A script encrypt-er was made by @feiyue. It works very well. But How can I un-encrypt my script?
I've noticed that there's a togetcode(s) function built into his script. Can this be used to un-encrypt the script/view the code?
Original Post by https://www.autohotkey.com/boards/viewtopic.php?t=42494
Original Code...
Code: Select all
/*
;-------------------------------
AHK source code Encryptor v2.7 By FeiYue
1. This tool can encrypt the AHK script into a self decode script.
2. Then you can use ahk2exe to compile the script into a program,
combined with mpress.exe or upx.exe packers.
Note: To compile the script, you must have a AutoHotkey.exe
in the script directory.
3. When you want to use the directory relative to the script(eg 001.jpg),
Don't use A_ScriptDir, but use A_WorkingDir. It is recommended to backup
the working directory to a variable at the beginning of the script,
Then change the path to absolute path based on the variable (eg %dir%\001.jpg).
4. When you want to Reload your own script, the built-in Reload command will fail,
You can use Reload() function instead (it's added when encrypted).
;-------------------------------
*/
#NoEnv
#SingleInstance force
ListLines, Off
SetBatchLines, -1
Version = 2.7
fs=
(` %
Exec(str, Ahk="", arg="") {
static MyFunc, base, ScriptName:=%True%
s:=RegExReplace(str,"\s"), StrReplace(s,"u","",size)
VarSetCapacity(str,(size+1)*4,0), s:=SubStr(s,InStr(s,"u")+1)
Loop, Parse, s, u
NumPut(A_LoopField, str, (A_Index-1)*4, "uint")
;-----------------------------
Ahk:=Ahk ? Ahk : A_IsCompiled
? A_ScriptDir "\AutoHotkey.exe" : A_AhkPath
IfNotExist, %Ahk%
{
MsgBox, 4096, Error!, `n`nCan't Find: %Ahk% !`n`n
return, 0
}
if !MyFunc
{
x32:="5557565381EC4C0100008B9C24680100008BBC246C01000"
. "08BAC24700100008B433C01D88038500F85380500008078014"
. "50F852E0500008B706085F60F84FF04000031C9837864010F9"
. "2C119D283E210894C245083C2788B341001DE8B4E188974243"
. "C8B562085C90F84E504000031C08D3413EB0B83C00139C10F8"
. "4D30400008B1486813C134765745075E9817C1304726F63417"
. "5DF8B74243C8D04430346240FB7008D048303461C8B3085F60"
. "F84A0040000B86500000001DE891C2466894424688D442460C"
. "744246057726974C74424646546696C89442404FFD683EC088"
. "944243C8D442475891C24C7442475476C6F62C7442479616C4"
. "16CC744247D6C6F630089442404FFD683EC08BA65650000894"
. "424548D44246A6689542472891C24C744246A476C6F62C7442"
. "46E616C4672C64424740089442404FFD683EC08B9734100008"
. "94424488D84248D00000066898C2499000000891C24C784248"
. "D00000043726561C784249100000074655072C784249500000"
. "06F636573C684249B0000000089442404FFD683EC088944245"
. "C8D8424BE000000891C24C78424BE00000043726561C78424C"
. "200000074654E61C78424C60000006D656450C78424CA00000"
. "069706541C68424CE0000000089442404FFD683EC088944245"
. "88D8424CF000000891C24C78424CF000000436F6E6EC78424D"
. "30000006563744EC78424D7000000616D6564C78424DB00000"
. "050697065C68424DF0000000089442404FFD683EC088944244"
. "08D842481000000891C24C7842481000000436C6F73C784248"
. "50000006548616EC7842489000000646C650089442404FFD68"
