python autoit obfuscator

1. import random
2. import string
3.  
4. def randstring(length):
5.     str = random.choice(string.letters)
6.     for i in xrange(0, length - 1):
7.         str += random.choice(string.letters + string.digits)
8.     return str
9. blacklist = [
10.     "global",
11.     "byref",
12.     "ByRef",
13.     "local",
14.     "dim",
15.     "if",
16.     "while",
17.     "wend",
18.     "endif",
19.     "to",
20.     "for",
21.     "next",
22.     "Global",
23.     "Local",
24.     "Dim",
25.     "If",
26.     "While",
27.     "Wend",
28.     "Endif",
29.     "To",
30.     "For",
31.     "Next",
32.     "call",
33.     "server",
34.     "byte",
35.     "proxy",
36.     "ihaveno",
37.     "system",
38.     "share",
39.     "shadow",
40.     "user",
41.     "file",
42.     "nothing",
43.     "public",
44.     "private",
45.     "owner",
46.     "nimda",
47.     "student",
48.     "Hostname",
49.     "monitor",
50.     "Request",
51.     "market",
52.     "0000000",
53.     "00000",
54.     "Client",
55.     "super",
56.     "Super",
57.     "host",
58.     "page",
59.     "name",
60.     "Hostport",
61.     "Clientsocket",
62.     "Host",
63.     "socket",
64.     "sock",
65.     "port",
66.     "root",
67.     "rootroot",
68.     "qwewq",
69.     "qwerty",
70.     "qweewq",
71.     "win",
72.     "\config.ini",
73.     "Admin",
74.     "adminuser",
75.     "admin",
76.     "user",
77.     "testing",
78.     "#windoez",
79.     "default",
80.     "test",
81.     "cluster",
82.     "desktop",
83.     "example",
84.     "files",
85.     "zxcvb",
86.     "support",
87.     "supporter",
88.     "testing",
89.     "update",
90.     "print str(e)",
91.     "word",
92.     "secret",
93.     "qqqq",
94.     "sample",
95.     "oracle",
96.     "nobody",
97.     "123qwe",
98.     "123asd",
99.     "99999",
100.     "unknown",
101.     "sendmail",
102.     "dword",
103.     "ulong",
104.     "ushort",
105.     "Length",
106.     "PID",
107.     "pid",
108.     "DPID",
109.     "TCPStartup",
110.     "TCPNameToIP",
111.     "TCPConnect",
112.     "TCPAccept",
113.     "TCPRecv",
114.     "TCPSend",
115.     "TCPListen",
116.     "UDPStartup",
117.     "UDPOpen",
118.     "UDPSend",
119.     "@",
120.     "@error",
121.     "@CRLF",
122.     "@ComputerName"
123.     "DllStructCreate",
124.     "TimerDiff",
125.     "int",
126.     "Int",
127.     "CmdLine",
128.     "Line",
129.     "line",
130.     "StringLen",
131.     "StringMid",
132.     "stringmid",
133.     "StringTrimRight",
134.     "StringTrimLeft",
135.     "StringSplit",
136.     "StringLeft",
137.     "StringRight",
138.     "BinaryToString",
139.     "InetGet",
140.     "dll",
141.     "Dll",
142.     "0x",
143.     "bitor",
144.     "UBound",
145.     "Timerhandle",
146.     "IniRead",
147.     "ControlListView",
148.     "Random",
149.     "Abs",
150.     "ACos",
151.     "AdlibRegister",
152.     "AdlibUnRegister",
153.     "Asc",
154.     "AscW",
155.     "ASin",
156.     "Assign",
157.     "ATan",
158.     "AutoItSetOption",
159.     "AutoItWinGetTitle",
160.     "AutoItWinSetTitle",
161.     "Beep",
162.     "Binary",
163.     "BinaryLen",
164.     "BinaryMid",
165.     "BinaryToString",
166.     "BitAND",
167.     "BitNOT",
168.     "BitOR",
169.     "BitRotate",
170.     "BitShift",
