Ahk2Exe /NoDecompile

Propose new features and changes
User avatar
empardopo
Posts: 336
Joined: 06 Oct 2013, 12:50
Location: Spain
Contact:

Re: Upcoming Ahk2Exe changes

18 Jul 2014, 02:19

In the 1.0.48.05 version of Ahk2Exe was possible to prevent decompiling if you typed N/A. Is not possible in this version?
Thanks in advance.
Everything is possible!
User avatar
nnnik
Posts: 4418
Joined: 30 Sep 2013, 01:01
Location: Germany

Re: Upcoming Ahk2Exe changes

18 Jul 2014, 02:34

It was anything but impossible.
Recommends AHK Studio
User avatar
joedf
Posts: 7452
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada
Contact:

Re: Upcoming Ahk2Exe changes

18 Jul 2014, 03:11

/NoDecompile is a placebo.
Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x8GB G.Skill RipJaws V - DDR4 3280 MHz | [About Me] | [ASPDM - StdLib Distribution]
[Populate the AHK MiniCity!] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library] | [About the AHK Foundation]
lexikos
Posts: 6680
Joined: 30 Sep 2013, 04:07
GitHub: Lexikos

Re: Upcoming Ahk2Exe changes

18 Jul 2014, 03:15

If you want to prevent "casual decompilation" of your scripts (i.e. viewing in Notepad or a PE resource editor), just use MPRESS - or some other executable packer - to compress the EXE. It's about the same level of protection as typing N/A for the password, which is to say that it won't stop someone who has the right tools.

You could say that typing N/A for the password just stopped Exe2Ahk from working. AutoHotkey v1.1 does this by default. ;)
User avatar
boiler
Posts: 3868
Joined: 21 Dec 2014, 02:44

Re: Upcoming Ahk2Exe changes

21 Dec 2014, 11:07

lexikos wrote:If you want to prevent "casual decompilation" of your scripts (i.e. viewing in Notepad or a PE resource editor), just use MPRESS - or some other executable packer - to compress the EXE. It's about the same level of protection as typing N/A for the password, which is to say that it won't stop someone who has the right tools.

You could say that typing N/A for the password just stopped Exe2Ahk from working. AutoHotkey v1.1 does this by default. ;)
I personally would very much prefer a return to a password and/or /nodecompile to prevent casual decompilation. To me, using MPRESS is not the same thing because the resulting compressed file was seen as malicious by a variety of anti-virus apps. Just because it's a false positive doesn't mean that potential users won't stay away from it if it is flagged as having a virus.

I do not see why so many people take the position of "since it can still be decompiled if you have the right tools, the protection is not worth having at all." There's a big difference between openly seeing the source code by opening the file in Notepad and needing a specific program to decompile it. Not every user is a hardcore hacker. The harder it is to get at the source code, the fewer people that will. It's as simple as that.

This argument is like saying, "Well, I could lock up this folder with sensitive information, but since anyone can easily pick the lock on my drawer, I'll just leave it open on my desk." That is not a reasonable approach.

PLEASE return a simple approach to hiding the source code.
User avatar
joedf
Posts: 7452
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada
Contact:

Ahk2Exe /NoDecompile

21 Dec 2014, 12:00

Try code obfuscation, and bam! Problem solved.
http://www.autohotkey.com/board/topic/8 ... y-scripts/
Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x8GB G.Skill RipJaws V - DDR4 3280 MHz | [About Me] | [ASPDM - StdLib Distribution]
[Populate the AHK MiniCity!] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library] | [About the AHK Foundation]
User avatar
boiler
Posts: 3868
Joined: 21 Dec 2014, 02:44

Re: Upcoming Ahk2Exe changes

22 Dec 2014, 02:46

That wouldn't solve it at all. I'm not really concerned about them looking at my code and figuring out how it works. I'm mainly concerned about them easily copying all the code into a new .ahk file and run that instead of the .exe I sold them that requires them to have a valid license. They can still do that with obfuscated code. Even though it looks like gibberish, it doesn't prevent them from running it as-is.

I know someone else that sells software in the same genre as mine that he wrote with AHK "Basic" and compiled with the /nodecompile option. I can't see his code by the simple means I'm aware of (I'm not trying to hack it, nor do I want to learn how to). But mine (written in AHK_L) is easily visible with Notepad even though the .exe is wrapped with software protection that checks the license server. So while the .exe is protected, there is very little that prevents users from just creating a new .ahk file from the source and running that without buying a license.

Again, I understand that if someone really wants to get the source code, they can. I'm trying to at least make it so it's only the more sophisticated hackers that will be able to do it. Even if the level of sophistication required to hack it isn't that high, it's better than nothing because many people don't know how to or won't take those extra steps.
User avatar
joedf
Posts: 7452
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada
Contact:

Re: Upcoming Ahk2Exe changes

22 Dec 2014, 09:01

Oh ok so you have your software protection outside of the AHK source.. So its wrapped in something else...
Try software protection incorporated into your AHK source then obfuscate it!
Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x8GB G.Skill RipJaws V - DDR4 3280 MHz | [About Me] | [ASPDM - StdLib Distribution]
[Populate the AHK MiniCity!] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library] | [About the AHK Foundation]
User avatar
boiler
Posts: 3868
Joined: 21 Dec 2014, 02:44

