Zoanthario wrote: ↑
13 Nov 2019, 14:46
SOTE wrote: ↑
11 Nov 2019, 23:26
I lean towards Encryptor by FeiYue (for AutoHotkey_L) or AutoHotkey_H being the better ways to protect code versus obfuscation. In the case of FeiYue's Encryptor, it will likely be easier for casual or newer users of AutoHotkey to use, though a user might want to eventually replace the machine code used with their own machine code as they become more advanced. The AutoHotkey_H fork would also be an option for more advanced or adventurous users looking for something a little extra.
Actually I know a way of decryption for FeiYue's encryptor, besides that it only works with ahk files without compiling them which doesn't allow to use the program as an exe file.
I think you are mistaken. If you are referring to Garry's "decompiler" (EXE2AHK), it doesn't decrypt the script of a FeiYue encryptor .exe, an it just works on normal AutoHotkey .exe files. It is possible to "decrypt" Encryptor files, but not in an obvious way for casual users. Secondly, FeiYue's encrpytor does "compile" files and produces an .exe. So I'm not sure what you mean by it only works with .ahk files. You might want to reread the instructions on his thread about how to use it.
For AutoHotkey_L, FeiYue's method is arguably a very good way to go. The next level up, above FeiYue's Encryptor, would be AutoHotkey_H. Casual users are not going to easily crack it nor are 98% of users spending large amounts of time trying. If a person is so focused on software protection, they might want to consider buying some type of 3rd party professional protection or wrap the AutoHotkey exe inside another executable of a different and compiled programming language.
You could also use Digidon's Obfuscator (https://www.autohotkey.com/boards/viewtopic.php?t=49887
), but the methods of obfuscation are well published, opening it up for medium to advanced users to create deobfuscator scripts or understand the method enough to somewhat be able to read the code. Whether it's Digidon's Obfuscator or FeiYue's Encryptor, they are mainly just deterrents against casuals and non-professionals.
However, a person could improve upon Digidon's method or make their own variation. To understand this methodology a bit more or to see how far it can be taken, a person could look at PELock
, which is a professional obfuscator
made for AutoIt (and other languages like Basic and Pascal). This does more than just obfuscation, but is also a license management system with time-trials. Google search PELock to find out more, I won't link them here, as I'm not promoting their product. Another product that has been mentioned on the forums is Enigma Protector, so you might want to look them up too.
When people are referring to "script protection", this has different degrees. Are you referring to protection against casuals, or are you looking for professional grade protection against high level hackers/crackers? The issue about that is it's unlikely
you will stop very knowledgeable programmers
from cracking your program. Think of all the companies with expensive products that have tried and failed. This includes many "smart" malware programmers that have Anti-Virus professionals crack their bad programs too
or help put them in jail. Methods for cracking and reverse engineering programs are numerous and long. There are so many tools out there.
To get professional grade protection for a software product could cost hundreds of dollars
, and the number of users that need such high level protection are very few. Arguably, what many people making professional products do is get a copyright
, so that they have legal protection
. Legal protection is just as much a deterrent as software protection, because you can sue people who are violating your copyright and stop them from making any money off of you.
Joe Glines AutoHotkey Webinar On Protecting your IP