Who can explain this script?

[afe]

Hello,

Can anyone explain how this script works?

https://www.autohotkey.com/boards/viewtopic.php?t=42494

Is the function of the Exec function used to decrypt and run the script?

Thanks.

[garry]

drag and drop an ahk file to feiyue's encriptor, looks like this (start this ahk file and see GUI, text,button to start link ) :
example xy.ahk

Code: Select all

;- feiyue encyptor  https://www.autohotkey.com/boards/viewtopic.php?f=28&t=42494
;;-------- https://autohotkey.com/boards/viewtopic.php?f=5&t=45203&p=204476 ---
#NoEnv
#NoTrayIcon
#SingleInstance force
s=
s.="u4105957551u1664783769u302272433u3617706743u2723639953u42613"
s.="82992u236786073u11533420u2257073979u3688155385u2515987797u33"
s.="20702031u3200729149u3033717368u673603469u2160101244u18611295"
s.="43u3086375289u3381628729u800863623u1193713769u3556266240u157"
s.="1479361u3074389548u2178282451u2299034137u2474702685u39635559"
s.="99u3951100437u2570528232u2463202485u2941174652u2872522463u18"
s.="33421529u1459084225u776461975u2705591617u1203191856u35549119"
s.="77u29985388u2531261803u2646340537u2022654309u609936751u24898"
s.="45485u2634088664u4032058589u3462492924u1903244407u429737657u"
s.="3943192393u2578624551u2549548313u1180245984u2922638225u14180"
s.="75948u2188170499u1220665305u2910794605u1738894015u1940085701"
s.="u2099056712u1678595589u2154929404u4202758159u2149057049u3333"
s.="533137u3964547639u3460124913u660157456u3824568121u118734188u"
s.="73880731u1472565113u435784565u1996641679u2529076637u10109681"
s.="20u3300970541u1748587900u3044938663u1660411129u2023411289u28"
s.="58892999u4004158921u1892110272u2133149665u1707396396u2725935"
s.="667u1861517209u1527072381u1437480927u1871525237u669500584u35"
s.="19734869u1278630012u2974846783u243236441u4138586081u21452379"
s.="75u1833555105u3573551088u2886324361u963021676u431221195u1847"
s.="644217u638985861u2123617455u2802340685u3367904920u961407101u"
s.="397824252u1297296599u2304636217u3853237353u1966964839u215541"
s.="3881u2179421344u1944896305u931738924u4163100771u3631255129u2"
s.="384232077u4280663295u1227800357u3702071048u1801681573u895285"
s.="500u4126249327u2392301977u1304000241u3277254007u3419416401u3"
s.="181196240u717548249u205884268u3380255995u897650681u145261915"
s.="7u1018587855u3588557053u4080320504u2571923149u2804650108u273"
s.="9669511u602795641u284171897u424888327u2197402665u1438118528u"
s.="1005030017u126436396u833472659u2786130201u3030109853u5755384"
s.="63u1591145941u2173583464u27268085u135011964u785524895u346904"
s.="3417u2599389953u2320606231u1368897793u1912214448u1622915369u"
s.="3654995308u277967147u1613048761u2063026085u1611091695u326028"
s.="2541u3892117848u3346912541u3067453692u2095482935u2995774137u"
s.="3798749321u2726048423u3810674905u3700300896u1315202513u38191"
s.="49356u3598522563u1622505945u2485922989u3856807743u1043573381"
s.="u937049032u884678725u1624649980u3833523919u78859033u42067563"
s.="69u4137689783u1841766833u1001990288u4067714425u939024748u196"
s.="1601627u349242489u3431772085u3172894991u3920852573u318816914"
s.="4u68426605u299441276u3653270375u1173548025u1953823641u893811"
s.="271u3326745737u3004719680u1000256545u1121883180u387462899u33"
s.="09848729u3628558269u4111763551u3428131125u1961434152u1482553"
s.="749u2142394748u2325991167u2773783385u2598499361u340411991u11"
s.="22363489u961780592u2590284745u3961054828u346010507u341958072"
