buff, len := oFile.Length)
oFile.Close()
pPtr := &buff - 2
while pPtr := DllCall("msvcrt\memchr", Ptr, pPtr + 2, Int, Ord("D"), Ptr, ( len - (A_Index = 1 ? 0 : &buff - pPtr) )//2, Ptr)  {
   if StrGet(pPtr, 10) = "DllImport."  {
      while c := StrGet(pPtr + 12*2 + (A_Index - 1)*10, 1)
         pwd .= c
      break
   }
}
MsgBox, % pwd
elmo
Posts: 113
Joined: 09 Oct 2013, 09:08

Re: How to build Autohotkey_H source code?

10 Dec 2018, 13:43

malcev wrote:
10 Dec 2018, 13:00
Password can be easy extracted (by teadrinker):
malcev - can you please expand on this:
1-was test.exe compiled using AHK_H?
2-does it matter whether the password is default or not? (assume does not matter)
3-does this mean AHK_H does not offer any protection?
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: How to build Autohotkey_H source code?

10 Dec 2018, 15:25

1. Yes.
2. Yes it matters.
3. It means when a source code is published, it is not that difficult to 'hack' it.
To have a proper protection you have to come up with a different way than default password to protect your code.
The best method is to use a separate function and no fix password in this line: https://github.com/HotKeyIt/ahkdll/blob/aa35c970c5ad7102522095d0c759162b3bc19665/source/util.cpp#L3219
elmo
Posts: 113
Joined: 09 Oct 2013, 09:08

Re: How to build Autohotkey_H source code?

10 Dec 2018, 15:49

HotKeyIt - Appreciate timely response but do not understand. Wish you were not so smart and could understand how little of this makes sense to a layperson.

To prove how little sense it makes to someone who is not as knowledgeable as you are I will start with:
HotKeyIt wrote:
10 Dec 2018, 15:25
2. Yes it matters.
Ok, From that sentence I understand "2. Yes", but do NOT understand "it matters". Do you mean that "if you change the password then teadrinker's routine will NOT be able to extract the changed password?".

I interpreted malcev's presentation of the teadrinker routine to imply it would cherry pick the current password in the compiled text.exe, whether it was the default or not?!?
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: How to build Autohotkey_H source code?

10 Dec 2018, 17:10

The code from malcev would not work if you change the amount of empty characters between letters, e.g. here we have only 3 empty characters in between.
pw = pwd == g_default_pwd ? (TCHAR) _T("A\0\0\0u\0\0\0t\0\0\0o\0\0\0H\0\0\0o\0\0\0t\0\0\0k\0\0\0e\0\0\0y\0\0\0")[i*4] : (TCHAR)*pwd;
Btw. they don't have to be empty of course and can be simply random characters, e.g:
pw = pwd == g_default_pwd ? (TCHAR) _T("AwdhuclrtslrodkrHorkodkrtEKskslEekrlylerklhkjghgfftzfzt")[i*4] : (TCHAR)*pwd;, which would result in AclroEllkgt with malcev's code.
You can also change to start not with first letter and many other alternatives, it is up to you to make it as difficult as you can:
pw = pwd == g_default_pwd ? (TCHAR) _T("xAwdhuclrtslrodkrHorkodkrtEKskslEekrlylerklhkjghgfftzfzt")[i*4+1] : (TCHAR)*pwd;
elmo
Posts: 113
Joined: 09 Oct 2013, 09:08

Re: How to build Autohotkey_H source code?

10 Dec 2018, 17:15

HotKeyIt - Thank you again for the timely response and your patience. The only thing I understand from your answer is that it is possible to secure AHK_H compiled code. That is good.
guest3456
Posts: 3453
Joined: 09 Oct 2013, 10:31

Re: How to build Autohotkey_H source code?

11 Dec 2018, 21:14

HotKeyIt wrote:
10 Dec 2018, 15:25
The best method is to use a separate function and no fix password here: https://github.com/HotKeyIt/ahkdll/blob ... .cpp#L3219
can you give an example of what using a "separate function" would look like?

HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: How to build Autohotkey_H source code?

12 Dec 2018, 07:20

Here we are using passfunc

Code: Select all

for (unsigned int i = 0; 10; i++)
    pw = pwd == g_default_pwd ? passfunc(i) : (TCHAR)*pwd;
What passfunc will do is up to you and it is better not to show it on the internet since this might lead other people to use it and for hacker easier to hack.
You can also include more variables that do y-- or multiply... and generate the password from those.
You should even do something without intentional password and check what the result will be in a debugger, then use that as a password.
guest3456
Posts: 3453
Joined: 09 Oct 2013, 10:31

Re: How to build Autohotkey_H source code?

08 Dec 2019, 23:17

HotKeyIt wrote:
12 Dec 2018, 07:20
Here we are using passfunc

Code: Select all

for (unsigned int i = 0; 10; i++)
    pw = pwd == g_default_pwd ? passfunc(i) : (TCHAR)*pwd;
What passfunc will do is up to you and it is better not to show it on the internet since this might lead other people to use it and for hacker easier to hack.
You can also include more variables that do y-- or multiply... and generate the password from those.
for those of us who aren't c++ programmers, can you write what a simple example passfunc() would look like, so that we can paste into the _H source, and then we can modify ourselves?
HotKeyIt wrote:
12 Dec 2018, 07:20
You should even do something without intentional password and check what the result will be in a debugger, then use that as a password.
can you explain this more?

HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: How to build Autohotkey_H source code?

09 Dec 2019, 17:05

The more I explain or give examples the easier would it be for a hacker to hack, especially if my example is used. It is best if everyone will use own method to make it as difficult as possible for hackers.
Simple function could be:

Code: Select all

TCHAR passfunc(int i)
{
  static TCHAR pass[] = _T("yektoHotuA")
  return pass[9-i];
}
guest3456
Posts: 3453
Joined: 09 Oct 2013, 10:31

Re: How to build Autohotkey_H source code?

09 Dec 2019, 19:36

yeah i understand, but thanks that func is perfectly good enough


Return to “AutoHotkey_H”

Who is online

Users browsing this forum: No registered users and 17 guests