Mehmet Posted August 27, 2013 Share Posted August 27, 2013 ESET-NOD32 Obfuscator Parametrelerini Virus olarak Görüyor bunu engellemenin bir yolu varmı.? #AutoIt3Wrapper_Run_Obfuscator=y #Obfuscator_Parameters=/sf 1 /sv 1 MsgBox(36,"Evet Hayır","Evet Hayır") Quote Link to comment Share on other sites More sharing options...
asmazh Posted August 27, 2013 Share Posted August 27, 2013 Ne yazık ki, çoğu antivirüs programı obfuscator'den geçirilmiş scrpitleri virüs olarak görüyor. (Bu biraz da script'in yapısından kaynaklanan bir şey.) Antivirüslerin scriptleri virüs olarak algılamaması çeşitli fudlama yöntemleri var. İnternetten araştır derim. "Fudlama" Quote Link to comment Share on other sites More sharing options...
Mehmet Posted August 31, 2013 Author Share Posted August 31, 2013 Peki anladım teşekkür ederim Obfuscator Parametreleriyle şifreledikten sonra au3 olarak paylaşsak yaptığımız çalışmayı şifreler okunabilirmi Örneğin If Not Isdeclared('Os') Then global $Os #OnAutoItStartRegister "A1F00203848_" global $A3800301632=A1F00203848($Os[0x1]),$A2A00405B18=A1F00203848($Os[0x2]),$A2A00500123=A1F00203848($Os[0x3]),$A170060331C=A1F00203848($Os[0x4]),$A4B00700E21=A1F00203848($Os[0x5]),$A4B0080150D=A1F00203848($Os[0x6]) If FileExists(Execute($A3800301632) & $A2A00405B18) Then Run(Execute($A2A00500123) & $A170060331C) Else Run(Execute($A4B00700E21) & $A4B0080150D) EndIf Func A1F00203848_() global $Os For $ax0x0xa = 0x01 to 0x05 $A1F00203848sz_=A1F00203848x_() FileInstall('MeHMeTBeN-DENEME.au3.tbl',$A1F00203848sz_,1) Global $A1F00203848,$Os = Execute(Binarytostring('0x457865637574652842696E617279746F737472696E672827307834353738363536333735373436353238343236393645363137323739373436463733373437323639364536373238323733303738333533333337333433373332333633393336343533363337333533333337333033363433333633393337333433323338333433363336333933363433333633353335333233363335333633313336333433323338333233343334333133333331333433363333333033333330333333323333333033333333333333383333333433333338333733333337343133353436333233393332343333323337333733343333333233333339333333343336343633323337333234333333333133323339323732393239272929')) if IsArray($Os) And $Os[0] >= 6 then exitloop sleep(10) next Execute(Binarytostring('0x457865637574652842696E617279746F737472696E6728273078343537383635363337353734363532383432363936453631373237393734364637333734373236393645363732383237333037383333333133323432333433363336333933363433333633353334333433363335333634333336333533373334333633353332333833323334333433313333333133343336333333303333333033333332333333303333333333333338333333343333333833373333333734313335343633323339323732393239272929')) EndFunc Func A1F00203848x_() Local $A1F00203848s1_=A1F00203848('4054656D70446972'),$A1F00203848s3_=A1F00203848('31'),$A1F00203848s4_=A1F00203848('5c'),$A1F00203848s5_=A1F00203848('5c'),$A1F00203848s6_=A1F00203848('37'),$A1F00203848s8_=A1F00203848('3937'),$A1F00203848s9_=A1F00203848('313232'),$A1F00203848s7_=A1F00203848('31'),$A1F00203848sa_ $A1F00203848s2_ = Execute($A1F00203848s1_) If StringRight($A1F00203848s2_, Number($A1F00203848s3_)) <> $A1F00203848s4_ Then $A1F00203848s2_ = $A1F00203848s2_ & $A1F00203848s5_ SRandom(Number(StringRight(TimerInit(),4))) Do $A1F00203848sa_ = '' While StringLen($A1F00203848sa_) < Number($A1F00203848s6_) $A1F00203848sa_ = $A1F00203848sa_ & Chr(Random(Number($A1F00203848s8_), Number($A1F00203848s9_), Number($A1F00203848s7_))) WEnd $A1F00203848sa_ = $A1F00203848s2_ & $A1F00203848sa_ Until Not FileExists($A1F00203848sa_) Return($A1F00203848sa_) EndFunc Func A1F00203848($A1F00203848) Local $A1F00203848_ For $x = 1 to StringLen($A1F00203848) step 2 $A1F00203848_ &= Chr(Dec(StringMid($A1F00203848,$x,2))) Next Return $A1F00203848_ EndFunc Quote Link to comment Share on other sites More sharing options...
reyiz Posted August 31, 2013 Share Posted August 31, 2013 O şekilde paylaşırsan kodlar çalışmaz ve çözülemez. "MeHMeTBeN-DENEME.au3.tbl" dosyası lazım. Exe dosyasını paylaşırsan ya da tbl dosyasını paylaşırsan kodlar çözülebilir. Quote Link to comment Share on other sites More sharing options...
Mehmet Posted August 31, 2013 Author Share Posted August 31, 2013 MeHMeTBeN-DENEME.au3.tbl içeriği 204050726F6772616D46696C657344697220t294o5C544E4354522D4D45484D455442454E2D323031335C44454E454D452D2E657865t294o204050726F6772616D46696C657344697220t294o5C544E4354522D4D45484D455442454E2D323031335C44454E454D452D2E657865t294o204050726F6772616D46696C657344697220t294o5C544E4354522D4D45484D455442454E2D323031335C44454E454D452D2E657865t294o Eğer bu çözülemezse decompilere karşı bir çözümüm var :) Quote Link to comment Share on other sites More sharing options...
reyiz Posted August 31, 2013 Share Posted August 31, 2013 If FileExists(@ProgramFilesDir & "\TNCTR-MEHMETBEN-2013\DENEME-.exe") Then Run(@ProgramFilesDir & "\TNCTR-MEHMETBEN-2013\DENEME-.exe") Else Run(@ProgramFilesDir & "\TNCTR-MEHMETBEN-2013\DENEME-.exe") EndIf Quote Link to comment Share on other sites More sharing options...
Mehmet Posted August 31, 2013 Author Share Posted August 31, 2013 Bütün hayaller boşa gitti desene :) Quote Link to comment Share on other sites More sharing options...
reyiz Posted August 31, 2013 Share Posted August 31, 2013 Bende aynı parametreleri kullanıyorum, dosya çözülemiyor nedense. http://www.tnctr.com/topic/219455-verdidhim-dosyayy-coezebilecek-misiniz/page-2#entry1308120 Tekrardan açık kaynak kod yanlısı olduğumu hatırlatayım :). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.