Decompiling

Ask for help, how to use AHK_H, etc.
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: Decompiling

16 Nov 2015, 17:50

Those files should not be there, I have removed them, this is the correct file, thanks for pointing out.
Mobius
Posts: 5
Joined: 16 Nov 2015, 08:41

Re: Decompiling

16 Nov 2015, 17:55

If each character of the password is stored as an individual and an identical character (within the password) is used as an individual within the source then post optimization that same character will only exist once in the binary and be used as an individual reference point for multiple code procedures, the same actually if the password is a string that is used multiple times within the source post optimization.

If this is indeed the case then I have wasted everyone's time and patching is indeed very difficult without breakage somewhere else.

Response to your edit:
Zip is an algorithm is it not ;) , this is ofc moot if the above is true.
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: Decompiling

16 Nov 2015, 18:02

The idea was that not only the password should be changed when recompiling source but also how it is assigned to variables, so instead of simply assigning a character you could call a function or apply some algorithm that makes the password for you.

EDIT:
Yes, zip is algorithm but it does not apply to the password ;)
Mobius
Posts: 5
Joined: 16 Nov 2015, 08:41

Re: Decompiling

16 Nov 2015, 18:09

Thankyou very much for your time HotKeyIt :) I think I should take a much closer look before posting further!

Ed: I was kinda hoping this wouldn't be as cut and dry as it first appeared, unlike hybridization of the original AutoHotkey payload algorithm :(
guest3456
Posts: 3454
Joined: 09 Oct 2013, 10:31

Re: Decompiling

17 Nov 2015, 00:28

HotKeyIt wrote:The idea was that not only the password should be changed when recompiling source but also how it is assigned to variables, so instead of simply assigning a character you could call a function or apply some algorithm that makes the password for you.
But does it even matter? I mean the ahk2exe compiler requires you to input the password as a normal string that is used to unencrypt the scripttext so that the executable can even run

HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: Decompiling

17 Nov 2015, 00:46

Yes but the password is saved in executable only, I think it is more difficult to find out the password if you apply more security, even just moving the assignments to different place or randomizing it, e.g.:

Code: Select all

	g_default_pwd1 = L'u';
	g_default_pwd5 = L'o';
	g_default_pwd4 = L'H';
	g_default_pwd2 = L't';
	g_default_pwd8 = L'e';
	g_default_pwd9 = L'y';
	g_default_pwd3 = L'o';
	g_default_pwd0 = L'A';
	g_default_pwd6 = L't';
	g_default_pwd7 = L'k';
guest3456
Posts: 3454
Joined: 09 Oct 2013, 10:31

Re: Decompiling

17 Nov 2015, 02:57

for reference for those reading

normal AHK 1.1 scripts compiled with the ahk2exe (non AHK_H), can be easily viewed by simply looking at the RCData resource in the executable, with a tool such as Resource Hacker

alternatively, you can use the decompiler to extract the script's code, gotten from this thread

HotKeyIt's AHK_H build aims to offer an alternative with some protection from this by encrypting the resource. both the Resource Hacker and the decompiler fails on AHK_H encrypted exes

finally, users of the older AHK 1.0 (AHK_Basic) can get some protection by using HotKeyCamo by Mobius
Last edited by guest3456 on 15 Apr 2016, 20:00, edited 3 times in total.

Mobius
Posts: 5
Joined: 16 Nov 2015, 08:41

Re: Decompiling

20 Nov 2015, 11:39

Unfortunately what I've seen of Ahk_h the methodology behind the password better serves obstruction of post compile manipulation rather than obstructing the acquisition of the password as one only needs to trace the references to the character's in a debugger.

My advice would be to build a wrapper around the dll version of this product (which is mighty fine IMO) and impose your own algorithm (whatever you choose) for source acquisition as the primary or a secondary layer of obstruction.

This is of course only relevant to those that do not wish to delve into vs2010 in which anything is possible thanks to the generously open source nature of this product.
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: Decompiling

20 Nov 2015, 18:10

Mobius wrote:Unfortunately what I've seen of Ahk_h the methodology behind the password better serves obstruction of post compile manipulation rather than obstructing the acquisition of the password as one only needs to trace the references to the character's in a debugger.
Therefore I have implemented some anti-debugging features that should make it a harder, we all know there is no way to protect it 100%.

The way AHK_H protects script does make it difficult to write a tool that will decrypt any script.
It is up to the user do add more security to the source code and apply some algorithm or function that generates the password, so it makes it very hard to get the code for a non hacker.

Have you tried to get the password in debugger? Did you succeed? Did you manage to get the script?
guest3456
Posts: 3454
Joined: 09 Oct 2013, 10:31

Re: Decompiling

20 Nov 2015, 21:16

Mobius wrote: My advice would be to build a wrapper around the dll version of this product (which is mighty fine IMO) and impose your own algorithm (whatever you choose) for source acquisition as the primary or a secondary layer of obstruction.
I did this for another one of my projects. I used a simple AHK_Basic wrapper script, compiled/protected with HotkeyCamo. This wrapper would connect to my website, and upon license verification, it would download an encrypted version of the actual script code. The code would be decrypted by the wrapper and then run dynamically through AHK_H.dll

I was hoping to avoid this type of hack with this new AHK_H

drawback
Posts: 34
Joined: 11 Aug 2016, 11:31

Re: Decompiling

12 Aug 2016, 03:59

Hello!

