Best way to obfuscate a Batch File?

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Message
Author
penpen
Expert
Posts: 1991
Joined: 23 Jun 2013 06:15
Location: Germany

Re: Best way to obfuscate a Batch File?

#46 Post by penpen » 01 Sep 2017 19:40

Kvc wrote:But, Are you sure - it is not the problem of having java installed in the PC? (just curious)
Java and JavaScript are different languages at all:
So you don't need to install Java, and even if you would do so, it won't help:

Beside this Daves javascript code is created to be run by the JScript Engine of the Windows Scripting Host (WSH).
I think this should state for most of the java script snipplets here on dostips.
Because of that the batch files execute such scripts using "cscript.exe" (or "wscipt.exe").

I don't know if any other JavaScript scripting engine is able to access the needed COM interfaces of the WSH, but i doubt it.

If i remember right, then the WSH should be preinstalled on any system since Windows XP.
If i'm wrong, then you have to install the .NET-Framework under Windows XP, but it is preinstalled since Windows Vista.

Sidenotes:
JScript is Microsoft's dialect of the ECMAScript.
ECMAScript is standardized JavaScript.


penpen

PaperTronics
Posts: 118
Joined: 02 Apr 2017 06:11

Re: Best way to obfuscate a Batch File?

#47 Post by PaperTronics » 02 Sep 2017 03:13

I'm sorry for my act of foolishness back at my previous reply.

I thought that the whole JS and Batch code of the ObfuscateBat plugin would need to be changed, so that's why I asked Dave to do it himself, since he knows how the Batch File works better than me.

But since Dave cleared my doubt now, that only 1 dot would solve the problem, I take back my request and I apologize for any of my mistake.




PaperTronics

Squashman
Expert
Posts: 4465
Joined: 23 Dec 2011 13:59

Re: Best way to obfuscate a Batch File?

#48 Post by Squashman » 02 Sep 2017 11:25

Kvc wrote:.But, Are you sure - it is not the problem of having java installed in the PC? (just curious)


Why is this even remotely Dave's problem or even be of his concern?

Kvc
Posts: 26
Joined: 13 Jun 2017 06:44
Location: India
Contact:

Re: Best way to obfuscate a Batch File?

#49 Post by Kvc » 02 Sep 2017 21:08

Squashman wrote:Why is this even remotely Dave's problem or even be of his concern?


Asking for help doesn't make my problem yours... You have the right to refuse to help.
If I'm trying to help others differently - from the different website... doesn't make me an alien from another planet. I'm also a regular guy as you all. And, as I've said earlier in the first message...

Pardon me for Bothering you all...


Is there any problem with me asking questions? Or You it is just about I'm the new guy? :roll:

We were born into this world with no sense of what we could or couldn't do. Then, bit by bit, life started to teach you how to fight our own battle. Learn to deal with the inner negative voice, flip a weakness into a strength, be our own motivational coach and develop our super powers. The last laugh is ours.

Kvc
Posts: 26
Joined: 13 Jun 2017 06:44
Location: India
Contact:

Re: Best way to obfuscate a Batch File?

#50 Post by Kvc » 03 Sep 2017 05:01

@penpen
Woah.... I Didn't know that... Now I understand little about the things around... I really appreciate. Thanks for your time. :)

cya
Posts: 2
Joined: 30 Sep 2017 05:18

Re: Best way to obfuscate a Batch File?

#51 Post by cya » 02 Oct 2017 03:17

@aGerman
hi steffen, your method to prepend hex bytes to a batch file was really interesting.
1) is there any table to use Korean, French, Russian, Lithuanian, Danish, Swedish charset instead of Chinese?
2) is there any possibility to prepend this hex bytes to a file, straightly, without relying on certutil?(to avoid errors on different systems), even I have some program that can add some bytes to a file, I tried to add 'FF FE 26 63 6C 73 0D 0A' to a simple text file, but it didn't work. I think adding hex bytes is probably different.
Any way, if there is a way to add these bytes to a file, straightly and automatically from batch or a program please explain... .

Thank you very much, for your interesting info

aGerman
Expert
Posts: 4654
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Best way to obfuscate a Batch File?

