encrypt

duofruo · Post by **duofruo** » Mon Feb 09, 2004 4:27 pm

is there a way to encrypt the tcl scripts, i neet the encrypt a botnet script, that contains many components

GodOfSuicide · Post by **GodOfSuicide** » Mon Feb 09, 2004 7:41 pm

set text [encrypt $key $text] <- encrypts $text with $key
set text [decrypt $key $text] <- decrypts $text with $key

be sure to use the same key on both bots

duofruo · Post by **duofruo** » Tue Feb 10, 2004 4:34 am

i wana ecrypt the whole tcl script, not just on word

GodOfSuicide · Post by **GodOfSuicide** » Tue Feb 10, 2004 6:02 am

TCLPro is the only acceptable way i'd say, strikelights method e.g. is too easy to crack

Post by **user** » Tue Feb 10, 2004 7:43 am

GodOfSuicide wrote:TCLPro is the only acceptable way i'd say, strikelights method e.g. is too easy to crack

You mean bytecode compilation, right? That's not encryption

GodOfSuicide · Post by **GodOfSuicide** » Tue Feb 10, 2004 8:45 am

well, for me bytecode asm and this stuff is like a cryptic lang

Post by **caesar** » Tue Feb 10, 2004 1:04 pm

Not many users know how to decode strikelight's method.. so it's better than none

GodOfSuicide · Post by **GodOfSuicide** » Tue Feb 10, 2004 2:06 pm

you wouldnt even have to decode it, you could also find out the commands / settings / vars names with info, then get the proc's body with info body command, then the args and you're done....i wonder if this also works at TCLPro, anyone want to try ?

stdragon · Post by **stdragon** » Tue Feb 10, 2004 3:41 pm

Why would you want to encrypt a whole script, anyway? Are there passwords in it, or unprotected commands or something?

strikelight · Post by **strikelight** » Tue Feb 10, 2004 11:44 pm

For the record, my method is NOT "encryption", it's "obfuscation" (for my publically released scripts). I have never made any such claim that my publically released scripts are encrypted. My publically released scripts are designed for all eggdrop versions, without the use of any external modules, shared objects, dlls, etc.. etc.. There is no (semi)secure method of publically releasing an "encrypted" script without also releasing/using some type of addon/modification.

The encryption of my personal scripts IS actual encryption, private, not what I release. Thus, you would never have even seen my encryption method, as you put it.

As for if 'info <arg>' would work for byteencoded scripts, no, it would not work, as the TCL is obliterated and turned into simpler machine code. Hence the term "ByteCode Compiler"...

GodOfSuicide · Post by **GodOfSuicide** » Wed Feb 11, 2004 6:24 am

strikelight wrote:As for if 'info <arg>' would work for byteencoded scripts, no, it would not work, as the TCL is obliterated and turned into simpler machine code. Hence the term "ByteCode Compiler"...

yeah, but maybe it would have been decrypted on the fly...wouldnt be secure at all, i know.

Post by **user** » Wed Feb 11, 2004 8:43 am

GodOfSuicide wrote:
strikelight wrote:As for if 'info <arg>' would work for byteencoded scripts, no, it would not work, as the TCL is obliterated and turned into simpler machine code. Hence the term "ByteCode Compiler"...
yeah, but maybe it would have been decrypted on the fly...wouldnt be secure at all, i know.

I repeat: bytecode compilation is NOT encryption. A .tbc file holds an (ascii-85) encoded version of the compiled script. All normal tcl scripts are compiled when you load them, and what your interpreter runs internally is this compiled version of the code. The string returned by 'info body' is a copy of the original source, not the actual code running in your interpreter.
When loading a .tbc file there is no source (in most cases anyway... there is a #define in the compiler to include the source in compiled files). The main purpose of bytecode compilation (the way I see it) is to avoid compiling a static script every time it's loaded. You also save the memory normally occupied by the source code copy (unless you change that #define in your compiler, of course).
Reconstructing the source (or at least a human-readable version) from the bytecode should not be too hard.

KrzychuG · Post by **KrzychuG** » Sat Feb 14, 2004 3:23 pm

May not be so hard, but I think that there is no program which can do that (decompile it to human readable form).

Post by **user** » Sun Feb 15, 2004 9:18 pm

KrzychuG wrote:May not be so hard, but I think that there is no program which can do that (decompile it to human readable form).

What's your point? bytecode compiling == encryption because there's no script kiddie tool avaliable to decode it?

In many cases decoding the xstrings found in the .tbc file will give you most of the code without even interpreting any bytecode.

KrzychuG · Post by **KrzychuG** » Sat Feb 21, 2004 1:46 pm

I tried many ways to recover my script from bytecode without any results. Once after modifications in tbcload library i've recovered small part but i need all. I don't know how you decompiled it, but i'm very interested in it (still trying to recover my forgotten code).