. "3EC088D5C24608944244CC744241000000000C744240800000"
. "000897C2404895C240CC7042400000000FF54243C83EC14807"
. "C2460000F85E50200008D34AD04000000C7042400000000897"
. "4244489742404FF54245483EC0885C089C30F841703000031C"
. "085ED7415908B148789148383C00139C575F38B44244483E80"
. "4C7040300000000C784249C0000000B000000BA0B000000C78"
. "424A00000000D000000C78424A40000001100000031C0C7842"
. "4A800000013000000EB0C89C283E2038B94949C00000069D28"
. "300000089C183E10301C283C00183F86489948C9C00000075D"
. "831D285ED742D669089D183E10369848C9C000000830000000"
. "1D089848C9C000000330493D1C083C00189049383C20139D57"
. "5D58B8424640100008B742458C744241C00000000C74424180"
. "0000000C744241400000000C744241000000000C744240CFF0"
. "00000C744240800000000C744240402000000890424FFD683E"
. "C2089C78B842464010000C744241C00000000C744241800000"
. "000C744241400000000C744241000000000C744240CFF00000"
. "0C744240800000000C744240402000000890424FFD683EC208"
. "3FFFF89C60F849D01000083F8FF0F84940100008D8C24E0000"
. "0008D94244001000089C8C7000000000083C00439C275F3837"
. "C245001894C2420C744241C00000000C744241800000000C74"
. "4241400000000C744241000000000C744240C00000000C7442"
. "4080000000019C0C704240000000083E0E483C060898424E00"
. "000008D8424AC000000894424248B84246001000089442404F"
. "F54245C83EC2885C00F84DA0000008B6C244C8B8424AC00000"
. "089042489E8FFD083EC048B8424B000000089042489E8FFD08"
. "3EC04893C24C744240400000000FF54244083EC0889E8893C2"
. "4FFD083EC04893424C744240400000000FF54244083EC088D4"
. "42460895C2404893424C7442410000000008944240C8B44244"
. "489442408FF54243C83EC1489E8893424FFD083EC04891C24F"
. "F54244883EC0431C081C44C0100005B5E5F5DC21400C744245"
. "001000000BA88000000E904FBFFFFB8FEFFFFFF81C44C01000"
. "05B5E5F5DC2140081C44C010000B8FFFFFFFF5B5E5F5DC2140"
. "0B8FDFFFFFFEBDA893C248B7C244C89F8FFD083EC0489F8893"
. "424FFD083EC04891C24FF542448B8FAFFFFFF83EC04EBB1893"
. "C248B7C244C89F8FFD083EC0489F8893424FFD083EC04891C2"
. "4FF542448B8FBFFFFFF83EC04EB88B8FCFFFFFFEB8190"
x64:="4157415641554154555756534881EC98010000B8FFFFFFF"
. "F8BB4240002000048899424E8010000418B503C4D89C748898"
. "C24E00100004D89CC4C01C2803A500F858C040000807A01450"
. "F8582040000448B42604585C00F8489040000837A64014819C"
. "031FF83E0104883C078837A6401400F92C7897C245C448B0C0"
. "2B8FEFFFFFF4D01F9418B4918418B512085C90F843D0400003"
. "1C04D8D0417EB100F1F40004883C00139C10F864B040000418"
. "B148041813C174765745075E641817C1704726F634175DB418"
. "B5124498D04470FB71410418B411C498D14978B3C0285FF0F8"
. "41304000048B8577269746546696C488D6C24704C01FF48894"
. "42470B8650000004C89F94889EA6689442478FFD74989C548B"
. "8476C6F62616C416C488D9424900000004C89F948898424900"
. "00000C78424980000006C6F6300FFD7BA656500004889C348B"
. "8476C6F62616C467266899424880000004C89F9488D9424800"
. "000004889842480000000C684248A00000000FFD7B97341000"
. "0488944245048B8437265617465507266898C24BC000000488"
. "D9424B00000004C89F948898424B0000000C78424B80000006"
. "F636573C68424BE00000000FFD7488944246048B8437265617"
. "4654E61488D9424D000000048898424D000000048B86D65645"
