1 reply to this topic

[Sandstorm]

Hey there,
I was wondering what are the steps to null a script. I don't have anything handy as such but I would like to understand the logic behind it. Also, with nulling scripts how do you/can you unobsufscate code? (sorry my spelling is atrocious) and with that in mind, is there a way to make a script you have nearly null proof? I know nothing is anything proof, I simply wanted to know, that's all

Choa,

Sandstorm

[wwwd40]

There isnt a process that you can follow where a nulled script will drop out the end. (whitebox) You need to cold review the code and identify the techniques that are being used to protect the script author's copyright. This could be code that looks for a regitration file locally or via a call home to a remote server. Once you have identified and removed the protection you will then need to make sure that you havent broken anything fundamental in the script. (blackbox) Sandboxing the running script will help you identify anything that the script may be doing that falls outside of what you would expect it to be doing) - e.g. a phone home that you could alter (via the code, via hosts file, or via a firewall rule) to connect to your localhost instead.

Regarding code obfuscation, it depends how it has been obfuscated (use of whitespace, simple keyword substitution, self generating code). Normally some sort of encoding will have been used which can be easily reversed. Even with more advanced techniques, not script is null proof - obfuscation is another example of security by obscurity.

Personally, I think you are better off writing your own script that has the functionality you wanted to steal off someone, instead of ripping off some poor soul who is trying to make a small amount of cash by providing something useful to the community.