s.="9u3799421125u3716892719"
Ahk=
Exec(s, Ahk)
ExitApp
Exec(str, Ahk="", arg="") {
  static WriteFile, f1, f2, f3, f4, f5
  s:=RegExReplace(str,"\s"), StrReplace(s,"u","",size)
  VarSetCapacity(str,(size+1)*4,0), s:=Trim(s,"u")
  Loop, Parse, s, u
    NumPut(A_LoopField,str,(A_Index-1)*4,"uint")
  ;-----------------------------
  Ptr:=A_PtrSize ? "UPtr":"UInt"
  Ahk:=Ahk ? Ahk : A_IsCompiled  ? A_ScriptDir "\AutoHotkey.exe" : A_AhkPath
  IfNotExist, %Ahk%
  {
    MsgBox, 4096, Error!, `n`nCan't Find: %Ahk% !`n`n
    return, 0
  }
  name:="\\.\pipe\AHK" . A_TickCount
  Loop, 2
    if (p%A_Index% := DllCall("CreateNamedPipe","str",name,"uint",2
    ,"uint",0,"uint",255,"uint",0,"uint",0,Ptr,0,Ptr,0))=-1
      return, 0
  EnvSet, AhkPath, %A_ScriptFullPath%
  Run, %Ahk% "%name%" %arg%
  DllCall("ConnectNamedPipe",Ptr,p1,Ptr,0)
  DllCall("CloseHandle",Ptr,p1)
  DllCall("ConnectNamedPipe",Ptr,p2,Ptr,0)
  if !WriteFile
  {
    x32:="5589E583EC58C744240800000000C744240400100000C70"
    . "424000000008B450CFFD08945F08B452483C001C1E00289442"
    . "408C7442404000000008B45F08904248B4510FFD08945ECC74"
    . "5D407000000C745D80D000000C745DC11000000C745E013000"
    . "000C745F400000000EB268B45F483E0038945E88B45E88B448"
    . "5D469D0830000008B45F401C28B45E8895485D48345F401837"
    . "DF46376D4C745F400000000EB5A8B45F483E0038945E88B45E"
    . "88B4485D469D0830000008B45F401C28B45E8895485D48B45F"
    . "48D1485000000008B452001D08B108B45E88B4485D431D0894"
    . "5E48B45F48D1485000000008B45EC01D08B55E4C1CA0889108"
    . "345F4018B45F43B4524729E8B45F48D1485000000008B45EC0"
    . "1D0C700000000008B452483C0018D148500000000C74424100"
    . "00000008B45288944240C895424088B45EC894424048B451C8"
    . "904248B4508FFD08B45EC89442408C7442404000000008B45F"
    . "08904248B4514FFD08B45F08904248B4518FFD0B800000000C"
    . "9C22400909090"
    x64:="554889E54883EC6048894D10488955184C8945204C894D2"
    . "8488B451841B800000000BA00100000B900000000FFD048894"
    . "5F08B454883C0018D148500000000488B4DF0488B45204189D"
    . "0BA00000000FFD0488945E8C745D007000000C745D40D00000"
    . "0C745D811000000C745DC13000000C745FC00000000EB268B4"
    . "5FC83E0038945E48B45E48B4485D069D0830000008B45FC01C"
    . "28B45E4895485D08345FC01837DFC6376D4C745FC00000000E"
    . "B608B45FC83E0038945E48B45E48B4485D069D0830000008B4"
    . "5FC01C28B45E4895485D08B45FC488D148500000000488B454"
    . "04801D08B108B45E48B4485D031D08945E08B45FC488D14850"
    . "0000000488B45E84801D08B55E0C1CA0889108345FC018B45F"
    . "C3B454872988B45FC488D148500000000488B45E84801D0C70"
    . "0000000008B454883C001448D1485000000004C8B4550488B5"
    . "5E8488B4D3848C744242000000000488B45104D89C14589D0F"
    . "FD0488B55E8488B4DF0488B45284989D0BA00000000FFD0488"
    . "B55F0488B45304889D1FFD0B8000000004883C4605DC39090"
    hex:=A_PtrSize=8 ? x64:x32
    VarSetCapacity(WriteFile, len:=StrLen(hex)//2)
    Loop, % len
      NumPut("0x" SubStr(hex,2*A_Index-1,2),WriteFile,A_Index-1,"char")
    DllCall("VirtualProtect",Ptr,&WriteFile,Ptr,len,"uint",0x40,Ptr "*",0)
    kernel32:=DllCall("GetModuleHandle", "Str","kernel32", Ptr)
    f=WriteFile,HeapCreate,HeapAlloc,HeapFree,HeapDestroy
    For i,v in StrSplit(f, ",")
      f%i%:=DllCall("GetProcAddress", Ptr,kernel32, "AStr",v, Ptr)
  }
  DllCall(&WriteFile, Ptr,f1, Ptr,f2, Ptr,f3, Ptr,f4, Ptr,f5
  , Ptr,p2, Ptr,&str, "uint",size, "uint*",0)
  DllCall("CloseHandle",Ptr,p2)
  return, 1
}