. "0697065414C89F948898424D8000000C68424E000000000FFD"
. "74989C648B8436F6E6E6563744E488D9424F00000004889842"
. "4F000000048B8616D6564506970654C89F948898424F800000"
. "0C684240001000000FFD7488944246848B8436C6F736548616"
. "E488D9424A00000004C89F948898424A0000000C78424A8000"
. "000646C6500FFD74531C031C94889C748C7442420000000004"
. "989E94C89E241FFD5807C247000B8FDFFFFFF0F85490200008"
. "D14B50400000031C94989D7FFD34885C04889C30F849202000"
. "031C085F6741D0F1F840000000000418B14848914834883C00"
. "139C677F189F048C1E002C7040300000000C78424C00000000"
. "B000000BA0B000000C78424C40000000D000000C78424C8000"
. "0001100000031C0C78424CC00000013000000EB0C89C283E20"
. "38B9494C000000069D28300000089C183E10301C283C00183F"
. "86489948CC000000075D831D285F6742E904889D183E103698"
. "48CC00000008300000001D089848CC0000000330493D1C083C"
. "0018904934883C20139D677D34531C041B9FF000000BA02000"
. "000488B8C24E801000048C744243800000000C744243000000"
. "000C744242800000000C74424200000000041FFD64889C6453"
. "1C048C744243800000000C744243000000000C744242800000"
. "00041B9FF000000C744242000000000BA02000000488B8C24E"
. "801000041FFD64883FEFF4989C40F84380100004883F8FF0F8"
. "42E010000488D8C2430010000488D9424900100004889C8669"
. "0C700000000004883C0044839C275F1837C245C0148894C244"
. "048C74424380000000048C744243000000000C744242800000"
. "000C744242000000000488B9424E001000019C04531C94531C"
. "083E0E431C983C06089842430010000488D842410010000488"
. "9442448488B442460FFD085C00F8488000000488B8C2410010"
. "000FFD7488B8C2418010000FFD74C8B74246831D24889F14C8"
. "9F0FFD04889F1FFD731D24C89E14C89F0FFD04989E94589F84"
. "889DA4C89E148C74424200000000041FFD54C89E1FFD74889D"
. "9488B442450FFD031C04881C4980100005B5E5F5D415C415D4"
. "15E415FC3B888000000C744245C01000000E981FBFFFFB8FEF"
. "FFFFFEBD34889F1FFD74C89E1FFD74889D9488B442450FFD0B"
. "8FAFFFFFFEBB84889F1FFD74C89E1FFD74889D9488B442450F"
. "FD0B8FBFFFFFFEB9DB8FCFFFFFFEB969090909090"
hex:=A_PtrSize=8 ? x64:x32
VarSetCapacity(MyFunc, len:=StrLen(hex)//2)
Loop, % len
NumPut("0x" SubStr(hex,2*A_Index-1,2),MyFunc,A_Index-1,"uchar")
DllCall("VirtualProtect","ptr",&MyFunc,"ptr",len,"uint",0x40,"ptr*",0)
base:=DllCall("GetModuleHandle", "Str","Kernel32", "ptr")
ScriptName:=ScriptName ? ScriptName : A_ScriptFullPath
}
Random, n, 1, 1000000
pipe_name:="\\.\pipe\AHK" . A_TickCount . n
cmdline="%Ahk%" "%pipe_name%" "%ScriptName%" %arg%
DllCall(&MyFunc, "AStr",cmdline, "AStr",pipe_name
, "ptr",base, "ptr",&str, "uint",size)
return, 1
}
)
if 0>0
{
file:=%True%
IfExist, %file%
Gosub, Encrypt
ExitApp
}
Gui, +AlwaysOnTop +ToolWindow
Gui, Color, DDEEFF
Gui, Font, cRed s28
Gui, Add, Text,, Drag the AHK script here to Encrypt`n`n
Gui, Show,, AHK source code Encryptor v%Version% - By FeiYue
OnMessage(0x201, "LButton_Down")
LButton_Down() {
SendMessage, 0xA1, 2
}
return
GuiClose:
ExitApp
GuiDropFiles:
Gui, +OwnDialogs
Loop, parse, A_GuiEvent, `n
{
file:=A_LoopField
MsgBox, 4100, Tip, Do you want to encrypt this file ?`n`n%file%
IfMsgBox, Yes
{
Gosub, Encrypt
MsgBox, 4096, Tip, Encryption is completed !