171.     "BitXOR",
172.     "BlockInput",
173.     "Break",
174.     "Call",
175.     "CDTray",
176.     "Ceiling",
177.     "Chr",
178.     "ChrW",
179.     "ClipGet",
180.     "ClipPut",
181.     "ConsoleRead",
182.     "ConsoleWrite",
183.     "ConsoleWriteError",
184.     "ControlClick",
185.     "ControlCommand",
186.     "ControlDisable",
187.     "ControlEnable",
188.     "ControlFocus",
189.     "ControlGetFocus",
190.     "ControlGetHandle",
191.     "ControlGetPos",
192.     "ControlGetText",
193.     "ControlHide",
194.     "ControlListView",
195.     "ControlMove",
196.     "ControlSend",
197.     "ControlSetText",
198.     "ControlShow",
199.     "ControlTreeView",
200.     "Cos",
201.     "Dec",
202.     "DirCopy",
203.     "DirCreate",
204.     "DirGetSize",
205.     "DirMove",
206.     "DirRemove",
207.     "DllCall",
208.     "DllCallAddress",
209.     "DllCallbackFree",
210.     "DllCallbackGetPtr",
211.     "DllCallbackRegister",
212.     "DllClose",
213.     "DllOpen",
214.     "DllStructCreate",
215.     "DllStructGetData",
216.     "DllStructGetPtr",
217.     "DllStructGetSize",
218.     "DllStructSetData",
219.     "DriveGetDrive",
220.     "DriveGetFileSystem",
221.     "DriveGetLabel",
222.     "DriveGetSerial",
223.     "DriveGetType",
224.     "DriveMapAdd",
225.     "DriveMapDel",
226.     "DriveMapGet",
227.     "DriveSetLabel",
228.     "DriveSpaceFree",
229.     "DriveSpaceTotal",
230.     "DriveStatus",
231.     "EnvGet",
232.     "EnvSet",
233.     "EnvUpdate",
234.     "Eval",
235.     "Execute",
236.     "Exp",
237.     "FileChangeDir",
238.     "FileClose",
239.     "FileCopy",
240.     "FileCreateNTFSLink",
241.     "FileCreateShortcut",
242.     "FileDelete",
243.     "FileExists",
244.     "FileFindFirstFile",
245.     "FileFindNextFile",
246.     "FileFlush",
247.     "FileGetAttrib",
248.     "FileGetEncoding",
249.     "FileGetLongName",
250.     "FileGetPos",
251.     "FileGetShortcut",
252.     "FileGetShortName",
253.     "FileGetSize",
254.     "FileGetTime",
255.     "FileGetVersion",
256.     "FileInstall",
257.     "FileMove",
258.     "FileOpen",
259.     "FileOpenDialog",
260.     "FileRead",
261.     "FileReadLine",
262.     "FileReadToArray",
263.     "FileRecycle",
264.     "FileRecycleEmpty",
265.     "FileSaveDialog",
266.     "FileSelectFolder",
267.     "FileSetAttrib",
268.     "FileSetEnd",
269.     "FileSetPos",
270.     "FileSetTime",
271.     "FileWrite",
272.     "FileWriteLine",
273.     "Floor",
274.     "FtpSetProxy",
275.     "FuncName",
276.     "GUICreate",
277.     "GUICtrlCreateAvi",
278.     "GUICtrlCreateButton",
279.     "GUICtrlCreateCheckbox",
280.     "GUICtrlCreateCombo",
281.     "GUICtrlCreateContextMenu",
282.     "GUICtrlCreateDate",
283.     "GUICtrlCreateDummy",
284.     "GUICtrlCreateEdit",
285.     "GUICtrlCreateGraphic",
286.     "GUICtrlCreateGroup",
287.     "GUICtrlCreateIcon",
288.     "GUICtrlCreateInput",
289.     "GUICtrlCreateLabel",
290.     "GUICtrlCreateList",
291.     "GUICtrlCreateListView",
292.     "GUICtrlCreateListViewItem",
293.     "GUICtrlCreateMenu",
294.     "GUICtrlCreateMenuItem",
295.     "GUICtrlCreateMonthCal",
296.     "GUICtrlCreateObj",
297.     "GUICtrlCreatePic",
298.     "GUICtrlCreateProgress",
299.     "GUICtrlCreateRadio",
300.     "GUICtrlCreateSlider",
