Page 2 of 2

Re: How to build Autohotkey_H source code?

Posted: 09 Dec 2018, 10:57
by jeeswg
1, 2, miss a few, 99, 100.

Re: How to build Autohotkey_H source code?

Posted: 09 Dec 2018, 11:12
by elmo
jeeswg wrote:
05 Dec 2018, 18:58
- Btw I'm yet to try compiling with AutoHotkey_H, but may be doing so soon.
jeeswg - Hmmm ... Does this mean you were succesful ???

Re: How to build Autohotkey_H source code?

Posted: 10 Dec 2018, 13:00
by malcev
Keep in mind that AutoHotkey_H can use the default password, so that can provide some protection unless the person knew what it was or was familiar with AutoHotkey_H, until you learn how to change the password and compile it.
Password can be easy extracted (by teadrinker):

Code: Select all

oFile := FileOpen("D:\Downloads\Test.exe", "r")
oFile.RawRead(buff, len := oFile.Length)
oFile.Close()
pPtr := &buff - 2
while pPtr := DllCall("msvcrt\memchr", Ptr, pPtr + 2, Int, Ord("D"), Ptr, ( len - (A_Index = 1 ? 0 : &buff - pPtr) )//2, Ptr)  {
   if StrGet(pPtr, 10) = "DllImport."  {
      while c := StrGet(pPtr + 12*2 + (A_Index - 1)*10, 1)
         pwd .= c
      break
   }
}
MsgBox, % pwd

Re: How to build Autohotkey_H source code?

Posted: 10 Dec 2018, 13:43
by elmo
malcev wrote:
10 Dec 2018, 13:00
Password can be easy extracted (by teadrinker):
malcev - can you please expand on this:
1-was test.exe compiled using AHK_H?
2-does it matter whether the password is default or not? (assume does not matter)
3-does this mean AHK_H does not offer any protection?

Re: How to build Autohotkey_H source code?

Posted: 10 Dec 2018, 15:25
by HotKeyIt
1. Yes.
2. Yes it matters.
3. It means when a source code is published, it is not that difficult to 'hack' it.
To have a proper protection you have to come up with a different way than default password to protect your code.
The best method is to use a separate function and no fix password here: https://github.com/HotKeyIt/ahkdll/blob ... .cpp#L3219

Re: How to build Autohotkey_H source code?

Posted: 10 Dec 2018, 15:49
by elmo
HotKeyIt - Appreciate timely response but do not understand. Wish you were not so smart and could understand how little of this makes sense to a layperson.

To prove how little sense it makes to someone who is not as knowledgeable as you are I will start with:
HotKeyIt wrote:
10 Dec 2018, 15:25
2. Yes it matters.
Ok, From that sentence I understand "2. Yes", but do NOT understand "it matters". Do you mean that "if you change the password then teadrinker's routine will NOT be able to extract the changed password?".

I interpreted malcev's presentation of the teadrinker routine to imply it would cherry pick the current password in the compiled text.exe, whether it was the default or not?!?

Re: How to build Autohotkey_H source code?

Posted: 10 Dec 2018, 17:10
by HotKeyIt
The code from malcev would not work if you change the amount of empty characters between letters, e.g. here we have only 3 empty characters in between.
pw = pwd == g_default_pwd ? (TCHAR) _T("A\0\0\0u\0\0\0t\0\0\0o\0\0\0H\0\0\0o\0\0\0t\0\0\0k\0\0\0e\0\0\0y\0\0\0")[i*4] : (TCHAR)*pwd;
Btw. they don't have to be empty of course and can be simply random characters, e.g:
pw = pwd == g_default_pwd ? (TCHAR) _T("AwdhuclrtslrodkrHorkodkrtEKskslEekrlylerklhkjghgfftzfzt")[i*4] : (TCHAR)*pwd;, which would result in AclroEllkgt with malcev's code.
You can also change to start not with first letter and many other alternatives, it is up to you to make it as difficult as you can:
pw = pwd == g_default_pwd ? (TCHAR) _T("xAwdhuclrtslrodkrHorkodkrtEKskslEekrlylerklhkjghgfftzfzt")[i*4+1] : (TCHAR)*pwd;

Re: How to build Autohotkey_H source code?

Posted: 10 Dec 2018, 17:15
by elmo
HotKeyIt - Thank you again for the timely response and your patience. The only thing I understand from your answer is that it is possible to secure AHK_H compiled code. That is good.

Re: How to build Autohotkey_H source code?

Posted: 11 Dec 2018, 21:14
by guest3456
HotKeyIt wrote:
10 Dec 2018, 15:25
The best method is to use a separate function and no fix password here: https://github.com/HotKeyIt/ahkdll/blob ... .cpp#L3219
can you give an example of what using a "separate function" would look like?

Re: How to build Autohotkey_H source code?

Posted: 12 Dec 2018, 07:20
by HotKeyIt
Here we are using passfunc

Code: Select all

for (unsigned int i = 0; 10; i++)
    pw = pwd == g_default_pwd ? passfunc(i) : (TCHAR)*pwd;
What passfunc will do is up to you and it is better not to show it on the internet since this might lead other people to use it and for hacker easier to hack.
You can also include more variables that do y-- or multiply... and generate the password from those.
You should even do something without intentional password and check what the result will be in a debugger, then use that as a password.