Best way to obfuscate a Batch File?

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Message
Author
PaperTronics
Posts: 118
Joined: 02 Apr 2017 06:11

Best way to obfuscate a Batch File?

#1 Post by PaperTronics » 29 Jul 2017 02:20

Hey Everyone!

Today, one of my non-programmer friends asked me if I could make a program which asks for the username and password when the computer starts up. I told him that it was a piece of cake for me... until he added, "I also want it's code to be incomprehensible". So I figured that I should obfuscate the batch file. But what's the best way to do it?

I don't care if the method to obfuscate it takes a lot of time, I just need the batch file to be secure so that other's can't edit the code and figure out the password.


Any help is greatly appreciated!
PaperTronics

aGerman
Expert
Posts: 3643
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Best way to obfuscate a Batch File?

#2 Post by aGerman » 29 Jul 2017 04:05

First of all thank you for using "obfuscate" instead of "encode" or "encrypt". Any attempt to securely use a password in a batch code is doomed to failure!
Obfuscated or not - somewhere in your code you will have a line like that:
if [input]==[password] ([success]) else [error]
It doesnt matter if you might have your password obfuscated or if you might have used a hash instead or if you might have read the password from a remote file. All you have to do is to remove the comparison from the batch code.

There are already dozens of possibilities using variables to obfuscate batch code. There are those bat2exe thingies that compress the code in a container (but will unpack it to the original code and execute it).

That's another funny possibility. It doesn't even obfuscate the code. It only confuses your editor if you try to open the batch file :wink:

Code: Select all

@echo off
if "%~1"=="" exit /b
if /i "%~x1" neq ".bat" if /i "%~x1" neq ".cmd" exit /b
for /f %%i in ("certutil.exe") do if not exist "%%~$path:i" (
  echo CertUtil.exe not found.
  pause
  exit /b
)
>"temp.~b64" echo(//4mY2xzDQo=
certutil.exe -f -decode "temp.~b64" "%~n1___%~x1"
del "temp.~b64"
copy "%~n1___%~x1" /b + "%~1" /b


Drag/drop your file to it. It creates a new batch file with 3 underscores appended to the name. Try to open it in a text editor. You should see any kind of Chinese characters.
If you open it in a HEX editor you'll see how it works - it prepends an FF FE Byte Order Mark (that leads to parse the code as UTF-16 LE in a text editor) + CLS to remove the error message that cmd.exe will throw.

Steffen

ShadowThief
Expert
Posts: 894
Joined: 06 Sep 2013 21:28
Location: Virginia, United States

Re: Best way to obfuscate a Batch File?

#3 Post by ShadowThief » 29 Jul 2017 08:12

I immediately thought of this: viewtopic.php?f=3&t=4876

aGerman
Expert
Posts: 3643
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Best way to obfuscate a Batch File?

#4 Post by aGerman » 29 Jul 2017 09:28

Yeah but I was rather thinking about something like that:

Code: Select all

@echo off &setlocal EnableDelayedExpansion
%=sun%set% in the morning% "%tim%e="& %is not %for %%i%diotic% i%nsura%n%ces% (b%ut% c%oul% d%n't% f%i% g%ure out% h%ow% j%ournalists% %ma%k%e% l%ong% m%anuscripts % n%asty% %up%p%ercase% %e%q%ual% %signs ma%r%k% %seriou%s %=tex%t%ual% v%iolation% %=no%w%here% %are e%x%tra% % o%z%one layers%) %=please% do %not fight% for %%j%ulian's incompetence% i%n batch codi%n%g% (%=this guy f%a%ils% e%very time &% %c o n t %i %n u% o u %s l% y) %=rather%do %=un%set "%elem%e%nts%=!e%nergy%!%%i%n%%%j%ourney trips%"

%bab%%e:~15,2%%=o bab%%e:~66,2% ^
%don't scar%!%e:~195,1%!%me away%
%sh%%e:~132,2%%doesn't let m%%e:~213,1%%se%%e:~170,2%%her smile%

The code defines a variable e in a nested FOR loop and prints its content. Using substrings of e and undefined variables you can obfuscate the code. A human brain will always try to read known words in it.

Steffen

Hackoo
Posts: 63
Joined: 15 Apr 2014 17:59

Re: Best way to obfuscate a Batch File?

