I have searched far and wide for a way to compile my .hta file (and resources) to a .exe file.
There are plenty of applications that claim to be able to do this - but they have not worked for this application - which is a mixture of javascript and VB.
Simply, (and naively,) I don't want people looking at / screwing with the code. Any suggestions or solutions would be greatly appreciated.
EDIT: Of course, I understand that javascript and VB are not "compilable" since they are interpreted languages. I am just looking for a way to truly hide the source.
I have searched far and wide for a way to compile my .hta file (and resources) to a .exe file.
There are plenty of applications that claim to be able to do this - but they have not worked for this application - which is a mixture of javascript and VB.
Simply, (and naively,) I don't want people looking at / screwing with the code. Any suggestions or solutions would be greatly appreciated.
EDIT: Of course, I understand that javascript and VB are not "compilable" since they are interpreted languages. I am just looking for a way to truly hide the source.
Share Improve this question edited Apr 14, 2012 at 21:36 Joel Coehoorn 416k114 gold badges578 silver badges813 bronze badges asked Oct 20, 2010 at 15:05 devinpleulerdevinpleuler 1631 gold badge2 silver badges10 bronze badges 2- If you converth the vbscript portions to jscript, you could then run all the code through a compressor such as Google's closure compiler or the YUI compressor. Those would do a decent job of obfuscating the code. – jimbo Commented Oct 20, 2010 at 15:20
- Yes, I have looked at compressing the code. I see this as a last case scenario. While it isn't 'secure', it would certainly help deter reverse engineering. – devinpleuler Commented Oct 20, 2010 at 20:21
6 Answers
Reset to default 3HTAEdit, which comes bundled with VBSedit, does not truly hide the hta code. At run time, it extracts the original hta file to a subdirectory in %temp% and passes it off to mshta.exe to execute. The converted exe's created by VBSedit don't seem to do this as far as I can tell.
Try using VBSedit, it definitely works for converting both vbs and hta to exe
You can "compile to exe" by simply wrapping the HTA into an executable which knows how to setup the HTA context/window.
The most trivial approach (which sounds like ExeScript) is to simply extract the HTA/resources first and then execute them. One could theoretically do this without temporary files by injecting data into a running IE context, but the task becomes more difficult. The internal JS may or may not be obfuscated and the wrapper may or may not add an additional layer of obfuscation/"encryption". (PayMo, and I am sure there are others, uses a wrapped context approach to distribute a single runnable exe).
If protecting "intellectual property" is the goal, hire a good lawyer :-)
I'm not sure about compiling to an exe - but if you minify & obfuscate your source code, unless you've got something incredibly valuable, it'd be a huge job to reverse-engineer.
http://developer.yahoo.com/yui/compressor/
Good luck.
You don't need a compiler, you need an encryptor/decryptor, like my project (under construction), the CFS project (Cryptographica File Security).
My clue is to create VBScript or JScript file for HTA to be dynamically spawned by. So you compile not HTA, but the script. This approach meets your security requirements much better than HTA packed to SFX.
Prepare the resources first - import to HTA all external files: scripts, stylesheets, and images (base64-encoded), to make your HTA standalone app. Then create eg VBScript file, and copy all HTML content from your HTA to the string variable in the script, replacing new line and tab symbols to " & vbCrLf & " and " & vbTab & ". Add code to create HTA window dynamically, .write() that string variable to the window's document, and quit script.
Note that Window_OnLoad() may not work properly due to pushing the content to window, that was already loaded.
Then just encrypt your completed VBScript to exe (using true encrypting utility, eg Primal Script 2012, ExeScript, VbsEdit or ScriptCryptor). And change icon with PE Explorer.
All that will take some time, but it is worth doing.
UPD: Here is an example of prepared script by the link.