Re: Upcoming Ahk2Exe changes

22 Dec 2014, 12:12

That is a good suggestion, and we did consider an AHK approach to protection, but this didn't really work for our particular case. We weren't looking to only tie the product to a particular computer but to also interface with a license server because we are selling the software on a subscription basis. We would not be able to set up our own license server but were able to use a a service that provides software protection, license management, and e-commerce as an integrated package.
guest3456
Posts: 3053
Joined: 09 Oct 2013, 10:31

Re: Upcoming Ahk2Exe changes

22 Dec 2014, 12:16

boiler wrote:That is a good suggestion, and we did consider an AHK approach to protection, but this didn't really work for our particular case. We weren't looking to only tie the product to a particular computer but to also interface with a license server because we are selling the software on a subscription basis. We would not be able to set up our own license server but were able to use a a service that provides software protection, license management, and e-commerce as an integrated package.
well what service are you using? maybe you should ask them. anyway it looks like your current solution doesn't really work for your particular case either. so now you need to find a new solution.

you've already outlined your problem and your potential solutions, so do it.

1. put your license checks inside your ahk source, so even if they copy the code to a new .ahk file, the check will still run. its not hard to set up a 'license server'. obfuscate the code

2. use ahk basic with /nodecomplie. if you need _L functionality, then call ahk.dll from your Basic script

ive set up an AHK script on subscription basis so i know it can be done. just depends how bad you want to do it

User avatar
boiler
Posts: 3868
Joined: 21 Dec 2014, 02:44

Re: Upcoming Ahk2Exe changes

22 Dec 2014, 17:42

guest3456 wrote:well what service are you using? maybe you should ask them. anyway it looks like your current solution doesn't really work for your particular case either. so now you need to find a new solution.

you've already outlined your problem and your potential solutions, so do it.

1. put your license checks inside your ahk source, so even if they copy the code to a new .ahk file, the check will still run. its not hard to set up a 'license server'. obfuscate the code

2. use ahk basic with /nodecomplie. if you need _L functionality, then call ahk.dll from your Basic script

ive set up an AHK script on subscription basis so i know it can be done. just depends how bad you want to do it
We used SoftwareKey's Protection PLUS, and we did discuss it with them. I agree that what we ended up with isn't perfect, and if we were doing it again, we might go down one of the paths you suggested. But at this point, it's not worth the resources to change what we have. I didn't post in this thread to try to find a fix (this isn't the sub-forum for seeking help anyway). I was using my experience as an example of why I think the /nodecompile option has value, so I think returning it should be considered. Yes there are other approaches to take, but aren't options good? There can be still the disclaimer that it doesn't provide strong protection, and then choices on whether to use it or not can be made accordingly.

Thanks for all the feedback.
User avatar
joedf
Posts: 7452
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada
Contact:

Re: Upcoming Ahk2Exe changes

22 Dec 2014, 18:57

Gibberish binary, code gibberish... Still gibberish...
Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x8GB G.Skill RipJaws V - DDR4 3280 MHz | [About Me] | [ASPDM - StdLib Distribution]
[Populate the AHK MiniCity!] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library] | [About the AHK Foundation]
guest3456
Posts: 3053
Joined: 09 Oct 2013, 10:31

Re: Upcoming Ahk2Exe changes

23 Dec 2014, 23:26

boiler wrote: We used SoftwareKey's Protection PLUS, and we did discuss it with them. I agree that what we ended up with isn't perfect, and if we were doing it again, we might go down one of the paths you suggested. But at this point, it's not worth the resources to change what we have. I didn't post in this thread to try to find a fix (this isn't the sub-forum for seeking help anyway). I was using my experience as an example of why I think the /nodecompile option has value, so I think returning it should be considered. Yes there are other approaches to take, but aren't options good? There can be still the disclaimer that it doesn't provide strong protection, and then choices on whether to use it or not can be made accordingly.

Thanks for all the feedback.
i'm not aware of the technicalities as for why /nodecompile was removed.. I too wish that _L still used the old AHK_Basic way of packing the binary. alas, it doesn't, and there doesn't seem to be much motivation to change it. so for all of my scripts that i need somewhat "better" protection, i just use AHK_Basic and will continue to do so

lexikos
Posts: 6680
Joined: 30 Sep 2013, 04:07
GitHub: Lexikos

Re: Upcoming Ahk2Exe changes

24 Dec 2014, 02:09

I never removed the functionality of /NoDecompile. If you go back to the source code for AutoHotkey and Ahk2Exe v1.0.48.05, you will find that /NoDecompile does absolutely nothing. I can only assume that Chris withheld that part of the source code.

The old method of embedding the script in the binary relied on a library written by the author of AutoIt, distributed in binary form and statically linked with AutoHotkeySC.bin and Ahk2Exe.exe. This library was not usable with x64 builds, and did not support Unicode in paths. On top of that, I'm fairly certain that everyone who distributes a compiled script based on these libraries is violating the terms of the GPL, since they are not providing access to the complete source code. (There have been discussions about whether the GPL "infects" the script part of a compiled script, but that's irrelevant; the AutoHotkey part of each compiled script is licensed under the GPL.)

/NoDecompile has no value to me. If it has value to you, why don't you add it?


Would someone care to split this topic? The discussion has gotten quite off-topic.
User avatar
joedf
Posts: 7452
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada
Contact:

Re: Ahk2Exe /NoDecompile

24 Dec 2014, 06:24

--Topic Splitted--
Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x8GB G.Skill RipJaws V - DDR4 3280 MHz | [About Me] | [ASPDM - StdLib Distribution]
[Populate the AHK MiniCity!] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library] | [About the AHK Foundation]

Return to “Wish List”

Who is online

Users browsing this forum: No registered users and 34 guests