I’m a huge fan of AutoIt – I think the program is a wonderful tool for administrators as well as casual programmers who just like to mess with stuff. However, I recently discovered that the developer of AutoIt, in an ongoing quest for “security,” has disabled the ability to reverse-engineer autoit scripts!
Now, I’m all for security when people write software, but giving scripts this level of security actually introduces security risks! I just don’t like running some random AutoIt script without being able to look at the source code. If I run a “normal” compiled app, my virus scanner will generally let me know if it’s safe to run. But a script written in AutoIt can so easily be a trojan (or other destructive tool) and nothing can likely catch it because of the nature of scripted programs.
Yes, I’m aware somebody could write a C++ app that’s just as dangerous as AutoIt can produce, but this requires a lot more intelligence and effort than just writing an AutoIt script. AutoIt is made to be pretty friendly for non-programmers.
So to me, this is an absurd limitation – all scripts should be reversible for the sake of security! Luckily for the world, somebody has written a usable decompiler called myAutToExe, and I’m providing a local copy of 2.00 Alpha since the site is hard to find and hosted on Angelfire. For the original and latest versions, go to http://defcon5.biz/phpBB3/viewtopic.php?f=5&p=5735.
Note: I haven’t contacted the author of myAutToExe about this (the page has no contact information). I can’t imagine he’d complain, but if anybody knows a way in which I can contact him, I’m all ears. I’d love to set up a proper mirror.
UPDATE: I’ve updated the link to the latest version since being contacted by cw2k (the author of myAutToExe).
UPDATE UPDATE: Fixed the URL for getting the latest version – apparently the forum site moved.