#5 Post by Hackoo » 29 Jul 2017 11:43

aGerman wrote:First of all thank you for using "obfuscate" instead of "encode" or "encrypt". Any attempt to securely use a password in a batch code is doomed to failure!
Obfuscated or not - somewhere in your code you will have a line like that:
if [input]==[password] ([success]) else [error]
It doesnt matter if you might have your password obfuscated or if you might have used a hash instead or if you might have read the password from a remote file. All you have to do is to remove the comparison from the batch code.

There are already dozens of possibilities using variables to obfuscate batch code. There are those bat2exe thingies that compress the code in a container (but will unpack it to the original code and execute it).

That's another funny possibility. It doesn't even obfuscate the code. It only confuses your editor if you try to open the batch file :wink:

Code: Select all

@echo off
if "%~1"=="" exit /b
if /i "%~x1" neq ".bat" if /i "%~x1" neq ".cmd" exit /b
for /f %%i in ("certutil.exe") do if not exist "%%~$path:i" (
  echo CertUtil.exe not found.
  pause
  exit /b
)
>"temp.~b64" echo(//4mY2xzDQo=
certutil.exe -f -decode "temp.~b64" "%~n1___%~x1"
del "temp.~b64"
copy "%~n1___%~x1" /b + "%~1" /b


Drag/drop your file to it. It creates a new batch file with 3 underscores appended to the name. Try to open it in a text editor. You should see any kind of Chinese characters.
If you open it in a HEX editor you'll see how it works - it prepends an FF FE Byte Order Mark (that leads to parse the code as UTF-16 LE in a text editor) + CLS to remove the error message that cmd.exe will throw.

Steffen

I like this method :wink:
I wonder how we can get back the original batch file by programming ?
Is there any methods like this one to do for *.vbs or *.hta codes
Thank you !

aGerman
Expert
Posts: 3643
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Best way to obfuscate a Batch File?

#6 Post by aGerman » 29 Jul 2017 13:03

Hackoo wrote:I like this method :wink:
I wonder how we can get back the original batch file by programming ?
The prepended line in a HEX editor is
FF FE 26 63 6C 73 0D 0A
As you can see it's 8 characters. Just let PAUSE eat them.

Code: Select all

@echo off &setlocal
if "%~1"=="" exit /b
if /i "%~x1" neq ".bat" if /i "%~x1" neq ".cmd" exit /b
<"%~1" ((for /l %%N in (1 1 8) do pause)>nul&findstr "^">"%~n1___%~x1")
Again drag/drop the changed batch file onto it.

Hackoo wrote:Is there any methods like this one to do for *.vbs or *.hta codes
Thank you !
At least not that I know.

Steffen

penpen
Expert
Posts: 1697
Joined: 23 Jun 2013 06:15
Location: Germany

Re: Best way to obfuscate a Batch File?

#7 Post by penpen » 29 Jul 2017 16:49

aGerman wrote:Any attempt to securely use a password in a batch code is doomed to failure!
Obfuscated or not - somewhere in your code you will have a line like that:
if [input]==[password] ([success]) else [error]
It doesnt matter if you might have your password obfuscated or if you might have used a hash instead or if you might have read the password from a remote file. All you have to do is to remove the comparison from the batch code.
I disagree.
You could use use the password as a key to decrypt the batch source, append it to the end of the batch file (after an eof character), and use copy to remove the part after the sub. The appended source must have a label ":access", so it can be called.

So you would get a batch like this (sketched only):

Code: Select all

@echo off
setlocal enableExtensions enableDelayedExpansion
call :main
goto :eof

:access
echo(Login or password incorrect.
goto :eof

:main
set /P "login=Login   :"
set /P "password=Password:"

call :computeHash login
>>"%~f0" call :decrypt hash password
call :access
copy /a "%~f0" /a "dummy"
copy /a "dummy" /a  "%~f0"
del "dummy"
goto :eof

:computeHash
:: "%~1" value
:: "%~2" hash
...

:decrypt
:: "%~1" database entry
:: "%~2" key
echo(EOF-character
echo(deccrypted database antry
goto :eof

:: database

#hash(login1)
:: encrypted batch source using key: password1
:: maybe encoded in base64, or similar

:: ...

#hash(loginN)
:: encrypted batch source using key: passwordN

If someone doesn't know the right password, then the decryption fails, and the :access label above is used, which is useless for an attacker.
But you need to add the enrypted batch file per login and password (so it probably grows very quick).
You also need some de-/crypt software which accepts strings as keys.


penpen

aGerman
Expert
Posts: 3643
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Best way to obfuscate a Batch File?

#8 Post by aGerman » 29 Jul 2017 18:06

Don't get me wrong but what would be the benefit to use that kind of batch code? You would need 3rd party tools to do the work for you. Thus, you could just use the command line interface of software like TrueCrypt and you're done :wink:

Steffen

penpen
Expert
Posts: 1697
Joined: 23 Jun 2013 06:15
Location: Germany

Re: Best way to obfuscate a Batch File?

#9 Post by penpen » 30 Jul 2017 01:34

Such batch code would contain completely hidden (to third eyes) parts and is securely using a login and password, which is mainly an academic proof, that this is possible.
You may need third party tools, but these also could be written completely in batch, so all could be done without installing anything:
- MD5
- AES.
But you would need to modify "aes.bat" and "aescore.bat", because you don't want to write the key (== password) to hdd.


penpen

Hackoo
Posts: 63
Joined: 15 Apr 2014 17:59

Re: Best way to obfuscate a Batch File?

#10 Post by Hackoo » 30 Jul 2017 06:25

aGerman wrote:
Hackoo wrote:I like this method :wink:
I wonder how we can get back the original batch file by programming ?
The prepended line in a HEX editor is
FF FE 26 63 6C 73 0D 0A
As you can see it's 8 characters. Just let PAUSE eat them.

Code: Select all

@echo off &setlocal
if "%~1"=="" exit /b
if /i "%~x1" neq ".bat" if /i "%~x1" neq ".cmd" exit /b
<"%~1" ((for /l %%N in (1 1 8) do pause)>nul&findstr "^">"%~n1___%~x1")
Again drag/drop the changed batch file onto it.
Steffen

I don't know why it dosen't work on my PC (windows 7 64 bits french version)
The console freezes and findstr is still working, but i got nothing ?

aGerman
Expert
Posts: 3643
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Best way to obfuscate a Batch File?

#11 Post by aGerman » 30 Jul 2017 08:54

I don't have access to a Win7 PC before tomorrow. Meanwhile you could try to replace the last line with

Code: Select all

<"%~1" (set /p "="&findstr "^">"%~n1___%~x1")
It will discard the first line of the dropped batch code which is the same as discarding character-wise in this case.

Steffen

PaperTronics
Posts: 118
Joined: 02 Apr 2017 06:11

Re: Best way to obfuscate a Batch File?

#12 Post by PaperTronics » 30 Jul 2017 13:00

Hey everyone!

Sorry for my late reply, I've been busy these few days. I still haven't checked out any methods yet since I didn't get the time to. As soon as I'm finished with my work I'll test each and every method and tell you guys which one works for me and my friend.



PaperTronics

aGerman
Expert
Posts: 3643
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Best way to obfuscate a Batch File?

#13 Post by aGerman » 31 Jul 2017 06:19

@Hackoo

Works for me on Win7 x64. Make sure your batch file doesn't have the same name as any of the used commands. If that isn't the case please give a short explanation how to reproduce the failure.

Steffen

Hackoo
Posts: 63
Joined: 15 Apr 2014 17:59

Re: Best way to obfuscate a Batch File?

#14 Post by Hackoo » 31 Jul 2017 09:23

aGerman wrote:@Hackoo
Works for me on Win7 x64. Make sure your batch file doesn't have the same name as any of the used commands. If that isn't the case please give a short explanation how to reproduce the failure.
Steffen

@Steffen
I modified the code like this one and it works now like a charm for me :mrgreen:

Code: Select all

@echo off
if "%~1"=="" exit /b
if /i "%~x1" neq ".bat" if /i "%~x1" neq ".cmd" exit /b
if exist "%~n1___%~x1" del "%~n1___%~x1"
for /f "skip=1 delims=" %%L in ('CMD /U /C Type "%~1"') do (
   echo %%L
   echo %%L >>"%~n1___%~x1"
)
pause>nul

aGerman
Expert
Posts: 3643
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Best way to obfuscate a Batch File?

#15 Post by aGerman » 31 Jul 2017 09:37

Good to know. Although it doesn't explain why the other techniques failed.

Steffen

Post Reply