Need anti - http debugger, help

Get help with using AutoHotkey and its commands and hotkeys
djuga
Posts: 32
Joined: 28 Jul 2019, 08:16

Need anti - http debugger, help

23 Oct 2020, 09:39

Anybody know how protect ahk program from http debugger?
Maybe you have idea how use IsDebuggerPresent in ahk?
Im use google spreadsheets like database
swagfag
Posts: 4079
Joined: 11 Jan 2017, 17:59

Re: Need anti - http debugger, help

24 Oct 2020, 14:38

what is a http debugger and what does one have to do with ahk? do u mean a packet sniffer(eg Wireshark)?
u cant. best u can do is encrypt the data ure sending/receiving and do ur computations server-side(except u dont have one) exclusively
Maybe you have idea how use IsDebuggerPresent in ahk?
u just DllCall("IsDebuggerPresent") it, although i dont see the point in even doing that - a debugger could have been attached long before ur script even got around to being interpreted
Im use google spreadsheets like database
instead, u should probably have a webserver interact with the database, and ur script with the server
SOTE
Posts: 1129
Joined: 15 Jun 2015, 06:21

Re: Need anti - http debugger, help

25 Oct 2020, 11:40

djuga wrote:
23 Oct 2020, 09:39
Anybody know how protect ahk program from http debugger?
Im use google spreadsheets like database
Seems like you want to hide the communication between your AHK program and a remote server. It's not possible to hide that your program is talking to a remote server. They can see and figure out that you are communicating with Google servers.

At best, you can encrypt the traffic between your program and the remote server. Even then, various things about what's going on can be figured out.
Maybe you have idea how use IsDebuggerPresent in ahk?
This is a different thing. Here, it appears you want to prevent people from figuring out what your AHK program is doing or protect source code. AHK is an interpreted programming language (like C#, Java, Python, JavaScript...). You will have to use encryption or obfuscation to protect your source code. For AHKers, that would be something like AutoHotkey_H (https://www.autohotkey.com/boards/viewforum.php?f=65) or Encryptor by FeiYue (https://www.autohotkey.com/boards/viewtopic.php?t=42494) for AutoHotkey_L. AutoHotkey_H has some anti-debugger protection, while Encryptor does not.

Furthermore, skilled hackers/crackers have various ways to defeat IsDebuggerPresent, that is openly discussed across the Internet. In addition, an interpreted programming language is far more vulnerable to hacking/cracking, than a compiled language (C, C++, Pascal/Object Pascal, Go...). Even if you wrote in a compiled language, that will not stop cracking, just makes it a bit harder.

At best, you can only make it inconvenient for casuals to want to be bothered trying to crack your program, not stop skilled or professional programmers. Nothing wrong with adding a bit of protection from casuals, like installing a lock on the door of your house. However, don't have the mindset that by putting a lock on the door that it is now impossible for thieves and criminals to ever get in. There should be no expectation of making a program hackerproof or uncrackable. Like the lock on the door and a break in, you need to pursue legal means. For software, that would be getting a lawyer, taking people to court, going after ISPs that allow websites to host copyrighted or trademark infringing material, and/or reporting cracked versions of your program as malware to Anti-Virus companies (that's why SHA hashing is important). Also, the vast majority of people will be law abiding, so really you are talking about a small percentage that go the route that you might be worrying (too much) about.
djuga
Posts: 32
Joined: 28 Jul 2019, 08:16

Re: Need anti - http debugger, help

26 Oct 2020, 08:15

SOTE wrote:
25 Oct 2020, 11:40
djuga wrote:
23 Oct 2020, 09:39
Anybody know how protect ahk program from http debugger?
Im use google spreadsheets like database
Seems like you want to hide the communication between your AHK program and a remote server. It's not possible to hide that your program is talking to a remote server. They can see and figure out that you are communicating with Google servers.

At best, you can encrypt the traffic between your program and the remote server. Even then, various things about what's going on can be figured out.
Maybe you have idea how use IsDebuggerPresent in ahk?
This is a different thing. Here, it appears you want to prevent people from figuring out what your AHK program is doing or protect source code. AHK is an interpreted programming language (like C#, Java, Python, JavaScript...). You will have to use encryption or obfuscation to protect your source code. For AHKers, that would be something like AutoHotkey_H (https://www.autohotkey.com/boards/viewforum.php?f=65) or Encryptor by FeiYue (https://www.autohotkey.com/boards/viewtopic.php?t=42494) for AutoHotkey_L. AutoHotkey_H has some anti-debugger protection, while Encryptor does not.

Furthermore, skilled hackers/crackers have various ways to defeat IsDebuggerPresent, that is openly discussed across the Internet. In addition, an interpreted programming language is far more vulnerable to hacking/cracking, than a compiled language (C, C++, Pascal/Object Pascal, Go...). Even if you wrote in a compiled language, that will not stop cracking, just makes it a bit harder.

