AHK Script Encryption Topic is solved

Get help with using AutoHotkey and its commands and hotkeys
Zoanthario
Posts: 16
Joined: 10 Nov 2019, 13:22

AHK Script Encryption

10 Nov 2019, 16:08

I found an encrypted AHK exe that contains this:

Code: Select all

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
	version="1.0.48.05"
	processorArchitecture="X86"
	name="Microsoft.Windows.AutoHotkey"
	type="win32"
/>
<dependency>
	<dependentAssembly>
		<assemblyIdentity
			type="win32"
			name="Microsoft.Windows.Common-Controls"
			version="6.0.0.0"
			processorArchitecture="X86"
			publicKeyToken="6595b64144ccf1df"
			language="*"
		/>
	</dependentAssembly>
</dependency>
</assembly>
and I see it in a lot of encrypted files, is there a specific way/tool that these are encrypted by? And is there a way to decrypt it?
gregster
Posts: 5172
Joined: 30 Sep 2013, 06:48

Re: AHK Script Encryption

10 Nov 2019, 16:46

To give tips do decrypt encrypted AHK files that you didn't create yourself is outside the scope of this forum.
At least, unless you can give a pretty good reason...

Apart from that, I don't think that the specific information you found can give you much information about how the script is protected.
Zoanthario
Posts: 16
Joined: 10 Nov 2019, 13:22

Re: AHK Script Encryption

10 Nov 2019, 17:32

gregster wrote:
10 Nov 2019, 16:46
To give tips do decrypt encrypted AHK files that you didn't create yourself is outside the scope of this forum.
At least, unless you can give a pretty good reason...
I'm asking about if that way of encrypting has a decryption way, so that if there a way do decrypt these files then I don't need to know how to use that way of encryption since it'd be kinda useless, I was not asking to get that specific encrypted script.
gregster
Posts: 5172
Joined: 30 Sep 2013, 06:48

Re: AHK Script Encryption

10 Nov 2019, 17:35

But that information you found there is not very helpful to determine how the script is protected - afaik, this part of the script does not contain the information you are looking for.
The AHK version that is included as info might give you some hint here about the possible ways of protection, but nothing really helpful.

In general, every AHK-exe can be decrypted... it's just about making it reasonably hard for most people of your target audience.
TAC109
Posts: 581
Joined: 02 Oct 2013, 19:41
Location: New Zealand

Re: AHK Script Encryption  Topic is solved

10 Nov 2019, 17:44

@Zoanthario
The data you posted looks like the manifest from an AutoHotkey version 1.0 compiled script. The version 1.0 Ahk2Exe Compiler had options to protect the generated .exe from being de-compiled.
My scripts:-
XRef - Produces Cross Reference lists for scripts
ReClip - A Text Reformatting and Clip Management utility
SOTE
Posts: 1086
Joined: 15 Jun 2015, 06:21

Re: AHK Script Encryption

11 Nov 2019, 02:21

Zoanthario wrote:
10 Nov 2019, 16:08
I found an encrypted AHK exe that contains this:
and I see it in a lot of encrypted files, is there a specific way/tool that these are encrypted by? And is there a way to decrypt it?
The problem about what you are doing, is you are not talking about decrypting/decompiling your own personal files, but appear to be looking to decrypt/decompile the scripts of other people. Attempting to reverse engineer somebody else's program can be illegal, particularly if their program is under copyright or they have a license that forbids such.

Asking other programmers to help you reverse engineer/crack/decompile somebody else's programs is also clearly problematic and could be dragging them into possibly illegal activity as well. That's not the purpose of the help forum. The exception to this would likely be if you are dealing with malware and need help. But depending on the situation, dedicated professionals at an Anti-Virus company might be more helpful.

With that stated, if you want to learn about encryption/decryption, decompiling, or compression is something else. There have been various topics about it and scripts made in which you can study up on. You can do a search of the forums or a Google search, and a lot of information should pop up. You can then rephrase your question or start a new topic about what you need help on.

Some forum posts to get you started:

https://autohotkey.com/board/topic/1841-ahk-decompile-script-10/
(AHK Decompile script 1.0)
https://www.autohotkey.com/boards/viewtopic.php?t=59015
(EXE2AHK)
https://www.autohotkey.com/boards/viewtopic.php?t=42494
(Encryptor By FeiYue)
https://autohotkey.com/board/topic/82986-ahk-l-decompiler-payload-method/
(AHK_L Decompiler (Payload Method)
https://www.autohotkey.com/boards/viewtopic.php?t=62308
(Compiling AHK_H)
https://www.autohotkey.com/boards/viewtopic.php?t=60711
(MPRESS versus UPX)

Lastly, there are obviously 3rd party protection or compression software that are not created with AutoHotkey. In addition, some scripts can't be easily decompiled for various reasons, depending on how or what program they were compiled with. It's good to keep this in mind, because it can affect how much people on the AutoHotkey forum can help you.
Zoanthario
Posts: 16
Joined: 10 Nov 2019, 13:22

