#include-once #include #include #include #include ; Configuration - Base Key for this specific version! Global Const $APP_VERSION = "1.05" Global Const $LICENSE_AES_BASE_KEY = "7C4A8D09CA3762AF61E59520943DC26494F8941B" ; 32 byte Hex key Global Const $LICENSE_AES_IV = "2B7E151628AED2A6ABF7158809CF4F3C" ; 16 byte Hex IV Global Const $REGISTRY_PATH = "HKCU\Software\MyAutoItSaaS" Global $g_iGlobalUnixTime = 0 Global $g_sGlobalDate = "" ;---------------------------------------------------------------------------------------- ; Function Name: _License_TimeSync ; Description: Fetches global time, sets global variables, prevents local clock tampering. ;---------------------------------------------------------------------------------------- Func _License_TimeSync() Local $oHTTP = ObjCreate("WinHttp.WinHttpRequest.5.1") $oHTTP.Open("GET", "http://worldtimeapi.org/api/timezone/Etc/UTC", False) $oHTTP.Send() Local $sResponse = $oHTTP.ResponseText ; Parse unixtime Local $sUnixTime = StringRegExpReplace($sResponse, '.*"unixtime"\s*:\s*(\d+).*', "$1") If @extended = 0 Then Return SetError(1, 0, False) ; Parse datetime (e.g. "2026-07-06T00:00:00.000Z") Local $sDateTime = StringRegExpReplace($sResponse, '.*"datetime"\s*:\s*"([^"]+)".*', "$1") Local $sDate = StringLeft($sDateTime, 10) ; YYYY-MM-DD $g_iGlobalUnixTime = Int($sUnixTime) $g_sGlobalDate = $sDate ; Optional: Compare with local time to detect large discrepancies Local $sLocalTime = _Date_Time_GetSystemTime() ; ... implementation of check can be added ... Return True EndFunc ;---------------------------------------------------------------------------------------- ; Function Name: _CalculateMathMetric ; Description: Anti-Patching mathematical obfuscation to verify server response. ;---------------------------------------------------------------------------------------- Func _CalculateMathMetric($sPayload) Local $iResult = 0 Local $aChars = StringSplit($sPayload, "") For $i = 1 To $aChars[0] Local $iCharVal = Asc($aChars[$i]) ; Modulo 1000000 $iResult = Mod($iResult + ($iCharVal * $i), 1000000) ; Bitwise XOR $iResult = BitXOR($iResult, $iCharVal) Next Return $iResult EndFunc ;---------------------------------------------------------------------------------------- ; Function Name: _License_GetHWID ; Description: Generates a unique hardware ID based on CPU, Baseboard, and Volume Serial. ;---------------------------------------------------------------------------------------- Func _License_GetHWID() Local $oWMIService = ObjGet("winmgmts:\\localhost\root\CIMV2") Local $sCPU = "", $sBaseboard = "", $sVolume = "" If IsObj($oWMIService) Then Local $colItems = $oWMIService.ExecQuery("SELECT ProcessorId FROM Win32_Processor", "WQL", 0x30) If IsObj($colItems) Then For $objItem In $colItems $sCPU = $objItem.ProcessorId ExitLoop Next EndIf $colItems = $oWMIService.ExecQuery("SELECT SerialNumber FROM Win32_BaseBoard", "WQL", 0x30) If IsObj($colItems) Then For $objItem In $colItems $sBaseboard = $objItem.SerialNumber ExitLoop Next EndIf $colItems = $oWMIService.ExecQuery("SELECT VolumeSerialNumber FROM Win32_LogicalDisk WHERE DeviceID='C:'", "WQL", 0x30) If IsObj($colItems) Then For $objItem In $colItems $sVolume = $objItem.VolumeSerialNumber ExitLoop Next EndIf EndIf _Crypt_Startup() Local $sRaw = $sCPU & "-" & $sBaseboard & "-" & $sVolume Local $bHash = _Crypt_HashData($sRaw, $CALG_SHA_256) _Crypt_Shutdown() Return StringUpper(StringTrimLeft($bHash, 2)) EndFunc ;---------------------------------------------------------------------------------------- ; Internal Function: _License_PostRequest ; Description: Handles Dynamic Key generation, Encryption, Request, Decryption, Math Check. ;---------------------------------------------------------------------------------------- Func _License_PostRequest($sUrl, $sJsonPayload) If $g_iGlobalUnixTime = 0 Then If Not _License_TimeSync() Then Return SetError(2, 0, False) EndIf ; 1. Generate Daily Mutated Dynamic Key: SHA256(BaseKey + YYYY-MM-DD) _Crypt_Startup() Local $bDynamicKeyRaw = _Crypt_HashData(Binary("0x" & $LICENSE_AES_BASE_KEY) & StringToBinary($g_sGlobalDate), $CALG_SHA_256) Local $bKey = $bDynamicKeyRaw Local $bIV = Binary("0x" & $LICENSE_AES_IV) ; Calculate our local math metric BEFORE encryption Local $iLocalMathResult = _CalculateMathMetric($sJsonPayload) ; 2. Encrypt Payload Local $bEncrypted = _Crypt_EncryptData($sJsonPayload, $bKey, $CALG_AES_256) Local $sBase64Payload = _Base64Encode($bEncrypted) _Crypt_Shutdown() ; 3. Prepare POST Request (Wrapping encrypted payload with plaintext version) Local $sRequest = '{"version":"' & $APP_VERSION & '","payload":"' & $sBase64Payload & '"}' Local $oHTTP = ObjCreate("WinHttp.WinHttpRequest.5.1") $oHTTP.Open("POST", $sUrl, False) $oHTTP.SetRequestHeader("Content-Type", "application/json") $oHTTP.Send($sRequest) Local $sResponse = $oHTTP.ResponseText ; Extract payload from response Local $sEncryptedResponse = StringRegExpReplace($sResponse, '.*"payload"\s*:\s*"([^"]+)".*', "$1") If @extended = 0 Then Return SetError(1, 0, False) ; 4. Decrypt Response Local $bDecoded = _Base64Decode($sEncryptedResponse) _Crypt_Startup() Local $bDecrypted = _Crypt_DecryptData($bDecoded, $bKey, $CALG_AES_256) _Crypt_Shutdown() Local $sDecryptedJson = BinaryToString($bDecrypted, 4) ; 5. Verify the Server Checksum (Anti-Spoofing & Anti-Patching) Local $iServerMathResult = Int(StringRegExpReplace($sDecryptedJson, '.*"math_result"\s*:\s*(\d+).*', "$1")) If $iServerMathResult <> $iLocalMathResult Then MsgBox(16, "Security Error", "Server Verification Failed (Code: Math Metric Mismatch).") Exit ; Instant kill if spoofed/patched EndIf ; 6. Verify Server Timestamp (Anti-Replay) Local $iServerTimestamp = Int(StringRegExpReplace($sDecryptedJson, '.*"timestamp"\s*:\s*(\d+).*', "$1")) If Abs($g_iGlobalUnixTime - $iServerTimestamp) > 120 Then MsgBox(16, "Security Error", "Server Verification Failed (Code: Replay Attack).") Exit EndIf Return $sDecryptedJson EndFunc ;---------------------------------------------------------------------------------------- ; Function Name: _License_Activate ;---------------------------------------------------------------------------------------- Func _License_Activate($sUrl, $sActivationKey) If Not _License_TimeSync() Then Return False Local $sHWID = _License_GetHWID() Local $sJson = '{"activation_key":"' & $sActivationKey & '","hwid":"' & $sHWID & '","os_version":"' & @OSVersion & '","timestamp":' & $g_iGlobalUnixTime & '}' Local $sResponse = _License_PostRequest($sUrl & "/api/activate.php", $sJson) If $sResponse = False Then Return False ; Check for business error If StringInStr($sResponse, '"error":true') Then Local $sError = StringRegExpReplace($sResponse, '.