As I’ve mentioned maybe once or twice before, I like myAutToExe a good deal. It’s great for tinkering around with AutoIt programs that have been “secured” by compiling to tokens. In some situations, being able to decompile these scripts is an absolute necessity Continue reading “myAutToExe and Ruby for the win!”
As I previously mentioned, I like AutoIT a great deal, but I like decompiling other people’s stuff even better. Just a couple days ago, the genius who brought us the only 3.2.6 decompiler released a new version, 2.2. I haven’t kept up like I should, but if cw2k ever gives me the okay, I’d gladly keep up a mirror as he releases new versions. For now, at least, I’ll just try to remember to check back regularly and grab the latest versions.
I’m a huge fan of AutoIt – I think the program is a wonderful tool for administrators as well as casual programmers who just like to mess with stuff. However, I recently discovered that the developer of AutoIt, in an ongoing quest for “security,” has disabled the ability to reverse-engineer autoit scripts!
Now, I’m all for security when people write software, but giving scripts this level of security actually introduces security risks! I just don’t like running some random AutoIt script without being able to look at the source code. If I run a “normal” compiled app, my virus scanner will generally let me know if it’s safe to run. But a script written in AutoIt can so easily be a trojan (or other destructive tool) and nothing can likely catch it because of the nature of scripted programs.
Yes, I’m aware somebody could write a C++ app that’s just as dangerous as AutoIt can produce, but this requires a lot more intelligence and effort than just writing an AutoIt script. AutoIt is made to be pretty friendly for non-programmers.
So to me, this is an absurd limitation – all scripts should be reversible for the sake of security! Luckily for the world, somebody has written a usable decompiler called myAutToExe, and I’m providing a local copy of 2.00 Alpha since the site is hard to find and hosted on Angelfire. For the original and latest versions, go to http://defcon5.biz/phpBB3/viewtopic.php?f=5&p=5735.
Note: I haven’t contacted the author of myAutToExe about this (the page has no contact information). I can’t imagine he’d complain, but if anybody knows a way in which I can contact him, I’m all ears. I’d love to set up a proper mirror.
UPDATE: I’ve updated the link to the latest version since being contacted by cw2k (the author of myAutToExe).
UPDATE UPDATE: Fixed the URL for getting the latest version – apparently the forum site moved.