AutoIt Obfuscator — Obfuscation for AutoIt Script Source Code

Obfuscate your AutoIt script source code & algorithms to protect them against reverse engineering analysis, cracking and decompilation. AutoIt Obfuscator has been used 50842 times so far!

Source code in AutoIt v3 format

Obfuscated code

Detect debuggers, virtual machines, sandboxed environments, CPU emulators

  • Detect debuggers attached to the application process
  • Check for an abnormal low number of physical CPU cores (exit if less than 3)
  • Sandboxie (DLL libraries)
  • Joe Sandbox (processes)

  • VMware (procesess, files, drivers, WMI, BIOS, GFX)
  • Oracle Virtual Box (processes, files, drivers, BIOS, GFX)
  • Parallels Virtual Machine (processes, files)
  • KVM (drivers)
  • WINE (API inconsistencies, DLL libraries, special API functions)
  • Bochs (WMI BIOS)
  • QEMU (processes, WMI BIOS)
  • XEN (processes)

The added code is executed at the beginning of the script. In case of positive detection, the process will be silently terminated, without any error message.

Select types of helper random numbers to be generated:

Global $xyz = 1
Global $xyz = Asc("[")

Global $xyz[3] = [369, 214, 592]
Global $xyz[2][4] = [ [34, 14, 592, 3], [349, 2] ]

Func xyz()
    Return 1238948
EndFunc
#OnAutoItStartRegister "dhfe_nMCTQQ_qeMdNOv_hTu"
...
Func dhfe_nMCTQQ_qeMdNOv_hTu()
    Global Const $xyz = 88643041
EndFunc

Global $var_2659 = Asc(StringMid("Random(188, 1504914845 + SRandom(), 1626512065)", 18, 1))
If 2010239059 = 2010239059 Then

Random numbers are used all over the obfuscated code, the more types - the better. If you don't select anything, all of the random types will be generated.

ConsoleWrite("1. One" & @CRLF)
ConsoleWrite("2. Two" & @CRLF)
ConsoleWrite("3. Three" & @CRLF)
$rnd = 239892
While True
    If 40402 = $rnd Then
        $rnd = 1993
        ConsoleWrite("2. Two" & @CRLF)
    ElseIf $rnd = 239892 Then
        $rnd = 40402
        ConsoleWrite("1. One" & @CRLF)
    ElseIf $rnd = 1993 Then
        ConsoleWrite("3. Three" & @CRLF)
        $rnd = 203030211
    ElseIf $rnd = 203030211 Then
        ExitLoop
    EndIf
WEnd

Read about code execution flow. Loop control statements ExitLoop and ContinueLoop are automatically corrected by the new loop levels.

Local $variable = 1
Global $var = 12345
Dim $iValue = 0xABBA
Local $nGuiyagSznwgwh = 1
Global $SMGPZHGE_GRUHVBRVUR_TRMWCXZV = 12345
Dim $var_12 = 0xABBA

All references to the renamed variables are automatically fixed.

Func Example($param1, $param2)
Func ProcessSomething()
Func Dummy($aArray)
Func VadOeCmEiez($param1, $param2)
Func func_91()
Func AvnsnFunc($aArray)

DllCall() and others using function names as a parameter are automatically fixed as long as the parameter is passed as a string (not a variable!).

Local $result = Example($param1, $param2)
ProcessSomething()
$out = Dummy($aArray)
ConsoleWrite("Obfuscation for AutoIt")
Local $result = $VsoLkc($param1, $param2)
$DOX_MDK_WAVP()
$out = $aRacmLko($aArray)
$aAxieOjxz("Obfuscation for AutoIt")

Functions in AutoIt can be assigned to variables; this is a good way to hide the real name of called functions.

ConsoleWrite(c())

Func a()
    return "Hello!"
EndFunc

Func b()
    return a()
EndFunc

Func c()
    return b()
EndFunc
ConsoleWrite(c())

Func c()
    return b()
EndFunc

Func a()
    return "Hello!"
EndFunc

Func b()
    return a()
EndFunc

The order of AutoIt functions in a script is not important.

MsgBox($MB_ICONINFORMATION, "Title", "Caption")
MsgBox(64, "Title", "Caption")

Currently more than 15000 Windows API constants are recognized.

