import random import string def randstring(length): str = random.choice(string.letters) for i in xrange(0, length - 1): str += random.choice(string.letters + string.digits) return str blacklist = [ "global", "byref", "ByRef", "local", "dim", "if", "while", "wend", "endif", "to", "for", "next", "Global", "Local", "Dim", "If", "While", "Wend", "Endif", "To", "For", "Next", "call", "server", "byte", "proxy", "ihaveno", "system", "share", "shadow", "user", "file", "nothing", "public", "private", "owner", "nimda", "student", "Hostname", "monitor", "Request", "market", "0000000", "00000", "Client", "super", "Super", "host", "page", "name", "Hostport", "Clientsocket", "Host", "socket", "sock", "port", "root", "rootroot", "qwewq", "qwerty", "qweewq", "win", "\config.ini", "Admin", "adminuser", "admin", "user", "testing", "#windoez", "default", "test", "cluster", "desktop", "example", "files", "zxcvb", "support", "supporter", "testing", "update", "print str(e)", "word", "secret", "qqqq", "sample", "oracle", "nobody", "123qwe", "123asd", "99999", "unknown", "sendmail", "dword", "ulong", "ushort", "Length", "PID", "pid", "DPID", "TCPStartup", "TCPNameToIP", "TCPConnect", "TCPAccept", "TCPRecv", "TCPSend", "TCPListen", "UDPStartup", "UDPOpen", "UDPSend", "@", "@error", "@CRLF", "@ComputerName" "DllStructCreate", "TimerDiff", "int", "Int", "CmdLine", "Line", "line", "StringLen", "StringMid", "stringmid", "StringTrimRight", "StringTrimLeft", "StringSplit", "StringLeft", "StringRight", "BinaryToString", "InetGet", "dll", "Dll", "0x", "bitor", "UBound", "Timerhandle", "IniRead", "ControlListView", "Random", "Abs", "ACos", "AdlibRegister", "AdlibUnRegister", "Asc", "AscW", "ASin", "Assign", "ATan", "AutoItSetOption", "AutoItWinGetTitle", "AutoItWinSetTitle", "Beep", "Binary", "BinaryLen", "BinaryMid", "BinaryToString", "BitAND", "BitNOT", "BitOR", "BitRotate", "BitShift", "BitXOR", "BlockInput", "Break", "Call", "CDTray", "Ceiling", "Chr", "ChrW", "ClipGet", "ClipPut", "ConsoleRead", "ConsoleWrite", "ConsoleWriteError", "ControlClick", "ControlCommand", "ControlDisable", "ControlEnable", "ControlFocus", "ControlGetFocus", "ControlGetHandle", "ControlGetPos", "ControlGetText", "ControlHide", "ControlListView", "ControlMove", "ControlSend", "ControlSetText", "ControlShow", "ControlTreeView", "Cos", "Dec", "DirCopy", "DirCreate", "DirGetSize", "DirMove", "DirRemove", "DllCall", "DllCallAddress", "DllCallbackFree", "DllCallbackGetPtr", "DllCallbackRegister", "DllClose", "DllOpen", "DllStructCreate", "DllStructGetData", "DllStructGetPtr", "DllStructGetSize", "DllStructSetData", "DriveGetDrive", "DriveGetFileSystem", "DriveGetLabel", "DriveGetSerial", "DriveGetType", "DriveMapAdd", "DriveMapDel", "DriveMapGet", "DriveSetLabel", "DriveSpaceFree", "DriveSpaceTotal", "DriveStatus", "EnvGet", "EnvSet", "EnvUpdate", "Eval", "Execute", "Exp", "FileChangeDir", "FileClose", "FileCopy", "FileCreateNTFSLink", "FileCreateShortcut", "FileDelete", "FileExists", "FileFindFirstFile", "FileFindNextFile", "FileFlush", "FileGetAttrib", "FileGetEncoding", "FileGetLongName", "FileGetPos", "FileGetShortcut", "FileGetShortName", "FileGetSize", "FileGetTime", "FileGetVersion", "FileInstall", "FileMove", "FileOpen", "FileOpenDialog", "FileRead", "FileReadLine", "FileReadToArray", "FileRecycle", "FileRecycleEmpty", "FileSaveDialog", "FileSelectFolder", "FileSetAttrib", "FileSetEnd", "FileSetPos", "FileSetTime", "FileWrite", "FileWriteLine", "Floor", "FtpSetProxy", "FuncName", "GUICreate", "GUICtrlCreateAvi", "GUICtrlCreateButton", "GUICtrlCreateCheckbox", "GUICtrlCreateCombo", "GUICtrlCreateContextMenu", "GUICtrlCreateDate", "GUICtrlCreateDummy", "GUICtrlCreateEdit", "GUICtrlCreateGraphic", "GUICtrlCreateGroup", "GUICtrlCreateIcon", "GUICtrlCreateInput", "GUICtrlCreateLabel", "GUICtrlCreateList", "GUICtrlCreateListView", "GUICtrlCreateListViewItem", "GUICtrlCreateMenu", "GUICtrlCreateMenuItem", "GUICtrlCreateMonthCal", "GUICtrlCreateObj", "GUICtrlCreatePic", "GUICtrlCreateProgress", "GUICtrlCreateRadio", "GUICtrlCreateSlider", "GUICtrlCreateTab", "GUICtrlCreateTabItem", "GUICtrlCreateTreeView", "GUICtrlCreateTreeViewItem", "GUICtrlCreateUpdown", "GUICtrlDelete", "GUICtrlGetHandle", "GUICtrlGetState", "GUICtrlRead", "GUICtrlRecvMsg", "GUICtrlRegisterListViewSort", "GUICtrlSendMsg", "GUICtrlSendToDummy", "GUICtrlSetBkColor", "GUICtrlSetColor", "GUICtrlSetCursor", "GUICtrlSetData", "GUICtrlSetDefBkColor", "GUICtrlSetDefColor", "GUICtrlSetFont", "GUICtrlSetGraphic", "GUICtrlSetImage", "GUICtrlSetLimit", "GUICtrlSetOnEvent", "GUICtrlSetPos", "GUICtrlSetResizing", "GUICtrlSetState", "GUICtrlSetStyle", "GUICtrlSetTip", "GUIDelete", "GUIGetCursorInfo", "GUIGetMsg", "GUIGetStyle", "GUIRegisterMsg", "GUISetAccelerators", "GUISetBkColor", "GUISetCoord", "GUISetCursor", "GUISetFont", "GUISetHelp", "GUISetIcon", "GUISetOnEvent", "GUISetState", "GUISetStyle", "GUIStartGroup", "GUISwitch", "Hex", "HotKeySet", "HttpSetProxy", "HttpSetUserAgent", "HWnd", "InetClose", "InetGet", "InetGetInfo", "InetGetSize", "InetRead", "IniDelete", "IniRead", "IniReadSection", "IniReadSectionNames", "IniRenameSection", "IniWrite", "IniWriteSection", "InputBox", "Int", "IsAdmin", "IsArray", "IsBinary", "IsBool", "IsDeclared", "IsDllStruct", "IsFloat", "IsFunc", "IsHWnd", "IsInt", "IsKeyword", "IsNumber", "IsObj", "IsPtr", "IsString", "Log", "MemGetStats", "Mod", "MouseClick", "MouseClickDrag", "MouseDown", "MouseGetCursor", "MouseGetPos", "MouseMove", "MouseUp", "MouseWheel", "MsgBox", "Number", "ObjCreate", "ObjCreateInterface", "ObjEvent", "ObjGet", "ObjName", "OnAutoItExitRegister", "OnAutoItExitUnRegister", "Ping", "PixelChecksum", "PixelGetColor", "PixelSearch", "ProcessClose", "ProcessExists", "ProcessGetStats", "ProcessList", "ProcessSetPriority", "ProcessWait", "ProcessWaitClose", "ProgressOff", "ProgressOn", "ProgressSet", "Ptr", "Random", "RegDelete", "RegEnumKey", "RegEnumVal", "RegRead", "RegWrite", "Round", "Run", "RunAs", "RunAsWait", "RunWait", "Send", "SendKeepActive", "SetError", "SetExtended", "ShellExecute", "ShellExecuteWait", "Shutdown", "Sin", "Sleep", "SoundPlay", "SoundSetWaveVolume", "SplashImageOn", "SplashOff", "SplashTextOn", "Sqrt", "SRandom", "StatusbarGetText", "StderrRead", "StdinWrite", "StdioClose", "StdoutRead", "String", "StringAddCR", "StringCompare", "StringFormat", "StringFromASCIIArray", "StringInStr", "StringIsAlNum", "StringIsAlpha", "StringIsASCII", "StringIsDigit", "StringIsFloat", "StringIsInt", "StringIsLower", "StringIsSpace", "StringIsUpper", "StringIsXDigit", "StringLeft", "StringLen", "StringLower", "StringMid", "StringRegExp", "StringRegExpReplace", "StringReplace", "StringReverse", "StringRight", "StringSplit", "StringStripCR", "StringStripWS", "StringToASCIIArray", "StringToBinary", "StringTrimLeft", "StringTrimRight", "StringUpper", "Tan", "TCPAccept", "TCPCloseSocket", "TCPConnect", "TCPListen", "TCPNameToIP", "TCPRecv", "TCPSend", "TCPShutdown", "TCPStartup", "TimerDiff", "TimerInit", "ToolTip", "TrayCreateItem", "TrayCreateMenu", "TrayGetMsg", "TrayItemDelete", "TrayItemGetHandle", "TrayItemGetState", "TrayItemGetText", "TrayItemSetOnEvent", "TrayItemSetState", "TrayItemSetText", "TraySetClick", "TraySetIcon", "TraySetOnEvent", "TraySetPauseIcon", "TraySetState", "TraySetToolTip", "TrayTip", "UBound", "UDPBind", "UDPCloseSocket", "UDPOpen", "UDPRecv", "UDPSend", "VarGetType", "WinActivate", "WinActive", "WinClose", "WinExists", "WinFlash", "WinGetCaretPos", "WinGetClassList", "WinGetClientSize", "WinGetHandle", "WinGetPos", "WinGetProcess", "WinGetState", "WinGetText", "WinGetTitle", "WinKill", "WinList", "WinMenuSelectItem", "WinMinimizeAll", "WinMinimizeAllUndo", "WinMove", "WinSetOnTop", "WinSetState", "WinSetTitle", "WinSetTrans", "WinWait", "WinWaitActive", "WinWaitClose", "WinWaitNotActive" ] def isblacklisted(part): blackliste = False for x in part.replace("("," ").replace(")", " ").replace("="," ").replace(",", " ").split(" "): for black in blacklist: if (x == black or black in x) and x != "": blackliste = True return blackliste maxlength=16#int(raw_input("max variable and function name random name length? (min 4) ")) filename="DarkKnight.au3"#raw_input(".au3 file: ") output="kek.au3"#raw_input("output file: ") varlen = 3 f=open(filename,"r") data=f.read().replace("\r","\n").replace("\n\n","\n") f.close() line = data.lower() functions = [] variables = [] newvalues = [] for line in data.split("\n"): if ";" in line: continue if "func " in line.lower() or "(" in line: try: funcname = line.replace("func","Func").split("Func ")[1].split("(")[0] if funcname not in functions and not isblacklisted(funcname): functions.append(funcname) except Exception as e: try: for varname in line.split("(")[1].split(")")[0].replace(" ", ",").split(","): if varname not in variables and not isblacklisted(varname): while varname.startswith(" "): varname[0] = "" varname = varname.split("(")[0].split("=")[0].replace("\"","").split("[")[0] if "$" not in varname and varname not in newvalues and not isblacklisted(varname): if len(varname) >= 5 and varname.lower() != "false" and varname.lower() != "true": newVal = "BinaryToString(\"0x" + varname.encode("HEX").upper() + "\")" if (varname+":::"+newVal) not in newvalues and not isblacklisted(varname): newvalues.append(varname+":::"+newVal) else: if varname not in variables and not isblacklisted(varname): variables.append(varname) continue except Exception as e: print str(e) if "$" in line and "=" in line or "[" in line and "\"\"" not in line: if "if " in line or "If " in line: line = line.replace("if ", "").replace("If ", "") line = line.replace("global ", "").replace("local ", "").replace("dim ", "").replace("Global ", "").replace("Local ", "").replace("Dim ", "").replace("ByRef ", "").split(" then")[0].split(" Then")[0] try: value = line.replace("$","").replace(" & ","&").replace("&=","=").replace(" = ","=").split("=")[-1] except Exception as e: print str(e) try: value = "'".join(value.split("'")[1:]).split("'")[0] except Exception as e: try: value = value.split("\"")[1].split("\"")[0] except Exception as e: print str(e) value = value.replace("\"","").split("=")[0].split("(")[0].replace("\"","").split("[")[0] if not isblacklisted(value): if len(value) >= varlen and value.lower() != "false" and value.lower() != "true" and value not in blacklist: newVal = "BinaryToString(\"0x" + value.encode("HEX").upper() + "\")" if (value+":::"+newVal) not in newvalues and not isblacklisted(value): newvalues.append(value+":::"+newVal) functions = list(set(functions)) variables = list(set(variables)) newvalues = list(set(newvalues)) print "Function names:" print "\n".join(functions) print print "Variable names:" print "\n".join(variables) print print "Variable values:" print "\n".join(newvalues) print print "Obfuscating...." f=open(output,"w") for var in variables: if len(var) >= varlen: data=data.replace(var, randstring(random.randrange(4,maxlength))) for func in functions: if len(func) >= varlen: data=data.replace(func, randstring(random.randrange(4,maxlength))) count = 0 for line in data.split("\n"): for count in xrange(0, len(newvalues) - 1): if not isblacklisted(newvalues[count].split(":::")[0]) and len(newvalues[count].split(":::")[0].replace("\"","'").replace("'","")) >= varlen: line = line.replace("\""+newvalues[count].split(":::")[0]+"\"", newvalues[count].split(":::")[1]).replace("'"+newvalues[count].split(":::")[0]+"'", newvalues[count].split(":::")[1]).replace(newvalues[count].split(":::")[0], newvalues[count].split(":::")[1]) if "$BinaryToString" in line or "\"BinaryToString" in line: fixed = "BinaryToString(\"0x" + "".join(newvalues[count].split(":::")[1].replace("\"BinaryToString","BinaryToString").replace("$BinaryToString","BinaryToString").split("BinaryToString(\"0x")[1:]).replace("\")\"", "\")") data = data.replace("\""+newvalues[count].split(":::")[0]+"\"", fixed).replace("'"+newvalues[count].split(":::")[0]+"'", fixed)#data.replace(newvalues[count].split(":::")[0], fixed) f.write(data) f.close() print "Output located at " + output