ScriptGuard: Helps Protect Compiled Scripts from Decompilation

Post your working scripts, libraries and tools
TAC109
Posts: 595
Joined: 02 Oct 2013, 19:41
Location: New Zealand

Re: ScriptGuard: Helps Protect Compiled Scripts from Decompilation

13 Sep 2020, 18:43

@c7aesa7r
If you can ensure that the original ScriptGuard1 code was executed at the beginning of the script, say by checking a ListLines report, and there was no error message from the included code, then you can be sure that your script got removed from memory (as documented in the first post).

I believe further discussion on this would violate the forum rules on decompilation.

Cheers
My scripts:-
XRef - Produces Cross Reference lists for scripts
ReClip - A Text Reformatting and Clip Management utility
afe
Posts: 618
Joined: 06 Dec 2018, 04:36

Re: ScriptGuard: Helps Protect Compiled Scripts from Decompilation

07 Oct 2020, 05:59

Unfortunately, this method does not allow the source code to be protected too much.
User avatar
SirSocks
Posts: 207
Joined: 26 Oct 2018, 08:14

Re: ScriptGuard: Helps Protect Compiled Scripts from Decompilation

07 Oct 2020, 06:57

afe wrote:
07 Oct 2020, 05:59
Unfortunately, this method does not allow the source code to be protected too much.
Did you try ScriptGuard/2, this method seems to be rather affective for me.
We're you able to extract the source code while using ScriptGuard/2?
TAC109
Posts: 595
Joined: 02 Oct 2013, 19:41
Location: New Zealand

Re: ScriptGuard: Helps Protect Compiled Scripts from Decompilation

07 Oct 2020, 17:35

@afe
ScripGuard can only remove the source script from memory after the script starts executing, as explained in the first post of the thread.

I have looked at enhancing ScriptGuard by using an encryption method on the embedded script but all methods suffer from the fact that the decoding algorithm plus the key used, will be present in the generated .exe, and can thus be used by a hacker to extract the original source script. (The key and algorithm must be present in the .exe to decode the script prior to being read and analysed by AutoHotkey.)

Furthermore, the encoding algorithm will also be available for inspection (as the encoding code would be published as open source, say, in BinMod.ahk) leading to another avenue for decrypting the protected script.

In my view, it is simply not possible to protect an encrypted script in an .exe from examination by a determined hacker, for the reasons given above.
My scripts:-
XRef - Produces Cross Reference lists for scripts
ReClip - A Text Reformatting and Clip Management utility
SOTE
Posts: 1129
Joined: 15 Jun 2015, 06:21

Re: ScriptGuard: Helps Protect Compiled Scripts from Decompilation

07 Oct 2020, 19:17

TAC109 wrote:
07 Oct 2020, 17:35
Furthermore, the encoding algorithm will also be available for inspection (as the encoding code would be published as open source, say, in BinMod.ahk) leading to another avenue for decrypting the protected script.

In my view, it is simply not possible to protect an encrypted script in an .exe from examination by a determined hacker, for the reasons given above.
Firstly, I think a person has to make peace with what level of protection that they are aiming for. Just about nothing is hackerproof. Even the compiled programming languages have their programs cracked. That's just how it is when dealing with determined and skilled hackers/crackers. Those types are usually more effectively dealt with by legal means and law enforcement, rather than "uncrackable" protection. So a more realistic goal is reasonable protection from casuals and those unfamiliar with AHK.

With that in mind, it does appear possible to use machine code/MCode for the encrypting and decrypting algorithm. FeiYue has already demonstrated this with Encryptor (https://www.autohotkey.com/boards/viewtopic.php?t=42494). I don't think it's unreasonable to publish the C source code either, so that people can convert it to MCode themselves as well and for peace of mind. It can be up to the user to change the encrypting password. Which by the way, is what AHK_H is doing, except at the C++ source code level.

I think ScriptGuard is a good idea, different angle to approach the issue, and something else for AHK_L users.
afe
Posts: 618
Joined: 06 Dec 2018, 04:36

Re: ScriptGuard: Helps Protect Compiled Scripts from Decompilation

09 Oct 2020, 03:16

My program has been decoded by others, and the account was used to sell it. I can't do anything about it. I know that this day will come sooner or later, and have been considering changing to another language. Of course, this is not the only reason. AutoHotKey does not support multi-threading, and the speed is a bit slow, not suitable for writing desktop programs. Of course, it is very convenient to write some automated scripts with it. And to use it to write a larger program, I think it is not suitable. From my experience, its function is very tricky in many aspects. From these perspectives, I think it seems a little futile to protect the source code, or since it is difficult to protect, then let him go. Open source is great. If you need to protect the source code, you should switch to a compiled language.

If protection is required, I think confusion is the direction. Although it cannot be very safe, at least it will seem a bit headache. As SOTE said, or maybe MCode (https://www.autohotkey.com/boards/viewtopic.php?t=32) might be the solution, but I don't understand it, it looks very difficult. To spend time on this, it would be better to learn another language. This is my personal opinion.

I plan to migrate my program to C#. Of course, C# is no exception, the same problem must be faced. All interpreted languages cannot get rid of this problem. However, C# can obfuscate the code. Of course, there are more powerful anti-obfuscation tools for C# obfuscation. As I said before, this is not the only reason why I want to switch to C#. I want to write desktop programs and handle Web requests. C# may be the right choice.
SOTE
Posts: 1129
Joined: 15 Jun 2015, 06:21

Re: ScriptGuard: Helps Protect Compiled Scripts from Decompilation

09 Oct 2020, 06:39

afe, before making any drastic steps, you might want to look into AutoHotkey_H. And it supports multi-threading.

As for C#, it's an interpreted language too, so suffers from similar issues in terms of decompilation. In that group is also Java, JavaScript, and Python. Interpreted languages will need encryption or obfuscation to protect source code as well. But don't think compiled languages like C, C++, Pascal, Go, etc... are completely safe from hackers/crackers either. You are simply not going to stop a determined and skilled hacker/cracker who can spend weeks and months trying all sorts of ways to crack your code.

Arguably the better approach, after having reasonable protection from casuals, is to pursue the legal route. Identify the websites and individuals involved and report them to their ISP (in many countries they will take down websites with illegal copyrighted material), law enforcement, Anti-Virus companies (their cracked versions often contain malware), and/or take them to court.

Return to “Scripts and Functions”

Who is online

Users browsing this forum: AHKStudent and 20 guests