Sorry for asking dumb questions but I'm new to all of this :)

Can somebody give a brief overview (step by step) of what I need to do exactly to get a AHK_H version that is able to encrypt the source code of a project by using a different password than the default?

HotKeyIt posted instructions:
1. Download
2. Extract ahkdll-v1-release-master.zip
3. Copy ahkdll-v1-release-master\Win32w\AutoHotkey.exe to ahkdll-v1-release-master\Compiler\Ahk2Exe.exe
4. Double click Ahk2Exe.exe
5. Select correct Base File (.bin)
6. Use compression or/and encryption checkboxes.
7. Press > Compile Executable <

Ok, I did all this (with https://github.com/HotKeyIt/ahkdll-v2-r ... master.zip instead of the v1 release)
I used a simple .ahk script to see if it works:

Code: Select all

a := "Test stringg"
StringTrimRight, a, a, 1
MsgBox, % a
But whatever .bin file I select:
v2.0.0.0 Ahk2Exe.exe (..\Compiler)
v2.0.0.0 Ahk2Exe.exe (..\Win32w)
etc.

I immediately get this error after clicking on "Compile Executable":

Code: Select all

Error: The script contains syntax errors.

StringTrimRight, a, a, 1
(4) : ==> Call to nonexistent function.

     Specifically: StringTrimRight
What am I doing wrong?
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: Decompiling

12 Aug 2016, 09:06

You are using AutoHotkey v2 and try to compile script that is written for AutoHotkey v1!
drawback
Posts: 34
Joined: 11 Aug 2016, 11:31

Re: Decompiling

12 Aug 2016, 10:07

Emmmm, ok, I got it, old syntax is gone... Rewriting the example to e.g. SubStr() works fine
Guest078

Re: Decompiling

13 Aug 2016, 02:43

Hi,

I've recompiled AutoHotkey with a different password and it works fine when I use it as Ahk2Exe.exe from the compiler folder :)

I'm used to compile my scripts with a build script (a .bat file) from within Sublime Text. Is there any chance that command line parameters will be supported, HotKeyIt?
Like:
ahk2exe.exe /in "<file name.ahk>" /out "<different file name.exe>" /pwd "<the password that was used for recompiling AutoHotkey>"?

Ofc no GUI would be shown and error messages would be directed to standard out (konsole), not with a message box...

This would make building so much more convenient...

Regards,
Stephen
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: Decompiling

13 Aug 2016, 04:18

Compile Ahk2Exe.ahk and it should work, otherwise you have to pass ahk2exe.ahk as parameter for ahk2exe.exe!
Guest078

Re: Decompiling

13 Aug 2016, 13:03

Compile Ahk2Exe.ahk and it should work
Can't get it to work...

- I've copied my new AutoHotkey.exe (with changed password) to ".\Compiler"
- Renamed it to "Ahk2Exe.exe"
- Started it
- As the source file I use the "Ahk2Exe.ahk"
- As destination: "Ahk2Exe_new.exe"
- I use the new password for "Encrypt." and compile it
- Delete "Ahk2Exe.exe" and rename "Ahk2Exe_new.exe" back to "Ahk2Exe.exe"

When I now invoke Ahk2Exe.exe from the command line I get this error:
Error: The AutoHotkey build used for auto-inclusion of library functions is not recognized.

D:\Tools\AutoHotkey_H\Compiler\..\AutoHotkey.exe
I tried it with the files that are included in "https://github.com/HotKeyIt/ahkdll/tree/alpha"
and with "https://github.com/HotKeyIt/Ahk2Exe/tree/alpha" (deleting the compiler folder before)

I guess I did something wrong?
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: Decompiling

13 Aug 2016, 14:32

I have pushed a fix, download the files again and try now.
Guest078

Re: Decompiling

13 Aug 2016, 15:20

Thanks!

With the fix I don't get the error message any more :)

Unfortunately, something still isn't working as expected (or I don't understand correctly how to call Ahk2Exe)...

Let's assume I changed the password from AutoHotkey to ButoHotkey
(by changing g_default_pwd0 = 'A'; to g_default_pwd0 = 'B'; and recompiling the project)

I compiled the fixed Ahk2Exe.ahk and when I invoke it's .exe file and compile a testscript
from the GUI (I'm using the "ButoHotkey" password here) the testscript's .exe
- Works fine
- Is fully encrypted (I looked at all RCDATA entries with Resource Hacker)

When I try to do the same from the command line by:

Code: Select all

Ahk2Exe.exe /in "D:\Tools\AutoHotkey_H\Compiler\_testscript.ahk" /out "D:\Tools\AutoHotkey_H\Compiler\_testscript.exe" /bin Ahk2Exe.exe /pass ButoHotkey
- The resulting .exe still works fine
- But it's script is fully visible in one of the RCDATA entries

<- Too dumb to call Ahk2Exe correctly?
Guest078

Re: Decompiling

13 Aug 2016, 23:43

HotKeyIt wrote:That was a bug, fixed now ;)
Confirmed, works fine now! Thanks for creating AHK_H + the support!

Return to “Ask for Help”

Who is online

Users browsing this forum: No registered users and 23 guests