Archive: Direct encryption of the installer ?
Direct encryption of the installer ?
Is possible to make that the makensis build a encrypted installer executable ? Ths operation can be so easy made with the InnoSetup scripts when we add the ISCrypt.dll to the program.
Can we make the same but for the nsis ?
thx
Well, you could warp another installer around your actual installer. Then the "outer" installer would extract the "inner" installer to $TEMP at runtime, run it, wait for it to execute and finally delete it. The "outer" installer could use some kind of encryption plugin to protect the "inner" installer. But this doesn't solve the actual problem: The password for decrypting the "inner" installer has to be stored in the "outer" installer. Even if you use some kind obfuscation, the password could be obtained from Memory (as plain text) at runtime. And there's nothing you can do to prevent that. You still remember {_trueparuex^}'s post in your favorite thread? ^^
well LoRd_MuldeR, i also imagined that, but this is a dirty way to do the things. In my opinion of inno is able to do that, why the makensis (a superior tool) cant not to do the same ?
i think must exist some way to do with nsis !
Isn't Inno free and open source as well?
I am curious, if NSIS doesn't appear to meet your needs, and Inno does, why aren't you using Inno?
It sure isn't the cost thats holding you back...
So what is?
maybe you not understand what i mean.
The INNO thing is able to produce crypted installers. I just tried it and the universal extractor cant work with the exe installer.
If Inno Setup is able to encrypt the data, then it MUST be able to decrypt the data at runtime. Otherwise the installer would be useless! If Inno Setup is able to decrypt the data at runtime, then it must "know" the key (password) at runtime. Otherwise decryption would NOT be possible. If Inno Setup "knows" they key (password) at runtime, then the key MUST be stored in the installer EXE. No matter whether they store the key as plain text (what they most likely do NOT do) or wheter they use obfuscation to "hide" the key: There WILL be a way to obtain they key! Either from the EXE file itself or from a memory dump. Accept that fact...
Obviously you still don't understand the crux :rolleyes:
but the key is not exposed in a simpe universl extractor extraction !! is the important difference.
Originally posted by arfghIf you think that makes Inno Setup more secure, than you are mistaken! "Extracting" files from Inno Setup installers might be added to Universal Extractor or a similar tool the same way it was added for NSIS installer. Only somebody must be willing to implement it. And this might happen tomorrow. Last but not least a sophisticated "hacker" won't need a tool like Universal Extractor, just a HexEditor and his/her brain...
but the key is not exposed in a simpe universl extractor extraction !! is the important difference.
For Inno Setup there is the "Inno Setup Unpacker" almost official tool to unpack Inno installer.
http://innounp.sourceforge.net/
As for the ISCrypt.dll, is a library similar to Stu's Passdialog.dll, it adds a serial number page on the installer.
yes, you has the reason.
Then Red Wine what we can do ? exist some procedure to not expose passwords and keys in a extracted nsi file ?
Holy endless unbeatable childishness, we start over the same circle again. I give up... That's unbelievable! Nothing would make you understand, I just give up...
Yeah, I just can't tell if he is a troll egging us on, or whether he is really just this stubborn...
bit of both going on both threads involved i'd say.
-daz
I'd say both threads involved should be already nuked.
They serve nothing but annoyance.
Until compile time plug-ins are supported then you will have to make do with packing one installer in another. The other option is to rebuild NSIS with the constants changed so that decompilers no longer work.
This is an interesting topic which if you searched properly would have come across:
http://forums.winamp.com/showthread.php?threadid=245397
Stu
Stu, do you observe this conversation constantly? I have already mentioned the thread that you suggest with absolutely no success.
http://forums.winamp.com/showthread....44#post2366844
Not sure where this should go, so I'll just add it here...
As a test, I downloaded the Universal Extractor. I did some experiments with a very basic NSIS installer.
I was able to determine that it was not able to decompress/decompile files based on BZIP compression. While this is not technically a solution, it does provide a way to at least make it harder for someone to get your install files with very little effort. But, if you wanted to go further, than I'd suggest what has already been suggested by Afrow, Sheik, RedWine, LoRd_MuldeR, and others.
And for you curious types:
I discovered from the Universal Extractor web site that it's really nothing more than fancy script built with AutoIT. Basically, it's really just a fancy GUI to call various external applications to do the work.
[added]
Univeral extractor also includes InnoUnp, which means it also has the ability to extract Inno installation scripts. (hmm... :confused: )
[/added]
And (quoting Forest Gump):
That's all I have to say about that! :weird:
final conclusion. All this fact ruins the so good that the nsis is. At least for me !
Originally posted by arfghLOL That sounds serious! Would you bet on this?
final conclusion. All this fact ruins the so good that the nsis is. At least for me !
Comperio this "solution" about bzip compresion you told, is not valid. The last version of universal instaler extract a "script.bin" where the used passwords are exposed and all the strings used.
Red Wine, it means that the nsis is in fact so good, the best. But this other fact ruins it totally. Because Now we CANT make a serious work.
Please somebody close this thread :cry:
Remember; NSIS is free. None of us get paid to work on it and it is all down to free time that it is at the stage that it is today.
The 'final conclusion' is you cannot expect something to be implemented into NSIS by others when you're really the only user that needs the functionality. When you are the only user requiring something then it is down to you not us to implement it.
Also comparing NSIS to other install solutions (therefore 'ruining' NSIS as it lacks something that the other install solution has) is not going to get anything done either.
Stu