#52 Post by aGerman » 02 Oct 2017 04:52

cya wrote:1) is there any table to use Korean, French, Russian, Lithuanian, Danish, Swedish charset instead of Chinese?

No. Prepending the Byte Order Mark to the text does not change the text itself. As I said it's still perfectly readable in a HEX editor. Only the text editor interprets now two bytes each as a character instead of only one. As you may have noticed not all resulting characters are Chinese characters. It always depends on the original text.

cya wrote:2) is there any possibility to prepend this hex bytes to a file, straightly, without relying on certutil?(to avoid errors on different systems)

The reason why I used certutil is to avoid errors on different systems. More specific - to avoid errors on systems with different locale settings.
If (and only if) the codepage used by your text editor is Windows-1252 the following code may work to write the UTF-16 LE BOM to a file

Code: Select all

set "filename=test.txt"
:: save the current OEM codepage
for /f "tokens=2 delims=:" %%i in ('chcp') do set /a oemcp = %%~ni
:: switch to Windows-1252
chcp 1252>nul
:: create the Byte Order Mark (UTF-16 little endian)
>"%filename%" set /p "=ÿþ"<nul
:: switch back to OEM
chcp %oemcp%>nul

Now you can append the content of another file to test.txt.

Steffen

cya
Posts: 2
Joined: 30 Sep 2017 05:18

Re: Best way to obfuscate a Batch File?

#53 Post by cya » 05 Oct 2017 02:01

@aGerman Thank you for your precious information and also your time.
is the following code, right? (without automatic saving and switching back to current code page)


Code: Select all

@echo off
chcp 1252>nul
echo "ÿþ">c:\file.txt    ----(some thing simple like this needed, why should I [set /p "=ÿþ"<nul >"c:\test.txt"])
chcp 437>nul
echo hi>>c:\test.txt
exit


thanks
Last edited by Squashman on 05 Oct 2017 08:29, edited 1 time in total.
Reason: MOD EDIT: Please use CODE tags.

aGerman
Expert
Posts: 4654
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Best way to obfuscate a Batch File?

#54 Post by aGerman » 05 Oct 2017 12:33

cya wrote:why should I

Because ECHO always creates a line break at the end while SET /P ... <NUL does not.

Steffen

dbenham
Expert
Posts: 2461
Joined: 12 Feb 2011 21:02
Location: United States (east coast)

Re: Best way to obfuscate a Batch File?

#55 Post by dbenham » 11 Oct 2017 10:49

I modified my obfuscateBatch.bat script to better obscure the character mapping at the top of the resultant obfuscated code.

Version 1.2 is available at viewtopic.php?f=3&t=7990&p=53278#p53278

Here are the original lines at the top of the obfuscated file that make it pretty easy (but very tedious) to translate the code

Code: Select all

set "@lo@= !#$&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~""
set "@hi@=¡¢¤¥§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ£"


And here is the modified form from version 1.2 that better obscures the mapping:

Code: Select all

set "@lo@= !#$&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~""
set "@hi@=%=%¡%=%¢%=%¤%=%¥%=%§%=%¨%=%©%=%ª%=%«%=%¬%=%­%=%®%=%¯%=%°%=%±%=%²%=%³%=%´%=%µ%=%¶%=%·%=%¸%=%¹%=%º%=%»%=%¼%=%½%=%¾%=%¿%=%À%=%Á%=%Â%=%Ã%=%Ä%=%Å%=%Æ%=%Ç%=%È%=%É%=%Ê%=%Ë%=%Ì%=%Í%=%Î%=%Ï%=%Ð%=%Ñ%=%Ò%=%Ó%=%Ô%=%Õ%=%Ö%=%×%=%Ø%=%Ù%=%Ú%=%Û%=%Ü%=%Ý%=%Þ%=%ß%=%à%=%á%=%â%=%ã%=%ä%=%å%=%æ%=%ç%=%è%=%é%=%ê%=%ë%=%ì%=%í%=%î%=%ï%=%ð%=%ñ%=%ò%=%ó%=%ô%=%õ%=%ö%=%÷%=%ø%=%ù%=%ú%=%û%=%ü%=%ý%=%þ%=%ÿ%=%£%=%"


Dave Benham

Squashman
Expert
Posts: 4465
Joined: 23 Dec 2011 13:59

Re: Best way to obfuscate a Batch File?

