Page 1 of 1

Prevent typed password appearing on screen - explanation

Posted: 26 Feb 2014 05:00
by gruff999
I found this code on alt.msdos.batch.nt many years ago. I can see what it`s doing in simple 'mechanical' terms but can someone give me a fuller explanation of what "in.com" is, why it works, and the code that creates it? It seems to temporarily create a file that captures console input up until the Enter key is pressed.

Code: Select all

@echo off
set /p username=Enter user name:
echo hP1X500P[PZBBBfh#b##fXf-V@`$fPf]f3/f1/5++u5>in.com
set /p password=Enter password:<nul
for /f "tokens=*" %%i in ('in.com') do set password=%%i
echo %username%
echo %password%
pause
del in.com

Re: Prevent typed password appearing on screen - explanation

Posted: 26 Feb 2014 06:18
by foxidrive
Herbert Kleebauer helped pioneer ascii binary files to post utilities that he wrote embedded into text messages.

Here is an original post with that binary in a thread from 2004 and the source code.

http://www.44342.com/MS-DOS-f497-t485-p1.htm

It also has a different one at the beginning.

Re: Prevent typed password appearing on screen - explanation

Posted: 26 Feb 2014 07:13
by Squashman
We had another thread a while back about obfuscating the password as it is typed in. This goes back to your Xcopy question you asked as well.

viewtopic.php?f=3&t=4664

Re: Prevent typed password appearing on screen - explanation

Posted: 26 Feb 2014 09:46
by penpen
The file "in.com" just calls the DOS interrupt 0x21 function number 0x0A with the input buffer located at DS:0x163 and then returns:

Code: Select all

mov dx, [buffer]
mov ah, 0A
int 21
ret

buffer@163:
BYTE 1 DUP(FE)
BYTE F1 DUP(0)
But the neeeded values are mostly binary and may be corrupted when copy+paste them to a file, so the author has created a file consisting of default text characters doing the same:

Code: Select all

:0001.0100 685031                 push 3150             stack <- 0x3150
:0001.0103 58                     pop ax                ax <- stack (== 0x3150)
:0001.0104 353030                 xor ax, 3030          ax ^= 0x3030 (== 0x160)
:0001.0107 50                     push ax               stack <- ax
:0001.0108 5B                     pop bx                bx <- stack (== 0x160)
:0001.0109 50                     push ax               stack <- ax
:0001.010A 5A                     pop dx                dx <- stack (== 0x160)
:0001.010B 42                     inc dx                dx += 1 (== 0x161)
:0001.010C 42                     inc dx                dx += 1 (== 0x162)
:0001.010D 42                     inc dx                dx += 1 (== 0x163)
:0001.010E 666823622323           push 23236223         stack <- 0x23236223
:0001.0114 6658                   pop eax               eax <- stack (== 0x23236223)
:0001.0116 662D56406024           sub eax, 24604056     eax -= 0x24604056 == 0xFEC321CD, ZF :== 1
:0001.011C 6650                   push eax              stack <- eax
:0001.011E 665D                   pop ebp               ebp <- stack (== 0xFEC321CD)
:0001.0120 66332F                 xor ebp, [bx]         ebp ^= [bx] (== [0x160])
:0001.0123 66312F                 xor [bx], ebp         [bx] ^= ebp ([bx] := 0xFEC321CD) write (int 21, ret, BYTE 1 DUP(FE)) part at :0001.0160
:0001.0126 352B2B                 xor ax, 2B2B          ax ^= 0x2B2B (ax == 0xFEC30AE6, ah == 0A)
:0001.0129 7535                   jne 0160              jump to address 0x0160 if 0 != ZF (== 1)
:0001.012B 0D0A00                 or ax, 000A           never reached
:0001.012E 00000000000000000000   BYTE 10 DUP(0)        never reached
:0001.0138 00000000000000000000   BYTE 10 DUP(0)        never reached
:0001.0142 00000000000000000000   BYTE 10 DUP(0)        never reached
:0001.014C 00000000000000000000   BYTE 10 DUP(0)        never reached
:0001.0156 00000000000000000000   BYTE 10 DUP(0)        never reached


:: set up by file "in.com"
:0001.0160 CD21                   int 21                ah == 0A  interrupt 21 function executed
:0001.0162 C3                     ret                   return
:0001.0163 FE                     BYTE 1 DUP(FE)
The int 21h function 0x0A is explained for example here: http://stanislavs.org/helppc/int_21-a.html
penpen

Edit+: Corrected some errors.

Re: Prevent typed password appearing on screen - explanation

Posted: 26 Feb 2014 10:00
by Squashman
Also realize that this will not work on 64bit versions of Windows.

Re: Prevent typed password appearing on screen - explanation

Posted: 26 Feb 2014 10:31
by gruff999
Squashman, thank you. I have both an XP and Windows 7 64-bit machine on my desk - it`s one of the only things that behaves differently, so far.

I appreciate DosTips is mainly about XP (I assume it still is?).

Others that have caught me out are:

SET /P doesn`t support leading spaces in the prompt under Win 7 (annoying). Actually, I should wait until someone proves me wrong on this forum perhaps?

CHOICE command has new switch /M before specifying your own prompt.

But I don`t need CHOICE any more do I!

Re: Prevent typed password appearing on screen - explanation

Posted: 26 Feb 2014 12:06
by Squashman
gruff999 wrote:I appreciate DosTips is mainly about XP (I assume it still is?).

We try to write batch files that work across all versions of Windows. Of course a lot of options came out with version of Windows after 9X. So most of the stuff we write here does work on XP and above.
gruff999 wrote:SET /P doesn`t support leading spaces in the prompt under Win 7 (annoying). Actually, I should wait until someone proves me wrong on this forum perhaps?

I believe this has been discussed on the forums.

Re: Prevent typed password appearing on screen - explanation

Posted: 26 Feb 2014 16:59
by foxidrive
gruff999 wrote:SET /P doesn`t support leading spaces in the prompt under Win 7 (annoying). Actually, I should wait until someone proves me wrong on this forum perhaps?


That's true, but you can put things like an A and backspace as the leading two characters, which works when printing to the screen.

See here where it is used: viewtopic.php?f=3&t=5406