How to build Autohotkey_H source code? Topic is solved
Re: How to build Autohotkey_H source code?
1, 2, miss a few, 99, 100.
homepage | tutorials | wish list | fun threads | donate
WARNING: copy your posts/messages before hitting Submit as you may lose them due to CAPTCHA
WARNING: copy your posts/messages before hitting Submit as you may lose them due to CAPTCHA
Re: How to build Autohotkey_H source code?
Password can be easy extracted (by teadrinker):Keep in mind that AutoHotkey_H can use the default password, so that can provide some protection unless the person knew what it was or was familiar with AutoHotkey_H, until you learn how to change the password and compile it.
Code: Select all
oFile := FileOpen("D:\Downloads\Test.exe", "r")
oFile.RawRead(buff, len := oFile.Length)
oFile.Close()
pPtr := &buff - 2
while pPtr := DllCall("msvcrt\memchr", Ptr, pPtr + 2, Int, Ord("D"), Ptr, ( len - (A_Index = 1 ? 0 : &buff - pPtr) )//2, Ptr) {
if StrGet(pPtr, 10) = "DllImport." {
while c := StrGet(pPtr + 12*2 + (A_Index - 1)*10, 1)
pwd .= c
break
}
}
MsgBox, % pwd
Re: How to build Autohotkey_H source code?
1. Yes.
2. Yes it matters.
3. It means when a source code is published, it is not that difficult to 'hack' it.
To have a proper protection you have to come up with a different way than default password to protect your code.
The best method is to use a separate function and no fix password in this line: https://github.com/HotKeyIt/ahkdll/blob/aa35c970c5ad7102522095d0c759162b3bc19665/source/util.cpp#L3219
2. Yes it matters.
3. It means when a source code is published, it is not that difficult to 'hack' it.
To have a proper protection you have to come up with a different way than default password to protect your code.
The best method is to use a separate function and no fix password in this line: https://github.com/HotKeyIt/ahkdll/blob/aa35c970c5ad7102522095d0c759162b3bc19665/source/util.cpp#L3219
Re: How to build Autohotkey_H source code?
HotKeyIt - Appreciate timely response but do not understand. Wish you were not so smart and could understand how little of this makes sense to a layperson.
To prove how little sense it makes to someone who is not as knowledgeable as you are I will start with:
I interpreted malcev's presentation of the teadrinker routine to imply it would cherry pick the current password in the compiled text.exe, whether it was the default or not?!?
To prove how little sense it makes to someone who is not as knowledgeable as you are I will start with:
Ok, From that sentence I understand "2. Yes", but do NOT understand "it matters". Do you mean that "if you change the password then teadrinker's routine will NOT be able to extract the changed password?".
I interpreted malcev's presentation of the teadrinker routine to imply it would cherry pick the current password in the compiled text.exe, whether it was the default or not?!?
Re: How to build Autohotkey_H source code?
The code from malcev would not work if you change the amount of empty characters between letters, e.g. here we have only 3 empty characters in between.
pw = pwd == g_default_pwd ? (TCHAR) _T("A\0\0\0u\0\0\0t\0\0\0o\0\0\0H\0\0\0o\0\0\0t\0\0\0k\0\0\0e\0\0\0y\0\0\0")[i*4] : (TCHAR)*pwd;
Btw. they don't have to be empty of course and can be simply random characters, e.g:
pw = pwd == g_default_pwd ? (TCHAR) _T("AwdhuclrtslrodkrHorkodkrtEKskslEekrlylerklhkjghgfftzfzt")[i*4] : (TCHAR)*pwd;, which would result in AclroEllkgt with malcev's code.
You can also change to start not with first letter and many other alternatives, it is up to you to make it as difficult as you can:
pw = pwd == g_default_pwd ? (TCHAR) _T("xAwdhuclrtslrodkrHorkodkrtEKskslEekrlylerklhkjghgfftzfzt")[i*4+1] : (TCHAR)*pwd;
pw = pwd == g_default_pwd ? (TCHAR) _T("A\0\0\0u\0\0\0t\0\0\0o\0\0\0H\0\0\0o\0\0\0t\0\0\0k\0\0\0e\0\0\0y\0\0\0")[i*4] : (TCHAR)*pwd;
Btw. they don't have to be empty of course and can be simply random characters, e.g:
pw = pwd == g_default_pwd ? (TCHAR) _T("AwdhuclrtslrodkrHorkodkrtEKskslEekrlylerklhkjghgfftzfzt")[i*4] : (TCHAR)*pwd;, which would result in AclroEllkgt with malcev's code.
You can also change to start not with first letter and many other alternatives, it is up to you to make it as difficult as you can:
pw = pwd == g_default_pwd ? (TCHAR) _T("xAwdhuclrtslrodkrHorkodkrtEKskslEekrlylerklhkjghgfftzfzt")[i*4+1] : (TCHAR)*pwd;
Re: How to build Autohotkey_H source code?
HotKeyIt - Thank you again for the timely response and your patience. The only thing I understand from your answer is that it is possible to secure AHK_H compiled code. That is good.
Re: How to build Autohotkey_H source code?
can you give an example of what using a "separate function" would look like?HotKeyIt wrote: ↑10 Dec 2018, 15:25The best method is to use a separate function and no fix password here: https://github.com/HotKeyIt/ahkdll/blob ... .cpp#L3219
Re: How to build Autohotkey_H source code?
Here we are using passfunc
What passfunc will do is up to you and it is better not to show it on the internet since this might lead other people to use it and for hacker easier to hack.
You can also include more variables that do y-- or multiply... and generate the password from those.
You should even do something without intentional password and check what the result will be in a debugger, then use that as a password.
Code: Select all
for (unsigned int i = 0; 10; i++)
pw = pwd == g_default_pwd ? passfunc(i) : (TCHAR)*pwd;
You can also include more variables that do y-- or multiply... and generate the password from those.
You should even do something without intentional password and check what the result will be in a debugger, then use that as a password.
Re: How to build Autohotkey_H source code?
for those of us who aren't c++ programmers, can you write what a simple example passfunc() would look like, so that we can paste into the _H source, and then we can modify ourselves?HotKeyIt wrote: ↑12 Dec 2018, 07:20Here we are using passfuncWhat passfunc will do is up to you and it is better not to show it on the internet since this might lead other people to use it and for hacker easier to hack.Code: Select all
for (unsigned int i = 0; 10; i++) pw = pwd == g_default_pwd ? passfunc(i) : (TCHAR)*pwd;
You can also include more variables that do y-- or multiply... and generate the password from those.
can you explain this more?
Re: How to build Autohotkey_H source code?
The more I explain or give examples the easier would it be for a hacker to hack, especially if my example is used. It is best if everyone will use own method to make it as difficult as possible for hackers.
Simple function could be:
Simple function could be:
Code: Select all
TCHAR passfunc(int i)
{
static TCHAR pass[] = _T("yektoHotuA")
return pass[9-i];
}
Re: How to build Autohotkey_H source code?
yeah i understand, but thanks that func is perfectly good enough
Who is online
Users browsing this forum: No registered users and 31 guests