simple DIY AHK obfuscation (anti-decompiler)

Post your working scripts, libraries and tools.
hoangthi
Posts: 16
Joined: 08 Oct 2020, 11:00

simple DIY AHK obfuscation (anti-decompiler)

Post by hoangthi » 18 Mar 2024, 00:44

This DIY macro script will utilize the rename symbol feature (F2 key) in Visual Studio Code. This feature allows for the renaming of variables and functions, and it automatically changes throughout the entire file without breaking the structure. I made this script to batch-edit these symbols.
The steps are simple: press Ctrl + Shift + O and then press Down to loop through all the function and variable names. For each name, press F2, type a random text string with a specific length, and continue.

The result will be fully obfuscated code, without encryption, but I think it is enough to prevent curious eyes. If someone were to fully understand these full of mess, they would likely possess the ability to reconstruct a 100x better version from entirely from scratch, rather than attempting to replicate the obfuscated one:

Code: Select all

wrh(input_string) {
    er9 := StrSplit(input_string, "")
    i1m := ""
    a78 := er9.Length
    while (a78 > 0)
    {
        o0f := er9[a78]
        oj0 := ""
        i_g := ""
        if a78 > 1
            oj0 := er9[a78 - 1]
        if a78 > 2
            i_g := er9[a78 - 2]
        if (o0f and hnx.has(o0f)) {
            if (
                oj0 and InStr(qd8, oj0)
                and not hnx.has(oj0)
                and hnx.has(o0f)
            )
            {
                i1m := itl[oj0 o0f] i1m
                a78 := a78 - 2
            }
            else if (
                i_g and InStr(qd8, i_g)
                and not hnx.has(i_g)
                and hnx.has(oj0)
                and hnx.has(o0f)
            )
            {
                i1m := itl[i_g oj0 o0f] i1m
                a78 := a78 - 3
            }
        }
        else {
            if (a78 > 0)
            {
                i1m := er9[a78] i1m
            }
            a78--
        }
    }
    return i1m
}
}
The AHK macro:
Ctrl F11: Start
Ctrl F12: Stop
Open your AHK script with VSC, click on some variable, and press F2. Use AHK WindowsSpy to identify the highlight background color of the renaming form, then replace it with 0x2741A6 in the PixelSearch function.
Image
Also, you can specify the length of the random string as desired. Additionally, a global variable is there to make sure that no string is used more than once

Code: Select all

#SingleInstance Force
~^F12:: {
    ExitApp
}

used_text := ""
random_text(length)
{
    global used_text
    str := "_0123456789abcdefghijklmnopqrstuvwxyz"
    s := StrSplit(str str str)
    Loop length {
        rnd := Random(1, s.Length)
        i .= s.removeat(rnd)
    }
    i_first := SubStr(i, 1, 1)
    if (InStr("_0123456789", i_first) or InStr(used_text, i))
    {
        return random_text(length)
    }

    used_text .= i
    return i
}



~^F11:: DoTheThing()

DoTheThing() {
    SendInput("^+o")
    Sleep 50
    SendInput("{Down}")
    Sleep 5
    SendInput("{Enter}")
    Sleep 50
    
    SendInput("{F2 down}{F2 up}")
    Sleep 200
    loop 3 {
        if PixelSearch(&Px, &Py, 0, 0, A_ScreenWidth, A_ScreenHeight, 0x2741A6, 0) {
            ToolTip("Found it at " Px ", " Py)
            SendInput("^a")
            Sleep 5
            SendInput(random_text(3))
            Sleep 5
            SendInput("{Enter}")
            Sleep 5
            break
        }
        Sleep 30
    }
    

    return DoTheThing()


}

Return to “Scripts and Functions (v2)”