[afe]

Code: Select all

if ( 0 > 0 )
{
  file := %True%

I don't understand this block of code in the code. What does 0>0 stand for? And file := %True% ?

[hd0202]

Code: Select all

if ( 0 > 0 )			; if script is run with parameters	= variable 0 contains number of parameters
{
  file := %True%		; file := %1%	= first parameter

Hubert

[afe]

@hd0202 , thank you. But where can I find a description of this in the manual?

[swagfag]

https://www.autohotkey.com/docs/Scripts.htm#cmd_args_old

[jeeswg]

- The thing is, that, (0 > 0) just compares the number 0 against the number 0. So it looks like a bug.
- I believe that for that line to work, you have to omit the parentheses.
- In short, use parentheses for safer more predictable behaviour, omit parentheses for legacy syntax.

Code: Select all

;if (value > value) ;expression syntax
;if var > value ;legacy syntax

vCount = %0%
;vCount := A_Args.Length() ;equivalent to line above in AHK v1.1.27+
if !vCount
	Run, "%A_AhkPath%" "%A_ScriptFullPath%" a b c
if (0 > 0)
	MsgBox, % "y1" ;doesn't trigger
if 0 > 0
	MsgBox, % "y2"
if (vCount > 0)
	MsgBox, % "y3"
if vCount > 0
	MsgBox, % "y4"

[afe]

https://www.autohotkey.com/docs/Scripts.htm#cmd_args_old

Thank you!

[afe]

- I believe that for that line to work, you have to omit the parentheses.

Thanks for reminding!

[afe]

I found that if the encrypted source code is compiled into an exe file, AutoHotkey.exe must be generated at runtime. Is this unavoidable?

[SOTE]

I found that if the encrypted source code is compiled into an exe file, AutoHotkey.exe must be generated at runtime. Is this unavoidable?

I don't understand what you mean by this, "generated at runtime". In addition to your compiled script, you must have AutoHotkey.exe in the same directory too. This was explained on the 1st page and they gave a picture https://www.autohotkey.com/boards/download/file.php?id=3828&sid=9be11b6b6ad9903facbe626cbc88f2c1

You can name the AutoHotkey.exe anything that you like. It could just as easily be called Main.exe, but that name change has to also be reflected in your script. "If AutoHotkey.exe is renamed Main.exe, Please modify Ahk=%A_ScriptDir%\Main.exe"

Code: Select all

Ahk=%A_ScriptDir%\AutoHotkey.exe
FileInstall, AutoHotkey.exe, %Ahk%

The AutoHotkey.exe is included in the compiled script via FileInstall. Again, you could name it whatever you like, as long as that name is also referenced in the script. This setup is unavoidable at the level of most users. Even if you could prevent or mask recognition of the included AutoHotkey.exe, the Encryptor script is in plain text. They can not immediately read the source code (as mostly not in human readable form), but could at least recognize it's a type of AutoHotkey script.