}
}
return
Encrypt:
FileRead, s, %file%
s:= "`n;You can compile and set icons by using Ahk2Exe.exe`n"
. "`n;If AutoHotkey.exe wants to change its name to abc.exe,"
. " Please modify Ahk=%A_ScriptDir%\abc.exe`n"
. "`n #NoEnv"
. "`n #NoTrayIcon"
. "`n #SingleInstance off"
. "`n SetBatchLines, -1"
. "`n if A_IsCompiled"
. "`n {"
. "`n Ahk=%A_ScriptDir%\AutoHotkey.exe"
. "`n FileInstall, AutoHotkey.exe, %Ahk%"
. "`n }"
. "`n else Ahk="
. "`n`ns=`n"
. RegExReplace(Encode(s),".{1,60}","s.=""$0""`n")
. "`n Exec(s, Ahk)"
. "`n ExitApp`n"
. fs
f:=RegExReplace(file,"\.[^.]+$") . "-encoded.ahk"
FileDelete, %f%
FileAppend, %s%, %f%
return
Encode(s) {
static MyFunc
if !MyFunc
{
x32:="5653BA0B00000031C083EC108B5C241C8B742420C704240"
. "B000000C74424040D000000C744240811000000C744240C130"
. "00000EB0889C283E2038B149469D28300000089C183E10301C"
. "283C00183F86489148C75E031C085F6742A908D74260089C18"
. "3E10369148C8300000001C289148C8B0C8383E901D1C931CA8"
. "9148383C00139C675DB83C41031C05B5EC3909090"
x64:="4883EC1841B80B00000031C0C704240B000000C74424040"
. "D000000C744240811000000C744240C13000000EB0E0F1F004"
. "189C04183E003468B04844569C0830000004189C14183E1034"
. "101C083C00183F8644689048C75D831C085D2743266904989C"
. "1448B14814183E1034669048C830000004101C04689048C458"
. "D4AFF41D1C94531C8448904814883C00139C277D031C04883C"
. "418C3909090909090909090"
hex:=A_PtrSize=8 ? x64:x32
VarSetCapacity(MyFunc, len:=StrLen(hex)//2)
Loop, % len
NumPut("0x" SubStr(hex,2*A_Index-1,2),MyFunc,A_Index-1,"uchar")
DllCall("VirtualProtect","ptr",&MyFunc,"ptr",len,"uint",0x40,"ptr*",0)
}
add=
(%
;-----------------------
ListLines, Off
My_ScriptName:=%True%
Try Menu, Tray, Icon, %My_ScriptName%
Gui, SingleInstance_force:Show, Hide, [%My_ScriptName%]
Gui, SingleInstance_force:+HwndMy_guiid
DetectHiddenWindows, On
WinGet, My_list, List, [%My_ScriptName%] ahk_class AutoHotkeyGUI
Loop, % My_list {
IfEqual, My_guiid, % My_id:=My_list%A_Index%, Continue
WinGet, My_pid, PID, ahk_id %My_id%
WinClose, ahk_class AutoHotkey ahk_pid %My_pid%
WinWaitClose, ahk_id %My_id%
}
DetectHiddenWindows, Off
SetWorkingDir, % RegExReplace(My_ScriptName,"\\[^\\]*$")
;-----------------------
Reload() {
static My_ScriptName:=%True%
Try {
if My_ScriptName=
return
else if InStr(My_ScriptName,".exe")
Run, "%My_ScriptName%"
else
Run, "%A_AhkPath%" "%My_ScriptName%"
ExitApp
}
}
ListLines, On
;-----------------------
)
s:=add "`n" s "`nExitApp`n#SingleInstance off`n"
; . togetcode(s)
s:=(A_IsUnicode ? chr(0xfeff) : chr(0xEF) chr(0xBB) chr(0xBF))