Re: AHK Script Encryption

11 Nov 2019, 14:07

@TAC109 You are right, after a small search I found how to download and use AutoHotKey v1.0 compiler and after compiling using it with activating the protection option I got an identical code to the one in this post, thank you :slight_smile: .
Last edited by Zoanthario on 11 Nov 2019, 14:29, edited 1 time in total.
Zoanthario
Posts: 16
Joined: 10 Nov 2019, 13:22

Re: AHK Script Encryption

11 Nov 2019, 14:08

gregster wrote:
10 Nov 2019, 17:35
The AHK version that is included as info might give you some hint here about the possible ways of protection
And that is the reason I created this topic, to know that way of protection then search what possible ways to decrypt it.
now after I knew that it was encoded using AHK v1.0 compiler and that you mentioned that every AHK-exe can be decrypted, do you know certain ways of decrypting the files compiled using v1.0 compiler?
Zoanthario
Posts: 16
Joined: 10 Nov 2019, 13:22

Re: AHK Script Encryption

11 Nov 2019, 14:16

@SOTE Please read my first reply to @gregster. What you explained was what I generally looking for, not to get someone else's code but to know the possible ways of encrypting/decrypting,compiling/decompiling and compressing/decompressing, I posted that code above to know the way it's encrypted by and what possible ways it can be decrypted, not to get that code's source.

Although I already searched and knew about UPX and FeiYue's Encryptor and another tool that I think is a very good encryptor which I asked on how to use in this topic:
https://www.autohotkey.com/boards/viewtopic.php?f=76&t=69723
, I thank you for the topics you've provided, with the help of them I could find out 2 more ways of encrypting and 1 more way of decrypting with consideration that I still didn't read all of them entirely.
Last edited by Zoanthario on 11 Nov 2019, 14:49, edited 1 time in total.
gregster
Posts: 5172
Joined: 30 Sep 2013, 06:48

Re: AHK Script Encryption

11 Nov 2019, 14:26

Zoanthario wrote:
11 Nov 2019, 14:08
gregster wrote:
10 Nov 2019, 17:35
The AHK version that is included as info might give you some hint here about the possible ways of protection
And that is the reason I created this topic, to know that way of protection then search what possible ways to decrypt it.
now after I knew that it was encoded using AHK v1.0 compiler and that you mentioned that every AHK-exe can be decrypted, do you know certain ways of decrypting the files compiled using v1.0 compiler?
I have never looked at it at the time or since, but I seem to remember that the default encryption option of the v1.0-compiler was so weak that it was removed in v1.1 because it gave a false feeling of safety.
Zoanthario
Posts: 16
Joined: 10 Nov 2019, 13:22

Re: AHK Script Encryption

11 Nov 2019, 14:46

gregster wrote:
11 Nov 2019, 14:26
I have never looked at it at the time or since, but I seem to remember that the default encryption option of the v1.0-compiler was so weak that it was removed in v1.1 because it gave a false feeling of safety.
Well, I could decrypt the exe files compiled with UPX, MPRESS and FeiYue's Encryptor but none of the methods worked with the file I encrypted using AHK v1.0 compiler, so either the protection is easy but it requires some different decryption method or it's stronger than UPX, MPRESS and FeiYue's Encryptor.

Also in the v1.0 compiler protection option I put a password of my own so I can decompile it again but I don't know how to decompile it using the password, is there some kinda EXE2Ahk decompiler that requires that password?

About the false positive, I tried to scan the compiled exe by AHK v1.0 compiler in virustotal and 3 out of 69 antiviruses detected it, but also the compiled exe using v1.1 got 2 antiviruses who detected it, so I don't see it the big difference that makes them remove it in v1.1.
gregster
Posts: 5172
Joined: 30 Sep 2013, 06:48

Re: AHK Script Encryption

11 Nov 2019, 14:54

Zoanthario wrote:
11 Nov 2019, 14:46
About the false positive, I tried to scan the compiled exe by AHK v1.0 compiler in virustotal and 3 out of 69 antiviruses detected it, but also the compiled exe using v1.1 got 2 antiviruses who detected it, so I don't see it the big difference that makes them remove it in v1.1.
I didn't mean false positive - just that many people wrongly believed that it would protect their code, but it didn't really. False positives are a whole different story, and can be a pain.

But it's a long time ago and I don't touch 1.0 anymore, not even with a 10-foot-pole. The scripts that I frequently use (or create) rely on too many features that were added in the last 10 years.
Zoanthario
Posts: 16
Joined: 10 Nov 2019, 13:22

Re: AHK Script Encryption

11 Nov 2019, 15:09

gregster wrote:
11 Nov 2019, 14:54
I didn't mean false positive - just that many people wrongly believed that it would protect their code, but it didn't really. False positives are a whole different story, and can be a pain.