You will not be able to avoid the file or script from being recognized as AutoHotkey (despite changing the name) by skilled hackers/crackers or security experts (especially if they know of AutoHotkey). What you are doing instead is protecting your source code from casual meddling and less skilled people. Most people would have no idea what's going on and wouldn't want to spend time on it. In comparison to other interpreted languages or those compiled into bytecode such as JavaScript, Java, PHP, C#, Python, etc... This is relatively decent protection, and arguably better than obfuscation.

Lastly, you can change the MCode to be an encryption/decryption algorithm of your choosing. Feiyue gave an example of C source code (at the bottom of the Encryptor source code) that could be used to make the MCode. A person can find such C source code encryption/decryption algorithms on their own, if they don't want to use his.

[afe]

I don't understand what you mean by this, "generated at runtime".

Sorry, I made a mistake, it should be
"The AutoHotkey.exe file will be generated when running the compiled exe file."

This seems to be inevitable. But ahk2exe has an AutoHotkey interpreter built in, and AutoHotkey.exe is not needed when running scripts.

[SOTE]

I don't understand what you mean by this, "generated at runtime".

Sorry, I made a mistake, it should be
"The AutoHotkey.exe file will be generated when running the compiled exe file."

This seems to be inevitable. But ahk2exe has an AutoHotkey interpreter built in, and AutoHotkey.exe is not needed when running scripts.

I see what you are saying. This is correct. You could avoid the FileInstall of AutoHotkey.exe. Have the encrypted source code, decrypted to a variable, and then send it to a random pipe or to a function like StdOutToVar. So where Feiyue has Exec(s, Ahk), that could be to a StdOutToVar function or equivalent ComObjCreate("WScript.Shell"). This could be argued as an improvement over the present script.

However, it seems likely you will have to provide the name of the variable that will hold the decrypted content in the plain text of the source code. Though at least no part of the main source script would be human readable as a file on the hard drive. Casuals and the unfamiliar would not know what's going on nor how to get at it. As mentioned, I do think this is a step above obfuscation.

[afe]

This is correct.

OK, I haven't thought about it yet, but I wonder if I can install AutoHotkey.exe to a different location when running the compiled script, such as C:\Users\1\AppData\Local\Temp ?


And I think we can learn from the ahk2exe built-in interpreter method and avoid using AutoHotkey.exe. But this is beyond my understanding.

[SOTE]

This is correct.

OK, I haven't thought about it yet, but I wonder if I can install AutoHotkey.exe to a different location when running the compiled script, such as C:\Users\1\AppData\Local\Temp ?

There seems to be confusion. I'm saying that you probably don't need to FileInstall AutoHotkey.exe or to use another executable on disk. Decrypt to "s" or to another variable. Then execute the commands in the variable from a function in the script. These could be functions in your script or those functions could be encrypted, and then decrypted to variable. Then the main part of your script run through the decrypted function. Study an .ahk file encrypted by Feiyue's Encryptor, not the Encryptor script itself. You will likely see what I mean, that there is another way to run the encrypted code, instead of sending it to another AutoHotkey.exe file. If you don't understand, that's OK too. Just use Feiyue's Encryptor as it is.

[afe]

I'm saying that you probably don't need to FileInstall AutoHotkey.exe or to use another executable on disk. Decrypt to "s" or to another variable. Then execute the commands in the variable from a function in the script.

That is, do not use ahk2exe.exe. But in this case, I have to put AutoHotkey.exe and the encrypted .ahk file together. Although AutoHotkey.exe can be renamed, its icon is not easy to change. This is easily recognized as AutoHotkey. Also Gui's icon needs to be changed.

that there is another way to run the encrypted code, instead of sending it to another AutoHotkey.exe file.