At best, you can only make it inconvenient for casuals to want to be bothered trying to crack your program, not stop skilled or professional programmers. Nothing wrong with adding a bit of protection from casuals, like installing a lock on the door of your house. However, don't have the mindset that by putting a lock on the door that it is now impossible for thieves and criminals to ever get in. There should be no expectation of making a program hackerproof or uncrackable. Like the lock on the door and a break in, you need to pursue legal means. For software, that would be getting a lawyer, taking people to court, going after ISPs that allow websites to host copyrighted or trademark infringing material, and/or reporting cracked versions of your program as malware to Anti-Virus companies (that's why SHA hashing is important). Also, the vast majority of people will be law abiding, so really you are talking about a small percentage that go the route that you might be worrying (too much) about.
Im currently use Encryptor by FeiYue
But i have 1 question, how use Dllcal IsDebuggerPresent in ahk?
Can you give example
SOTE
Posts: 1129
Joined: 15 Jun 2015, 06:21

Re: Need anti - http debugger, help

26 Oct 2020, 09:04

djuga wrote:
26 Oct 2020, 08:15
Im currently use Encryptor by FeiYue
But i have 1 question, how use Dllcal IsDebuggerPresent in ahk?
Can you give example
It's quite easy. Here is a link with some examples.
https://www.autohotkey.com/boards/viewtopic.php?t=6278

It might be helpful against casuals with Encryptor and AutoHotkey_L, but arguably it's better to have this in the interpreter, which AutoHotkey_H does. Be that as it may, I will remind you that skilled or professionals will know how to circumvent it. Though a lock on the door is arguably better than none.

The other thing you might want to look at is the environment in which your program is being used. If say it is being used at a school or business, you might want to also focus on network security at the firewall or router level. You might want to have code so that the program will only run on your network or designated type of computers.

If the program is being widely distributed, as mentioned previously, you want to research and be clear about your legal options against hackers/crackers. Joe Glines has a video that goes into legal options a bit (https://www.autohotkey.com/boards/viewtopic.php?f=17&t=64565), though there are some non-legal practical use points missing. Like, reporting cracked software to Anti-Virus vendors so that it will be labeled as malware and making sure users are aware to check the SHA hash (publish your legit SHA hash) to ensure what they are using is legit (they can use a separate SHA checksum utility). Another point is notifying ISPs of hackers/crackers whose websites are hosting your/other cracked software, to have it taken down. This can be combined with other legal options, such as notifying the authorities or taking the website or ISP to court. There is a number of things that can be done, outside of just trying to make "uncrackable" programs.
djuga
Posts: 32
Joined: 28 Jul 2019, 08:16

Re: Need anti - http debugger, help

26 Oct 2020, 10:00

SOTE wrote:
26 Oct 2020, 09:04
djuga wrote:
26 Oct 2020, 08:15
Im currently use Encryptor by FeiYue
But i have 1 question, how use Dllcal IsDebuggerPresent in ahk?
Can you give example
It's quite easy. Here is a link with some examples.
https://www.autohotkey.com/boards/viewtopic.php?t=6278
Im already test it, its doesnt work :cry:
SOTE
Posts: 1129
Joined: 15 Jun 2015, 06:21

Re: Need anti - http debugger, help

26 Oct 2020, 10:08

djuga wrote:
26 Oct 2020, 10:00
Im already test it, its doesnt work :cry:
Do you know what you are doing? Like how to use a debugger? What 0 and 1 means, in regards to a debugger?

Just a guess as to what might be going on, but IsDebuggerPresent is not for HTTP Debugger. Don't be confused, just because debugger is in the name. In the case of HTTP Debugger, you want to see if it's window or executable is present. WinExist() or Process, Exist, PIDOrName. However, as mentioned, you can't stop people from seeing which programs are communicating with remote servers on their computer. Simple programs like CurrPorts from NirSoft (https://www.nirsoft.net/utils/cports.html), and there are many like this, will show what program is communicating with what remote server.

It's for you to know what level that you are at, then study up as needed. If you make it clear as to exactly what you are doing and provide code examples, then people can provide more help. But, I'm not so sure as to the extent that you want to expose your project.
djuga
Posts: 32
Joined: 28 Jul 2019, 08:16

Re: Need anti - http debugger, help

26 Oct 2020, 10:46

SOTE wrote:
26 Oct 2020, 10:08
djuga wrote:
26 Oct 2020, 10:00
Im already test it, its doesnt work :cry:
Do you know what you are doing? Like how to use a debugger? What 0 and 1 means, in regards to a debugger?

Just a guess as to what might be going on, but IsDebuggerPresent is not for HTTP Debugger. Don't be confused, just because debugger is in the name. In the case of HTTP Debugger, you want to see if it's window or executable is present. WinExist() or Process, Exist, PIDOrName. However, as mentioned, you can't stop people from seeing which programs are communicating with remote servers on their computer. Simple programs like CurrPorts from NirSoft (https://www.nirsoft.net/utils/cports.html), and there are many like this, will show what program is communicating with what remote server.

It's for you to know what level that you are at, then study up as needed. If you make it clear as to exactly what you are doing and provide code examples, then people can provide more help. But, I'm not so sure as to the extent that you want to expose your project.
Not cool :( , yes i cant show my project, because it is a paid program and people pay money
SOTE
Posts: 1129
Joined: 15 Jun 2015, 06:21

Re: Need anti - http debugger, help

26 Oct 2020, 11:43

djuga wrote:
26 Oct 2020, 10:46
Not cool :( , yes i cant show my project, because it is a paid program and people pay money
Understand. As for customers, most will be law abiding. If they find value with what you got, they will likely want to support you. Like say a game. They rather play the game, then wreck their head and losing so many hours of fun (watching movies, going to the gym...) trying to code one.

Also, you can't stop criminals or hackers/crackers, from doing what they do. If your setup is based on communicating with Google servers (like Google Drive), then you might want to rethink your process and find other ways or more secure methods of doing such, if it's really an issue.

Return to “Ask For Help”

Who is online

Users browsing this forum: Bing [Bot], notnaochief, WeedTrek and 30 guests