#56 Post by Squashman » 11 Oct 2017 11:46

Dave, I started working on creating the decoding of the obfuscated batch file into a second batch file and put a call to that batch file.

Mybatobfuscated.bat

Code: Select all

@echo off
if defined @lo@ goto ¡
CALL Unobfuscate.bat "%0" "%~1"
exit /b


%Á%%æ%%ä%%é%%ð%%¡%%ð%%ç%%ç%
%ô%%æ%%õ%%í%%ð%%ä%%â%%í%%¡%%æ%%ï%%â%%ã%%í%%æ%%å%%æ%%í%%â%%ú%%æ%%å%%æ%%ù%%ñ%%â%%ï%%ô%%ê%%ð%%ï%

%Ó%%Æ%%Î%%¡%%ô%%æ%%õ%%¡%%ç%%ê%%í%%æ%%¡%%ï%%â%%î%%æ%
%ô%%æ%%õ%%¡%%£%%ç%%ï%%¾%%~n1%£%
.............. truncated for brevity

And then the Unobfuscate.bat

Code: Select all

@echo off
chcp 708>nul
set "@lo@= !#$&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~""
set "@hi@=¡¢¤¥§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ£"
setlocal enableDelayedExpansion
(for /l %%N in (0 1 93) do set "!@hi@:~%%N,1!=!@lo@:~%%N,1!")&cmd /c %*


It sort of works. I can't get it to pass back any command line arguments. Not sure what I am doing wrong with that.

Just one more way to help obfuscate it in case someone does get a hold of the batch file. They won't have the code to decode it.

dbenham
Expert
Posts: 2461
Joined: 12 Feb 2011 21:02
Location: United States (east coast)

Re: Best way to obfuscate a Batch File?

#57 Post by dbenham » 11 Oct 2017 13:49

Here is how I would do that. My testing shows that it preserves quoted arguments just fine.

Better to transfer control to Unobfuscate.bat, without CALL. This way there is no need for EXIT /B or GOTO :Label.
I went with the version 1.2 definition of @hi@ to better hide the mapping, just in case a user looks at that source code.

Mybatobfuscated.bat

Code: Select all

@if not defined @lo@ Unobfuscate.bat "%~f0" %*
%Á%%æ%%ä%%é%%ð%%¡%%ð%%ç%%ç%
%ô%%æ%%õ%%í%%ð%%ä%%â%%í%%¡%%æ%%ï%%â%%ã%%í%%æ%%å%%æ%%í%%â%%ú%%æ%%å%%æ%%ù%%ñ%%â%%ï%%ô%%ê%%ð%%ï%

%Ó%%Æ%%Î%%¡%%ô%%æ%%õ%%¡%%ç%%ê%%í%%æ%%¡%%ï%%â%%î%%æ%
%ô%%æ%%õ%%¡%%£%%ç%%ï%%¾%%~n1%£%
.............. truncated for brevity

Unobfuscate.bat

Code: Select all

@echo off
setlocal disableDelayedExpansion
for /f "delims=:. tokens=2" %%A in ('chcp') do set "@chcp@=chcp %%A>nul"
chcp 708>nul
set "@lo@= !#$&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~""
set "@hi@=%=%¡%=%¢%=%¤%=%¥%=%§%=%¨%=%©%=%ª%=%«%=%¬%=%­%=%®%=%¯%=%°%=%±%=%²%=%³%=%´%=%µ%=%¶%=%·%=%¸%=%¹%=%º%=%»%=%¼%=%½%=%¾%=%¿%=%À%=%Á%=%Â%=%Ã%=%Ä%=%Å%=%Æ%=%Ç%=%È%=%É%=%Ê%=%Ë%=%Ì%=%Í%=%Î%=%Ï%=%Ð%=%Ñ%=%Ò%=%Ó%=%Ô%=%Õ%=%Ö%=%×%=%Ø%=%Ù%=%Ú%=%Û%=%Ü%=%Ý%=%Þ%=%ß%=%à%=%á%=%â%=%ã%=%ä%=%å%=%æ%=%ç%=%è%=%é%=%ê%=%ë%=%ì%=%í%=%î%=%ï%=%ð%=%ñ%=%ò%=%ó%=%ô%=%õ%=%ö%=%÷%=%ø%=%ù%=%ú%=%û%=%ü%=%ý%=%þ%=%ÿ%=%£%=%"
setlocal enableDelayedExpansion
for /l %%N in (0 1 93) do set "!@hi@:~%%N,1!=!@lo@:~%%N,1!")
setlocal disableDelayedExpansion
cmd /c ^"%*"
%@chcp@%
exit /b