*"message"\s*:\s*"([^"]+)".*', "$1") MsgBox(16, "Activation Error", $sError) Return False EndIf ; Extract auth_token Local $sToken = StringRegExpReplace($sResponse, '.*"auth_token"\s*:\s*"([^"]+)".*', "$1") ; Encrypt and save token locally _Crypt_Startup() Local $bEncryptedToken = _Crypt_EncryptData($sToken, "LocalSecurePassword123!", $CALG_AES_256) _Crypt_Shutdown() Local $sTokenFile = @AppDataDir & "\MyApp_License.dat" FileDelete($sTokenFile) FileWrite($sTokenFile, $bEncryptedToken) ; Write to Registry RegWrite($REGISTRY_PATH, "InstallPath", "REG_SZ", @ScriptDir) RegWrite($REGISTRY_PATH, "Version", "REG_SZ", $APP_VERSION) RegWrite($REGISTRY_PATH, "TokenPath", "REG_SZ", $sTokenFile) Return True EndFunc ;---------------------------------------------------------------------------------------- ; Function Name: _License_Verify ;---------------------------------------------------------------------------------------- Func _License_Verify($sUrl) If Not _License_TimeSync() Then Return False Local $sTokenFile = RegRead($REGISTRY_PATH, "TokenPath") If Not FileExists($sTokenFile) Then Return False Local $bEncryptedToken = FileRead($sTokenFile) _Crypt_Startup() Local $bToken = _Crypt_DecryptData($bEncryptedToken, "LocalSecurePassword123!", $CALG_AES_256) _Crypt_Shutdown() Local $sToken = BinaryToString($bToken) Local $sHWID = _License_GetHWID() Local $sJson = '{"auth_token":"' & $sToken & '","hwid":"' & $sHWID & '","timestamp":' & $g_iGlobalUnixTime & '}' Local $sResponse = _License_PostRequest($sUrl & "/api/verify.php", $sJson) If $sResponse = False Then Return False If StringInStr($sResponse, '"error":true') Then Local $sError = StringRegExpReplace($sResponse, '.*"message"\s*:\s*"([^"]+)".*', "$1") MsgBox(16, "License Error", $sError) Return False EndIf Return True EndFunc ;---------------------------------------------------------------------------------------- ; Function Name: _License_CheckUpdate ;---------------------------------------------------------------------------------------- Func _License_CheckUpdate($sUrl) If Not _License_TimeSync() Then Return False Local $sJson = '{"client_version":"' & $APP_VERSION & '","timestamp":' & $g_iGlobalUnixTime & '}' Local $sResponse = _License_PostRequest($sUrl & "/api/update_check.php", $sJson) If $sResponse = False Then Return False If StringInStr($sResponse, '"update_available":true') Then Local $sNewUrl = StringRegExpReplace($sResponse, '.*"download_url"\s*:\s*"([^"]+)".*', "$1") Local $sHash = StringRegExpReplace($sResponse, '.*"file_hash"\s*:\s*"([^"]+)".*', "$1") MsgBox(64, "Update Available", "A new version is available. Setup auto-updater to download: " & $sNewUrl & " and verify SHA256: " & $sHash) ; Implementation of download & hash check & batch script restart goes here Return True EndIf Return False EndFunc ; Basic Base64 Helper Functions Func _Base64Encode($bData) Local $oXml = ObjCreate("Msxml2.DOMDocument") Local $oEl = $oXml.createElement("b64") $oEl.dataType = "bin.base64" $oEl.nodeTypedValue = $bData Return StringReplace($oEl.text, @CRLF, "") EndFunc Func _Base64Decode($sB64) Local $oXml = ObjCreate("Msxml2.DOMDocument") Local $oEl = $oXml.createElement("b64") $oEl.dataType = "bin.base64" $oEl.text = $sB64 Return $oEl.nodeTypedValue EndFunc