. RegExReplace(s,"\R","`r`n") . "`t`t`t"
size:=VarSetCapacity(s,-1)//4
VarSetCapacity(str, size*11*(!!A_IsUnicode+1))
DllCall(&MyFunc, "ptr",&s, "int",size, "Cdecl")
Loop, % size
str.="u" . NumGet(s,(A_Index-1)*4,"uint")
return, str
}
; If you need to read the script itself, you need it
togetcode(s) {
s:=StrReplace(s,"#","#0")
For k,v in StrSplit("`r`n;""``")
s:=StrReplace(s,v,"#" k)
s:="`ngetcode(k) {`nListLines, Off`n"
. "IfNotEqual,k,[email protected],return`ns=`n"
. RegExReplace(s,".{1,60}","s.=""$0""`n")
. "For k,v in StrSplit(""``r``n;""""````"")`n"
. " s:=StrReplace(s,""#"" k,v)`n"
. "s:=StrReplace(s,""#0"",""#"")`n"
. "return, s`n}`n"
return, s
}
;======== The End ========
;
/******** The C source code ********
#include <windows.h>
typedef HANDLE (WINAPI * _GetProcAddress)(
HMODULE hModule,
LPCSTR lpProcName
);
typedef BOOL (WINAPI * _CreateProcessA)(
LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
typedef HGLOBAL (WINAPI * _GlobalAlloc)(
UINT uFlags,
SIZE_T dwBytes
);
typedef HGLOBAL (WINAPI * _GlobalFree)(
HGLOBAL hMem
);
typedef BOOL (WINAPI * _WriteFile)(
HANDLE hFile,
LPCVOID lpBuffer,
DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,
LPOVERLAPPED lpOverlapped
);
typedef HANDLE (WINAPI * _CreateNamedPipeA)(
LPCSTR lpName,
DWORD dwOpenMode,
DWORD dwPipeMode,
DWORD nMaxInstances,
DWORD nOutBufferSize,
DWORD nInBufferSize,
DWORD nDefaultTimeOut,
LPSECURITY_ATTRIBUTES lpSecurityAttributes
);
typedef BOOL (WINAPI * _ConnectNamedPipe)(
HANDLE hNamedPipe,
LPOVERLAPPED lpOverlapped
);
typedef BOOL (WINAPI * _CloseHandle)(
HANDLE hObject
);
int WINAPI DecodeAndRun(
LPCSTR cmdline, LPCSTR pipe_name,
PUCHAR base, LPDWORD str, DWORD size )
{
DWORD index, name_num, name, win64, func=0;
LPDWORD Addr_func, Addr_name, hMen;
PUSHORT Addr_ord;
PUCHAR tou, biao;
HANDLE p1, p2;
//-----------------------------
tou=(PUCHAR)(base+(*(LPDWORD)(base+0x3C)));
if (tou[0]!='P' || tou[1]!='E')
return -1;
if ((*(LPDWORD)(tou+0x60))==0||(*(LPDWORD)(tou+0x64))==0)
{ win64=1; index=0x88; }
else
{ win64=0; index=0x78; }
biao = (PUCHAR)(base+(*(LPDWORD)(tou+index)));
name_num = *(LPDWORD)(biao+0x18);
Addr_func = (LPDWORD)(base+(*(LPDWORD)(biao+0x1C)));
Addr_name = (LPDWORD)(base+(*(LPDWORD)(biao+0x20)));
Addr_ord = (PUSHORT)(base+(*(LPDWORD)(biao+0x24)));
for (index=0; index<name_num; index++)
{
name=Addr_name[index]; // 'PteG'+'Acor'
if ( (*(LPDWORD)(base+name)) == 0x50746547
&& (*(LPDWORD)(base+name+4)) == 0x41636F72 )
{
func=Addr_func[Addr_ord[index]];