301.     "GUICtrlCreateTab",
302.     "GUICtrlCreateTabItem",
303.     "GUICtrlCreateTreeView",
304.     "GUICtrlCreateTreeViewItem",
305.     "GUICtrlCreateUpdown",
306.     "GUICtrlDelete",
307.     "GUICtrlGetHandle",
308.     "GUICtrlGetState",
309.     "GUICtrlRead",
310.     "GUICtrlRecvMsg",
311.     "GUICtrlRegisterListViewSort",
312.     "GUICtrlSendMsg",
313.     "GUICtrlSendToDummy",
314.     "GUICtrlSetBkColor",
315.     "GUICtrlSetColor",
316.     "GUICtrlSetCursor",
317.     "GUICtrlSetData",
318.     "GUICtrlSetDefBkColor",
319.     "GUICtrlSetDefColor",
320.     "GUICtrlSetFont",
321.     "GUICtrlSetGraphic",
322.     "GUICtrlSetImage",
323.     "GUICtrlSetLimit",
324.     "GUICtrlSetOnEvent",
325.     "GUICtrlSetPos",
326.     "GUICtrlSetResizing",
327.     "GUICtrlSetState",
328.     "GUICtrlSetStyle",
329.     "GUICtrlSetTip",
330.     "GUIDelete",
331.     "GUIGetCursorInfo",
332.     "GUIGetMsg",
333.     "GUIGetStyle",
334.     "GUIRegisterMsg",
335.     "GUISetAccelerators",
336.     "GUISetBkColor",
337.     "GUISetCoord",
338.     "GUISetCursor",
339.     "GUISetFont",
340.     "GUISetHelp",
341.     "GUISetIcon",
342.     "GUISetOnEvent",
343.     "GUISetState",
344.     "GUISetStyle",
345.     "GUIStartGroup",
346.     "GUISwitch",
347.     "Hex",
348.     "HotKeySet",
349.     "HttpSetProxy",
350.     "HttpSetUserAgent",
351.     "HWnd",
352.     "InetClose",
353.     "InetGet",
354.     "InetGetInfo",
355.     "InetGetSize",
356.     "InetRead",
357.     "IniDelete",
358.     "IniRead",
359.     "IniReadSection",
360.     "IniReadSectionNames",
361.     "IniRenameSection",
362.     "IniWrite",
363.     "IniWriteSection",
364.     "InputBox",
365.     "Int",
366.     "IsAdmin",
367.     "IsArray",
368.     "IsBinary",
369.     "IsBool",
370.     "IsDeclared",
371.     "IsDllStruct",
372.     "IsFloat",
373.     "IsFunc",
374.     "IsHWnd",
375.     "IsInt",
376.     "IsKeyword",
377.     "IsNumber",
378.     "IsObj",
379.     "IsPtr",
380.     "IsString",
381.     "Log",
382.     "MemGetStats",
383.     "Mod",
384.     "MouseClick",
385.     "MouseClickDrag",
386.     "MouseDown",
387.     "MouseGetCursor",
388.     "MouseGetPos",
389.     "MouseMove",
390.     "MouseUp",
391.     "MouseWheel",
392.     "MsgBox",
393.     "Number",
394.     "ObjCreate",
395.     "ObjCreateInterface",
396.     "ObjEvent",
397.     "ObjGet",
398.     "ObjName",
399.     "OnAutoItExitRegister",
400.     "OnAutoItExitUnRegister",
401.     "Ping",
402.     "PixelChecksum",
403.     "PixelGetColor",
404.     "PixelSearch",
405.     "ProcessClose",
406.     "ProcessExists",
407.     "ProcessGetStats",
408.     "ProcessList",
409.     "ProcessSetPriority",
410.     "ProcessWait",
411.     "ProcessWaitClose",
412.     "ProgressOff",
413.     "ProgressOn",
414.     "ProgressSet",
415.     "Ptr",
416.     "Random",
417.     "RegDelete",
418.     "RegEnumKey",
419.     "RegEnumVal",
420.     "RegRead",
421.     "RegWrite",
422.     "Round",
423.     "Run",
424.     "RunAs",
425.     "RunAsWait",
426.     "RunWait",
427.     "Send",
428.     "SendKeepActive",
429.     "SetError",
430.     "SetExtended",
431.     "ShellExecute",
432.     "ShellExecuteWait",
433.     "Shutdown",
434.     "Sin",
435.     "Sleep",
436.     "SoundPlay",
437.     "SoundSetWaveVolume",
