Zoanthario wrote: ↑13 Nov 2019, 14:46
@SOTE
SOTE wrote: ↑11 Nov 2019, 23:26
I lean towards Encryptor by FeiYue (for AutoHotkey_L) or AutoHotkey_H being the better ways to protect code versus obfuscation. In the case of FeiYue's Encryptor, it will likely be easier for casual or newer users of AutoHotkey to use, though a user might want to eventually replace the machine code used with their own machine code as they become more advanced. The AutoHotkey_H fork would also be an option for more advanced or adventurous users looking for something a little extra.
Actually I know a way of decryption for FeiYue's encryptor, besides that it only works with ahk files without compiling them which doesn't allow to use the program as an exe file.
I think you are mistaken. If you are referring to Garry's "decompiler" (EXE2AHK), it doesn't decrypt the script of a FeiYue encryptor .exe, an it just works on normal AutoHotkey .exe files. It is possible to "decrypt" Encryptor files, but not in an obvious way for casual users. Secondly, FeiYue's encrpytor does "compile" files and produces an .exe. So I'm not sure what you mean by it only works with .ahk files. You might want to reread the instructions on his thread about how to use it.
For AutoHotkey_L, FeiYue's method is arguably a very good way to go. The next level up, above FeiYue's Encryptor, would be AutoHotkey_H. Casual users are not going to easily crack it nor are 98% of users spending large amounts of time trying. If a person is so focused on software protection, they might want to consider buying some type of 3rd party professional protection or wrap the AutoHotkey exe inside another executable of a different and compiled programming language.
You could also use Digidon's Obfuscator (
https://www.autohotkey.com/boards/viewtopic.php?t=49887), but the methods of obfuscation are well published, opening it up for medium to advanced users to create deobfuscator scripts or understand the method enough to somewhat be able to read the code. Whether it's Digidon's Obfuscator or FeiYue's Encryptor, they are mainly just deterrents against casuals and non-professionals.
However, a person could improve upon Digidon's method or make their own variation. To understand this methodology a bit more or to see how far it can be taken, a person could look at
PELock, which is a
professional obfuscator made for AutoIt (and other languages like Basic and Pascal). This does more than just obfuscation, but is also a license management system with time-trials. Google search PELock to find out more, I won't link them here, as I'm not promoting their product. Another product that has been mentioned on the forums is Enigma Protector, so you might want to look them up too.
When people are referring to "script protection", this has different degrees. Are you referring to protection against casuals, or are you looking for professional grade protection against high level hackers/crackers? The issue about that is it's
unlikely you will stop
very knowledgeable programmers from cracking your program. Think of all the companies with expensive products that have tried and failed. This includes many "smart" malware programmers that have
Anti-Virus professionals crack their bad programs too or help put them in jail. Methods for cracking and reverse engineering programs are numerous and long. There are so many tools out there.
To get professional grade protection for a software product could cost
hundreds of dollars, and the number of users that need such high level protection are very few. Arguably, what many people making professional products do is get a
copyright, so that they have
legal protection. Legal protection is just as much a deterrent as software protection, because you can sue people who are violating your copyright and stop them from making any money off of you.
Joe Glines AutoHotkey Webinar On Protecting your IP
https://youtu.be/hS4tiHq3jXk (part 1)
https://youtu.be/P8sN5FNSm_8 (part 2)
If you are using an interpreted language like AutoHotkey, there is only so much you can do, in terms of software protection. And it's not just AutoHotkey that is in this boat, but also languages such as AutoIt, JavaScript, Java, Python, etc... You might be better off programming in truly compiled languages like C/C++, Object Pascal/Delphi, Go, etc... Even then, high level hackers/crackers/professional programmers have reverse engineering tricks up their sleeves that have pissed off and frustrated many software protection methods.