Which way is it?

[SOTE]

And I think we can learn from the ahk2exe built-in interpreter method and avoid using AutoHotkey.exe. But this is beyond my understanding.

Afe, what you are saying is confusing. What ahk2exe? Are you talking about Feiyue's Encryptor or the ahk2exe that comes with AutoHotkey?

Feiyue's Encryptor is not using ahk2exe. It's making an encoded .ahk file. You then can turn that into an .exe using AutoHotkey's ahk2exe. These are totally 2 different scripts, made by different people. Also you are free to modify the ahk2exe file as you like, but that will not be the official version that comes with AutoHotkey. Also Feiyue has nothing to do with ahk2exe.

That is, do not use ahk2exe.exe. But in this case, I have to put AutoHotkey.exe and the encrypted .ahk file together. Although AutoHotkey.exe can be renamed, its icon is not easy to change. This is easily recognized as AutoHotkey. Also Gui's icon needs to be changed.

Again, I don't understand what you mean. You put the AutoHotkey.exe file in the same directory as the encoded .ahk file from Feiyue's Encryptor. When you compile the encoded .ahk (from Feiyue's Encryptor), it needs to have a copy of the AutoHotkey.exe file in the same directory, otherwise it will give you an error message.

that there is another way to run the encrypted code, instead of sending it to another AutoHotkey.exe file.

Which way is it?

As mentioned, if you don't understand it right now, don't worry about it. Proceed with the standard way and what Feiyue showed in his post. I think you should fully understand how Feiyue's Encryptor works, play with it, then you can tweak it later.

[garry]

SOTE , your example works for me , added to Feiyue's script xy.ahk ( second example above ) , now possible convert to xy.exe ( ahk2exe )
feiyue encyptor https://www.autohotkey.com/boards/viewtopic.php?f=28&t=42494

Code: Select all

;- feiyue encyptor  https://www.autohotkey.com/boards/viewtopic.php?f=28&t=42494
Ahk=%A_ScriptDir%\AutoHotkey.exe
FileInstall, AutoHotkey.exe, %Ahk%
;...  ( see second example above )

[SOTE]

Although AutoHotkey.exe can be renamed, its icon is not easy to change. This is easily recognized as AutoHotkey. Also Gui's icon needs to be changed.

In regards to the icon, this has 2 parts:

1) Menu, Tray, Icon, %A_WorkingDir%\Your.ico

You can put this in your original file, before using Encryptor to encode it. Note- The "Your" of Your.ico, means to replace that with whatever .ico file that your have. The key point here is that when you run the non-encoded file, this will cause an error. When your change it to an encoded file using Feiyue's Encryptor, it will then work properly, showing you your chosen icon.

2) Change the icon when you compile the encoded .ahk file into a .exe with the ahk2exe GUI.

You need to/can run the ahk2exe file manually, which is in the C:\Program Files\AutoHotkey\Compiler directory for most regular installs. Then the ahk2exe GUI will pop up and you will see where you can change the icon. If you do a right-click and then compile on the encoded .ahk, then you won't see the choice to change the icon.

[afe]

Again, I don't understand what you mean.

I mean, if I use the cipher to encrypt the source code, I need to distribute AutoHotkey.exe with the encrypted AutoHotkey.ahk.Although I can modify the names of AutoHotkey.exe and AutoHotkey.ahk, others can see at a glance that it was written in AutoHotkey. Because the AutoHotkey.exe icon and the AutoHotkey.ahk extension cannot be modified.

Although I can use ahk2exe to compile the encrypted AutoHotkey.ahk to .exe, when I run it, AutoHotkey.exe is also generated in the script directory.

So as mentioned above, is it possible to install AutoHotkey.exe into the %Temp% directory so that it is at least not easy to detect that it was written with AutoHotkey.