Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Protect Code
- Thread starter togatown
- Start date
- Thread starter
- #3
Strongm,
Thanks but I am looking to obfuscate the code not encrypt it to a vbe. An obfuscater will remove white spaces, replace variable and constant names with gibberish names and basically make unencrypted code look like garbage.
Encryption can be easily cracked. There are several decryption routines which do this rapidly and effectively.
Toga
Thanks but I am looking to obfuscate the code not encrypt it to a vbe. An obfuscater will remove white spaces, replace variable and constant names with gibberish names and basically make unencrypted code look like garbage.
Encryption can be easily cracked. There are several decryption routines which do this rapidly and effectively.
Toga
The script encoder (neither Microsoftr nor myself would go so far as to claim this was proper encryption) meets most of the requirements of an obfuscator. And I'm not sure where you get the idea that the end product is a VBE.
Still, if it isn't what you are looking for, then fair enough.
Still, if it isn't what you are looking for, then fair enough.
Code obfuscation is easier in Javascript than in VBScript. VBScript has a very nice syntax that makes it easy to understand and makes obfuscation difficult. You can get by with calling routines x1 or renaming a few variables but not a lot you can do with it.
With Javascript, classes, functions, subs and properties are all called function. The terminator for if, for, while, switch etc is } and it has inline functions. The arrays increment automatically so there is no need for redim preserve.
Alternatively, use something <script language="vbscript" src="fred.vbs">. The average web user won't know how to go beyond view/source.
With Javascript, classes, functions, subs and properties are all called function. The terminator for if, for, while, switch etc is } and it has inline functions. The arrays increment automatically so there is no need for redim preserve.
Alternatively, use something <script language="vbscript" src="fred.vbs">. The average web user won't know how to go beyond view/source.
So long as you declare your variables, it wouldn't be hard to write an obfuscation script. Have it create a dictionary where the items are the original variables/functions/etc and the keys are generated randomly. Since your keys have to be unique, you just run through the code with a replace. Also, white space and comments are really easy to remove.
However, IMO, the script encoder is just as effective and doesn't require any coding on your part. Anyone who is going to go through the trouble of decoding and reading your code, would be able to figure out what your code is doing even if obfuscate with random variable names.
However, IMO, the script encoder is just as effective and doesn't require any coding on your part. Anyone who is going to go through the trouble of decoding and reading your code, would be able to figure out what your code is doing even if obfuscate with random variable names.
Have a look here:
Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ181-2886
Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ181-2886
- Thread starter
- #12
Actually I found the answer I needed:
I tried:
VBS-Obfuscate from Stunnix - crap - creates run-time errors
vbs2exe - crap - creates run-time errors
vbscript2exe - crap - creates run-time errors
see the common theme....
Then along comes exescript, Works on the 20 or so scripts I've tested it on so far. Many of these script contain a heavy use of objects and some include the use of third party components.
Caution is suggested when setting the source file up for building. By default the program sets an 'Execution Type' property of 'Extract'. You need to set this to 'Compile'.
Using Extract, the program extract the vbs file in it's entirety to the users default temp folder. Using 'Compile', it loads the code into memory and runs it from there.
I tried:
VBS-Obfuscate from Stunnix - crap - creates run-time errors
vbs2exe - crap - creates run-time errors
vbscript2exe - crap - creates run-time errors
see the common theme....
Then along comes exescript, Works on the 20 or so scripts I've tested it on so far. Many of these script contain a heavy use of objects and some include the use of third party components.
Caution is suggested when setting the source file up for building. By default the program sets an 'Execution Type' property of 'Extract'. You need to set this to 'Compile'.
Using Extract, the program extract the vbs file in it's entirety to the users default temp folder. Using 'Compile', it loads the code into memory and runs it from there.
trollacious
Programmer
AutoIT is similar to VB, an easy and quick learning curve, and you can compile the scripts into executables. The SciTE editor interfaces with AutoIT real well, and it's all free. If you use global search and replaces, you should be able to convert your script pretty quickly and easily.
Lee
Lee
- Thread starter
- #14
- Thread starter
- #16
strong,
Perhaps so, just not the lame encryption Microsoft provides which requires not technical skill or knowledge to reverse. A quick google search is all it takes to decrypt any script which can still be usable to the WSH. I know, I've done it hundreds of times myself in the interest of knowledge or to reverse engineer or tailor a script.
As far as I could tell, exescripts executables couldn't be decrypted. Have you found a way to extract the code from them?
I may just stop being lazy and convert all my scripts to VB with the 2005 Express Edition being free and the support for console apps.....
Perhaps so, just not the lame encryption Microsoft provides which requires not technical skill or knowledge to reverse. A quick google search is all it takes to decrypt any script which can still be usable to the WSH. I know, I've done it hundreds of times myself in the interest of knowledge or to reverse engineer or tailor a script.
As far as I could tell, exescripts executables couldn't be decrypted. Have you found a way to extract the code from them?
I may just stop being lazy and convert all my scripts to VB with the 2005 Express Edition being free and the support for console apps.....
From reading the description it looks like this program just wraps the script with an .EXE file. Then when you run the .EXE it executes the script. I can't tell if it encrypts the script or not, but at some point it will have to be available in plain english (well, VBScript actually) in order for WSH to process it. Whether you could extract it from memory at runtime is another question, but it wouldn't be as trivial as doing a Google search for a way to circumvent it.
- Thread starter
- #18
The code is encrypted in the exe in a proprietary format. By default, the code decrypts to the tamp folder but you can change this option to run it from memory.
I highly doubt that my users or any of the technical people in the area would even realize that it is a script let alone have the skill to be able to read it from memory at runtime.
Still considering VB though. I started with it years ago and haven't used it in awhile but there are few to little differences between the two. VB, VBS, ASP, VBA....you can do one, you can do them all.
VB does allow me to access the API which I miss in VBS and now with the console support.......wish I had known that two years ago.
I highly doubt that my users or any of the technical people in the area would even realize that it is a script let alone have the skill to be able to read it from memory at runtime.
Still considering VB though. I started with it years ago and haven't used it in awhile but there are few to little differences between the two. VB, VBS, ASP, VBA....you can do one, you can do them all.
VB does allow me to access the API which I miss in VBS and now with the console support.......wish I had known that two years ago.
- Status
Similar threads
- Locked
- Question