Dave Benam

Squashman
Expert
Posts: 4465
Joined: 23 Dec 2011 13:59

Re: Best way to obfuscate a Batch File?

#58 Post by Squashman » 11 Oct 2017 14:11

dbenham wrote:Here is how I would do that. My testing shows that it preserves quoted arguments just fine.

Better to transfer control to Unobfuscate.bat, without CALL. This way there is no need for EXIT /B or GOTO :Label.
I went with the version 1.2 definition of @hi@ to better hide the mapping, just in case a user looks at that source code.

So this is going to be an option to create two batch files in version 1.3 :?: :lol:

dbenham
Expert
Posts: 2461
Joined: 12 Feb 2011 21:02
Location: United States (east coast)

Re: Best way to obfuscate a Batch File?

#59 Post by dbenham » 11 Oct 2017 20:11

I just realized that the obfuscated script without the map could be made even more cryptic by injecting random undefined variable expansion between each character of the first line.
So the obfuscated script could look like:

Code: Select all

%#=%@%a=%i%o=%f%b=% %n=%n%t=%o%r=%t%a=% %c=%d%u=%e%i=%f%e=%i%f=%n%p=%e%n=%d%s=% %;=%@%O=%l%r=%o%e=%@%s=% %S=%U%E=%n%n=%o%s=%b%c=%f%g=%u%y=%s%z=%c%b=%a%r=%t%u=%e%s=%.%a=%b%c=%a%b=%t%c=% %d=%"%"=%%~f0%@=%"%"=% %[=%%*%]=%
%Á%%æ%%ä%%é%%ð%%¡%%ð%%ç%%ç%
%ô%%æ%%õ%%í%%ð%%ä%%â%%í%%¡%%æ%%ï%%â%%ã%%í%%æ%%å%%æ%%í%%â%%ú%%æ%%å%%æ%%ù%%ñ%%â%%ï%%ô%%ê%%ð%%ï%

%Ó%%Æ%%Î%%¡%%ô%%æ%%õ%%¡%%ç%%ê%%í%%æ%%¡%%ï%%â%%î%%æ%
%ô%%æ%%õ%%¡%%£%%ç%%ï%%¾%%~n1%£%
.............. truncated for brevity


But I don't think I want to promote the Unobfuscate solution. Sure, the map is not embedded within the obfuscated script, but it is too easy for a user to generate an unobfuscation map by running the following:

Code: Select all

unobfuscate set >unobfuscate_map.txt

I think it is better to have everything self-contained within each obfuscated script. I can still use the random undefined variable expansion trick to make the initialization difficult to read. A user could still get the map, but the user would have to figure out where to inject some code. Still not difficult for an experienced person, but probably intimidating for the average user.


Dave

PaperTronics
Posts: 118
Joined: 02 Apr 2017 06:11

Re: Best way to obfuscate a Batch File?

#60 Post by PaperTronics » 12 Oct 2017 06:41

@dbenham - It's great that even the beginning character mapping lines of the code can be encrypted too.

I was a bit worried about that if the user reads and understands the character mapping lines, they could decode the code in just a few hours/days (depending on the length of the code). But I didn't say anything about it because I had discontinued the coding of the program that I needed to use your obfuscating script on.

I have no use for it still, but in the future I will (wow that rhymes! :mrgreen:). So I still keep checking on this topic whenever there's a new post.




Cheers,
PaperTronics

Post Reply