438.     "SplashImageOn",
439.     "SplashOff",
440.     "SplashTextOn",
441.     "Sqrt",
442.     "SRandom",
443.     "StatusbarGetText",
444.     "StderrRead",
445.     "StdinWrite",
446.     "StdioClose",
447.     "StdoutRead",
448.     "String",
449.     "StringAddCR",
450.     "StringCompare",
451.     "StringFormat",
452.     "StringFromASCIIArray",
453.     "StringInStr",
454.     "StringIsAlNum",
455.     "StringIsAlpha",
456.     "StringIsASCII",
457.     "StringIsDigit",
458.     "StringIsFloat",
459.     "StringIsInt",
460.     "StringIsLower",
461.     "StringIsSpace",
462.     "StringIsUpper",
463.     "StringIsXDigit",
464.     "StringLeft",
465.     "StringLen",
466.     "StringLower",
467.     "StringMid",
468.     "StringRegExp",
469.     "StringRegExpReplace",
470.     "StringReplace",
471.     "StringReverse",
472.     "StringRight",
473.     "StringSplit",
474.     "StringStripCR",
475.     "StringStripWS",
476.     "StringToASCIIArray",
477.     "StringToBinary",
478.     "StringTrimLeft",
479.     "StringTrimRight",
480.     "StringUpper",
481.     "Tan",
482.     "TCPAccept",
483.     "TCPCloseSocket",
484.     "TCPConnect",
485.     "TCPListen",
486.     "TCPNameToIP",
487.     "TCPRecv",
488.     "TCPSend",
489.     "TCPShutdown",
490.     "TCPStartup",
491.     "TimerDiff",
492.     "TimerInit",
493.     "ToolTip",
494.     "TrayCreateItem",
495.     "TrayCreateMenu",
496.     "TrayGetMsg",
497.     "TrayItemDelete",
498.     "TrayItemGetHandle",
499.     "TrayItemGetState",
500.     "TrayItemGetText",
501.     "TrayItemSetOnEvent",
502.     "TrayItemSetState",
503.     "TrayItemSetText",
504.     "TraySetClick",
505.     "TraySetIcon",
506.     "TraySetOnEvent",
507.     "TraySetPauseIcon",
508.     "TraySetState",
509.     "TraySetToolTip",
510.     "TrayTip",
511.     "UBound",
512.     "UDPBind",
513.     "UDPCloseSocket",
514.     "UDPOpen",
515.     "UDPRecv",
516.     "UDPSend",
517.     "VarGetType",
518.     "WinActivate",
519.     "WinActive",
520.     "WinClose",
521.     "WinExists",
522.     "WinFlash",
523.     "WinGetCaretPos",
524.     "WinGetClassList",
525.     "WinGetClientSize",
526.     "WinGetHandle",
527.     "WinGetPos",
528.     "WinGetProcess",
529.     "WinGetState",
530.     "WinGetText",
531.     "WinGetTitle",
532.     "WinKill",
533.     "WinList",
534.     "WinMenuSelectItem",
535.     "WinMinimizeAll",
536.     "WinMinimizeAllUndo",
537.     "WinMove",
538.     "WinSetOnTop",
539.     "WinSetState",
540.     "WinSetTitle",
541.     "WinSetTrans",
542.     "WinWait",
543.     "WinWaitActive",
544.     "WinWaitClose",
545.     "WinWaitNotActive"
546. ]
547. def isblacklisted(part):
548.     blackliste = False
549.     for x in part.replace("("," ").replace(")", " ").replace("="," ").replace(",", " ").split(" "):
550.         for black in blacklist:
551.             if (x == black or black in x) and x != "":
552.                 blackliste = True
553.     return blackliste
554. maxlength=16#int(raw_input("max variable and function name random name length? (min 4) "))
555. filename="DarkKnight.au3"#raw_input(".au3 file: ")
556. output="kek.au3"#raw_input("output file: ")
557. varlen = 3
558.  
559. f=open(filename,"r")
560. data=f.read().replace("\r","\n").replace("\n\n","\n")
561. f.close()
562.  
