AutoIt protection

Post here any topics that related to Enigma Protector, its functionality, your misunderstanding, offers to improvements etc etc etc
D3Dx9
Posts: 15
Joined: Sun Feb 09, 2014 5:25 pm

AutoIt protection

Post by D3Dx9 »

Hi, currently I'm thinking of buying this software. It seems to be the most flexible and it's feature-rich. All in one: awesome. The only thing I couldn't do yet is protecting an AutoIt application.

Just to clear the things:
- AutoIt developed a new update, so it now stores the script in the resource section.
- If it's needed I'm still able to use the old one, which stores script in the overlay

I tried several methods, but all of them failed. The (non official) decompiler could EASILY bypass everything. To decompile the script, it requires to start my exe, so I assume that it's being dumped. If you want I can link/attach the decompiler and a sample file.
I hope it can be solved, since the problem before was that the overlay is not protectable. Does the resource section protectable? I'm using demo version currently, is it possible that it won't be able to decompiled if I protect it with the full version?
newuser
Posts: 49
Joined: Tue Apr 13, 2010 5:43 pm

Re: AutoIt protection

Post by newuser »

Unofficial decompiler already bypass the official autoit compiled exe whether its new or old, how do you protect the old autoit compiled exe files from it? :?:

Anyway, have you try reading thread below
http://forum.enigmaprotector.com/viewto ... lit=autoit
D3Dx9
Posts: 15
Joined: Sun Feb 09, 2014 5:25 pm

Re: AutoIt protection

Post by D3Dx9 »

Well, you misunderstood me. Of course, that decompiler is able to do it, there's no doubt. The only reason why I wrote I can switch between them is because the script storing method is different.
old = overlay
new = resource

The reason why I told I can switch is because I don't know which one is easier to protect. He has choice which one to protect (I mean enigma)

About your link:
I tried several methods, but all of them failed. The (non official) decompiler could EASILY bypass everything.
Including that method too.
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: AutoIt protection

Post by Enigma »

New scheme, where the compiler stores script in resources is much easy to bypass then the old one. Moreover, since it will store script in resources, you won't find any effective way for protection.

So use the old style one, and following this method of protection: http://forum.enigmaprotector.com/viewto ... oit#p13781

It has to work.

Guys, my suggestion - for commercial development, it would be better, if you switch to some another programming language, like C# .NET, it is not much difficult then AutoIt in the needs you require, but much much more powerful/flexible in the more specific needs.
D3Dx9
Posts: 15
Joined: Sun Feb 09, 2014 5:25 pm

Re: AutoIt protection

Post by D3Dx9 »

Decompiler can even decompile the method you mentioned. It works, but it isn't effective :/ Somehow it can dump the currently running a3x script.

The thing is that it's so much easier to write applications in autoit... I mean you don't have to bother with variable types, you can even make codes simpler, sometimes autoit can solve a thing in a line, meanwhile in C you need 10-20lines...
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: AutoIt protection

Post by Enigma »

Interesting things - some customers do that and they reply me that really tried many unpackers/dumpers and protection worked. Make sure you've enabled the option "Remove Overlay".

I've been asked many times about AutoIt protection. Autoit developers looks like do not care about protection at all. May be it would be possible to ask them to add some ability of protection? This should expand their bussiness. Do not know why they don't do that.
newuser
Posts: 49
Joined: Tue Apr 13, 2010 5:43 pm

Re: AutoIt protection

Post by newuser »

Enigma wrote:Interesting things - some customers do that and they reply me that really tried many unpackers/dumpers and protection worked. Make sure you've enabled the option "Remove Overlay".

I've been asked many times about AutoIt protection. Autoit developers looks like do not care about protection at all. May be it would be possible to ask them to add some ability of protection? This should expand their bussiness. Do not know why they don't do that.
The method mention in that thread by you, Enigma does indeed work. :D I downloaded a trial version of enigma protector and after try/error for a week, finally manage to do it. I even try to do it in enigma virtual box, unfortunately, evb dont have protection like enigma protector, the decompiler work on evb. :roll:

But my method maybe wrong(it's messy), maybe the autoit users of engima protector could provide a sample of how to do it properly. :?:

Autoit is freeware and its open source, that means the Autoit developers create it for free. Unless someone/company is willing to pay them to develop a protector. That would made a different story.
D3Dx9
Posts: 15
Joined: Sun Feb 09, 2014 5:25 pm

Re: AutoIt protection

Post by D3Dx9 »

Have look at this gif which I quickly made:

http://s7.postimg.org/ips53gok9/test.gif
newuser
Posts: 49
Joined: Tue Apr 13, 2010 5:43 pm

Re: AutoIt protection

Post by newuser »

Hmm, well I just made a compiled exe file using 3.3.10.2 with upx=off,Obfuscator=on.
Code is below:

Code: Select all

MsgBox(4096, "Test", "Final test.")
This time I didn't change anything in the autoit compiled exe file.

Then now, I simply download the enigma protector demo version again, installed, run the protector.
This time I simply protect it with enigma protector using default setting.

The message return by the decompiler(I use the latest version same decompiler as yours) is below:

Code: Select all

Either it's not an AutoIt3-Executable or it's protected.
So, you see, I didnt even modify the exe file. It still worked.
D3Dx9
Posts: 15
Joined: Sun Feb 09, 2014 5:25 pm

Re: AutoIt protection

Post by D3Dx9 »

Could you upload your protected autoit file? I'll try If I made something wrong, or your decompiler has problems :)
Post Reply