But it's a long time ago and I don't touch 1.0 anymore, not even with a 10-foot-pole. The scripts that I frequently use (or create) rely on too many features that were added in the last 10 years.
My bad, I misunderstood, but by you mentioning that it's not really protecting their code, then should you know a way of decrypting the compiled exe by v1.0 compiler? or how did you know it's not protecting it?
gregster
Posts: 5172
Joined: 30 Sep 2013, 06:48

Re: AHK Script Encryption

11 Nov 2019, 15:12

Like I said, that's what I remember - might be wrong, might be right. I usually don't even compile my scripts.

And I never had an exe I needed to decompile - although I might have emperimented a bit. And if I would see obfuscated code, I would probably be more interested in writing a de-obfuscator than the actual code (but I probably wouldn't post it ;) )
guest3456
Posts: 3145
Joined: 09 Oct 2013, 10:31

Re: AHK Script Encryption

11 Nov 2019, 15:16

i remember seeing an easy drag and drop extractor which would get the source from pw-protected ahk basic 1.0 scripts

the best protection that i've seen, and that i still use for my software, is the HotkeyCamo compiler for ahk 1.0 basic... that too can be cracked but its a bit more complicated

i wanted to use that dynamic obfuscator but it was too difficult and buggy

Zoanthario
Posts: 16
Joined: 10 Nov 2019, 13:22

Re: AHK Script Encryption

11 Nov 2019, 16:04

@guest3456 Can you give me a link for the HotKeyCamo compiler and guide if available? I searched for user Mobius topics that was about decompiling but I didn't find posts about HotCamo compiler
guest3456
Posts: 3145
Joined: 09 Oct 2013, 10:31

Re: AHK Script Encryption

11 Nov 2019, 16:24

Zoanthario wrote:
11 Nov 2019, 16:04
@guest3456 Can you give me a link for the HotKeyCamo compiler and guide if available? I searched for user Mobius topics that was about decompiling but I didn't find posts about HotCamo compiler
https://lmgtfy.com/?q=HotKeyCamo&s=g

Zoanthario
Posts: 16
Joined: 10 Nov 2019, 13:22

Re: AHK Script Encryption

11 Nov 2019, 16:34

guest3456 wrote:
11 Nov 2019, 16:24
Zoanthario wrote:
11 Nov 2019, 16:04
@guest3456 Can you give me a link for the HotKeyCamo compiler and guide if available? I searched for user Mobius topics that was about decompiling but I didn't find posts about HotCamo compiler
https lmgtfy.com /?q=HotKeyCamo&s=g Broken Link for safety
Lol, from the rarity of encryption/decryption tools I didn't think I'd find it using google, thank you :)
SOTE
Posts: 1086
Joined: 15 Jun 2015, 06:21

Re: AHK Script Encryption

11 Nov 2019, 23:26

I lean towards Encryptor by FeiYue (for AutoHotkey_L) or AutoHotkey_H being the better ways to protect code versus obfuscation. In the case of FeiYue's Encryptor, it will likely be easier for casual or newer users of AutoHotkey to use, though a user might want to eventually replace the machine code used with their own machine code as they become more advanced. The AutoHotkey_H fork would also be an option for more advanced or adventurous users looking for something a little extra.

The issue with HotkeyCamo is it hasn't been updated in a long time nor has it been modified for AutoHotkey_L (that I know of). One of the main issues is that the location of where the script is placed is different between AutoHotkey_Basic (old version) and AutoHotkey_L (the present official release). AutoHotkey_L, for better or worse, makes no attempt to protect a user's script versus AutoHotkey_Basic did at least try to provide some protection or make it a little less obvious. But studying the HotkeyCamo thread can provide good lessons about protection for AutoHotkey in general.
Zoanthario
Posts: 16
Joined: 10 Nov 2019, 13:22

Re: AHK Script Encryption

13 Nov 2019, 14:46

@SOTE
SOTE wrote:
11 Nov 2019, 23:26
I lean towards Encryptor by FeiYue (for AutoHotkey_L) or AutoHotkey_H being the better ways to protect code versus obfuscation. In the case of FeiYue's Encryptor, it will likely be easier for casual or newer users of AutoHotkey to use, though a user might want to eventually replace the machine code used with their own machine code as they become more advanced. The AutoHotkey_H fork would also be an option for more advanced or adventurous users looking for something a little extra.
Actually I know a way of decryption for FeiYue's encryptor, besides that it only works with ahk files without compiling them which doesn't allow to use the program as an exe file.

Return to “Ask For Help”

Who is online

Users browsing this forum: AHKStudent, Albireo, caihoptrenkesach, Chunjee, electrone77, Googleye, jarhead, leehere10, mikeyww, roonyroox, TheProdigyC2, Visioneer and 71 guests