563. line = data.lower()
564. functions = []
565. variables = []
566. newvalues = []
567. for line in data.split("\n"):
568.     if ";" in line:
569.         continue
570.     if "func " in line.lower() or "(" in line:
571.         try:
572.             funcname = line.replace("func","Func").split("Func ")[1].split("(")[0]
573.             if funcname not in functions and not isblacklisted(funcname):
574.                 functions.append(funcname)
575.         except Exception as e:
576.             try:
577.                 for varname in line.split("(")[1].split(")")[0].replace(" ", ",").split(","):
578.                     if varname not in variables and not isblacklisted(varname):
579.                         while varname.startswith(" "):
580.                             varname[0] = ""
581.                         varname = varname.split("(")[0].split("=")[0].replace("\"","").split("[")[0]
582.                         if "$" not in varname and varname not in newvalues and not isblacklisted(varname):
583.                             if len(varname) >= 5 and varname.lower() != "false" and varname.lower() != "true":
584.                                 newVal = "BinaryToString(\"0x" + varname.encode("HEX").upper() + "\")"
585.                                 if (varname+":::"+newVal) not in newvalues and not isblacklisted(varname):
586.                                     newvalues.append(varname+":::"+newVal)
587.                         else:
588.                             if varname not in variables and not isblacklisted(varname):
589.                                 variables.append(varname)
590.                         continue
591.             except Exception as e:
592.                 print str(e)
593.     if "$" in line and "=" in line or "[" in line and "\"\"" not in line:
594.         if "if " in line or "If " in line:
595.             line = line.replace("if ", "").replace("If ", "")
596.         line = line.replace("global ", "").replace("local ", "").replace("dim ", "").replace("Global ", "").replace("Local ", "").replace("Dim ", "").replace("ByRef ", "").split(" then")[0].split(" Then")[0]
597.         try:
598.             value = line.replace("$","").replace(" & ","&").replace("&=","=").replace(" = ","=").split("=")[-1]
599.         except Exception as e:
600.             print str(e)
601.         try:
602.             value = "'".join(value.split("'")[1:]).split("'")[0]
603.         except Exception as e:
604.             try:
605.                 value = value.split("\"")[1].split("\"")[0]
606.             except Exception as e:
607.                 print str(e)
608.         value = value.replace("\"","").split("=")[0].split("(")[0].replace("\"","").split("[")[0]
609.         if not isblacklisted(value):
610.             if len(value) >= varlen and value.lower() != "false" and value.lower() != "true" and value not in blacklist:
611.                 newVal = "BinaryToString(\"0x" + value.encode("HEX").upper() + "\")"
612.                 if (value+":::"+newVal) not in newvalues and not isblacklisted(value):
613.                     newvalues.append(value+":::"+newVal)
614.  
615. functions = list(set(functions))
616. variables = list(set(variables))
617. newvalues = list(set(newvalues))
618. print "Function names:"
619. print "\n".join(functions)
620. print
621. print "Variable names:"
622. print "\n".join(variables)
623. print
624. print "Variable values:"
625. print "\n".join(newvalues)
626. print
627. print "Obfuscating...."
628. f=open(output,"w")
629. for var in variables:
630.     if len(var) >= varlen:
631.         data=data.replace(var, randstring(random.randrange(4,maxlength)))
632. for func in functions:
633.     if len(func) >= varlen:
634.         data=data.replace(func, randstring(random.randrange(4,maxlength)))
635. count = 0
636. for line in data.split("\n"):
637.     for count in xrange(0, len(newvalues) - 1):
638.         if not isblacklisted(newvalues[count].split(":::")[0]) and len(newvalues[count].split(":::")[0].replace("\"","'").replace("'","")) >= varlen:
639.             line = line.replace("\""+newvalues[count].split(":::")[0]+"\"", newvalues[count].split(":::")[1]).replace("'"+newvalues[count].split(":::")[0]+"'", newvalues[count].split(":::")[1]).replace(newvalues[count].split(":::")[0], newvalues[count].split(":::")[1])
640.             if "$BinaryToString" in line or "\"BinaryToString" in line:
641.                 fixed = "BinaryToString(\"0x" + "".join(newvalues[count].split(":::")[1].replace("\"BinaryToString","BinaryToString").replace("$BinaryToString","BinaryToString").split("BinaryToString(\"0x")[1:]).replace("\")\"", "\")")
642.                 data = data.replace("\""+newvalues[count].split(":::")[0]+"\"", fixed).replace("'"+newvalues[count].split(":::")[0]+"'", fixed)#data.replace(newvalues[count].split(":::")[0], fixed)
643.  
644. f.write(data)
645. f.close()
646. print "Output located at " + output