Local $a = 1
Local $value = 1234
Local $lucky_seven = 777
Local $var = 0xFFFF
Local $count = 999
Local $item = 0x100
Local $diabolo = 666
Local $num = 9
Local $alignment = 512
Local $a = 3928 + $EiejcJks[3]
Local $value = (347445640 - 347444406)
Local $lucky_seven = Int(Sqrt(603729))
Local $var = BitXOR(312515813, IbmmftJgowlxa())
Local $count = BitOR(8966, 1033)
Local $item = BitNOT(-257)
Local $diabolo = BitRotate(10911744, 18, "D")
Local $num = 3 * 3
Local $alignment = 2 ^ 9

Arithmetic expressions include the + - * ^ operators and Sqrt() function, boolean expressions include BitXOR, BitOR, BitNOT, and BitRotate functions.

ConsoleWrite("Hello World!")
ConsoleWrite('Hello Nasty')
ConsoleWrite("Sample ""quotation"" within")
ConsoleWrite('Single ''quotation'' !')
ConsoleWrite("H" & "ell" & "o " & "W" & "orld" & "!")
ConsoleWrite('Hel' & 'lo Nast' & 'y')
ConsoleWrite("Samp" & "le ""quotation" & """ with" & "in")
ConsoleWrite('Single ' & '''quotati' & 'on''' & ' ' & '!')

Quoted strings within strings are automatically detected and handled properly.

ConsoleWrite("Hello World!")
ConsoleWrite('Hello Bart')
ConsoleWrite('AutoIt Decompilation')
ConsoleWrite(StringReverse("!dlroW olleH"))
ConsoleWrite(StringTrimLeft('KKuqTHello Bart', 5))
ConsoleWrite(StringTrimRight('AutoIt DecompilationX', 1))

String modifications use the built-in StringReverse(), StringTrimRight() and StringTrimLeft() functions.

ConsoleWrite("How to protect AutoIt script?")
ConsoleWrite(DlnWck(87, $KQWGAWTNE, $vOedex))
...
Func DlnWck($var_1238, $g_tagNye, $g_v_nCrR)
    Local $6H_T[29] = [ 0x728F, 0x6DAF, 0x6CAF, 0x778F, _
                        0x6D0F, 0x6DAF, 0x778F, 0x6D8F, _
                        0x6D4F, 0x6DAF, 0x6D0F, 0x6EEF, _
                        0x6F2F, 0x6D0F, 0x778F, 0x736F, _
                        0x6CEF, 0x6D0F, 0x6DAF, 0x726F, _
                        0x6D0F, 0x778F, 0x6D2F, 0x6F2F, _
                        0x6D4F, 0x6E6F, 0x6D8F, 0x6D0F, _
                        0x73AF ]
    For $NYwQb = 0 To 28
        $Cwium = $6H_T[$NYwQb]
        $Cwium -= 0x7B90
        $Cwium = BitRotate($Cwium, 11, "W")
        $Cwium = BitNOT($Cwium)
        $6H_T[$NYwQb] = ChrW(BitAND($Cwium, 0xFFFF))
    Next
    Return _ArrayToString($6H_T, "")
EndFunc

The polymorphic string encryption engine is taken from our StringEncrypt solution.

Local $a = 1
Local $var = 123
Local $a = ($fBnbFcgx[5] >= $xCsccjis[12] ? 1 : $g_GIqyy)
Local $var = (SqXoFunc() <> $Abv ? $var_2029[3] : 123)

Read more about the ternary operator in AutoIt.


Want a free activation code?

Here are the ways that can get you a free activation code:

Pencil

Write a post

Write a blog post or an article about AutoIt Obfuscator with some screenshots, code examples and a link to the product site.

Twitter

Tweet about it

Tweet about AutoIt Obfuscator to your fans with a link to the product page — use the #autoit #obfuscator & #obfuscation hashtags.

Pencil

Report a bug

Report a bug and if I can confirm it you will get a free activation code as a thank you.

Twitter

Suggest an obfuscation idea

If you have an idea for improving the current obfuscation methods, or a new technique, please contact me with some code samples.

Use the contact form to talk to me.

Questions?

If you would like to ask me about AutoIt Obfuscator, or something's not clear, mail me. I'll be happy to answer all of your questions.