break;
}
}
if (func==0)
return -2;
//-----------------------------
_GetProcAddress GetProcAddress = (_GetProcAddress)(base+func);
char str1[]="WriteFile";
_WriteFile WriteFile = (_WriteFile)GetProcAddress(base,str1);
char str2[]="GlobalAlloc";
_GlobalAlloc GlobalAlloc = (_GlobalAlloc)GetProcAddress(base,str2);
char str3[]="GlobalFree";
_GlobalFree GlobalFree = (_GlobalFree)GetProcAddress(base,str3);
char str4[]="CreateProcessA";
_CreateProcessA CreateProcessA = (_CreateProcessA)GetProcAddress(base,str4);
char str5[]="CreateNamedPipeA";
_CreateNamedPipeA CreateNamedPipeA = (_CreateNamedPipeA)GetProcAddress(base,str5);
char str6[]="ConnectNamedPipe";
_ConnectNamedPipe ConnectNamedPipe = (_ConnectNamedPipe)GetProcAddress(base,str6);
char str7[]="CloseHandle";
_CloseHandle CloseHandle = (_CloseHandle)GetProcAddress(base,str7);
//-----------------------------
WriteFile(0, str, 0, (LPDWORD)str1, 0);
if (str1[0]!=0)
return -3;
hMen=(LPDWORD)GlobalAlloc(0, (size+1)*4);
if (hMen==0)
return -4;
for (index=0; index<size; index++)
hMen[index]=str[index];
hMen[index]=0;
//-----------------------------
// Copy the contents of Decode()
//-----------------------------
// My private encryption algorithm is not published here.
// You can write your own encryption algorithm. Such as:
for (int i=0; i<size; i++)
hMen[i]=(hMen[i]^(666+i))-1;
//-----------------------------
p1=CreateNamedPipeA(pipe_name, 2, 0, 255, 0, 0, 0, 0);
p2=CreateNamedPipeA(pipe_name, 2, 0, 255, 0, 0, 0, 0);
if ((HANDLE)-1==p1 || (HANDLE)-1==p2)
{
CloseHandle(p1);
CloseHandle(p2);
GlobalFree(hMen);
return -5;
}
HANDLE pi[4];
DWORD si[24];
for (index=0; index<24; index++)
si[index]=0;
si[0]=win64 ? 96 : 68;
if (!CreateProcessA(0, cmdline, 0,0,0, 0,0,0, si,pi))
{
CloseHandle(p1);
CloseHandle(p2);
GlobalFree(hMen);
return -6;
}
CloseHandle(pi[0]);
CloseHandle(pi[1]);
ConnectNamedPipe(p1, 0);
CloseHandle(p1);
ConnectNamedPipe(p2, 0);
WriteFile(p2, hMen, (size+1)*4, (LPDWORD)str1, 0);
CloseHandle(p2);
GlobalFree(hMen);
return 0;
}
//******** Encode() ********
int Encode(unsigned int * hMen, int size)
{
// My private encryption algorithm is not published here.
// You can write your own encryption algorithm. Such as:
for (int i=0; i<size; i++)
hMen[i]=(hMen[i]+1)^(666+i);
}
//******** Decode() ********
int Decode(unsigned int * hMen, int size)
{
// My private encryption algorithm is not published here.
// You can write your own encryption algorithm. Such as:
for (int i=0; i<size; i++)
hMen[i]=(hMen[i]^(666+i))-1;
}
*/