Lock a folder with a password?

[Adrianvdh]

So I did a little research on Google and found you can lock and unlock a folder, but it doesn't require a password only the command to do it.

Code: Select all

if NOT EXIST Locker goto MDLOCKER
:CONFIRM
echo Are you sure u want to Lock the folder(Y/N)
set/p "cho=>"
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Locker "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
echo Folder locked
goto End
:UNLOCK
echo Enter password to Unlock folder
set/p "pass=>"
if NOT %pass%==type your password here goto FAIL
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Locker
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md Locker
echo Locker created successfully
goto End
:End

source: https://superuser.com/questions/470652/ ... and-prompt

The code above does lock and unlock the folder as I explained but used a dumb method for using a password and doesn't at all encrypt the folder.
I know how dangerous this can be but I would like to know if it could be down via Batch program.

If anyone has an idea that would be great

Regards,
Adrian

[ShadowThief]

"Lock" is a bit of a stretch for what that code does. It sets the attributes to Hidden and System so that you can't see it unless you've selected the "Show hidden files, folders, and drives" option and unchecked the "Hide protected operating system files (Recommended)" box under Folder Options. It also changes the folder name so that it appears to be nothing.

[Adrianvdh]

Well if anyone could figure a way to 'password encrypt' a folder in native batch, that would be great

Regard,
Adrian

[foxidrive]

Well if anyone could figure a way to 'password encrypt' a folder

Yeah, sure!

in native batch, that would be great

That's the sticking point.

If you include powershell, vbs, making c+ executables with native compilers, and you explain exactly what the task is and the reason for it, then someone may have an idea or two for you.

[aGerman]

in native batch

No.

What about TrueCrypt? You can use its command line interface in batch.
Note that the development of TrueCrypt ended in 5/2014. Nevertheless for private use it should be still sufficient (compared with the method you posted above for sure ).

Regards
aGerman

[Squashman]

Note that the development of TrueCrypt ended in 5/2014.

That makes me

[Adrianvdh]

I am developing a batch file that can manage the 'hosts' file in the 'drivers\etc' folder
My batch file has a feature to to set an optional password to access the functionality.

Originally the password is hashed with a cipher in native batch, the result is stored in the registry and set a 'password enabled' flag too.
The program also included a 'private key' mechanism as a fall back. This 'private key' mechanism used the 'Windows Extended PID' (which was a unique, random key generate upon an Windows installation). The program used the same cipher to hash the 'Windows Extended PID' to act as the fall back.

The program also include a retry counter for the user's password entry (counts stored in registry too). So after 5 retries the program would call for the user to enter the 'private key' and the
retry counter would reset and so would the original password and password flag.

To 'log in' the password was decrypted from the registry (bad method, rather compared the hashed password to the stored registry value) and compare to the users entered password.
If the compare returned false the retry counter would decrease by one until it hit zero and then ask for that 'private key', so on...


Now the fault is someone can go into my code and copy the cipher algorithm and create a new hash password and just change the password in the registry or change the 'password enabled' flag registry item, then they could get in and access the program.

I found a technique after some Google searching:

***Link the password to the user data, data such as the hosts file folder***
1. Hash the password in a 'private key' (i.e. MD5) and store it somewhere, preferably in a 'hidden' file.
2. Password protect the user data.
3. User must provide matching password in order to access the program.
4. The 'private key' that was hashed with the password is used to decrypt the user data.
* The trick is that is someone is to erase the password, the data is useless because they just throw away the key to the data.

I think that sums it up pretty well what I hope to achieve, but I realize if I password lock the 'drivers\etc' folder or just the 'hosts' file Windows won't be able to access it anyway.
But it still would be interesting to develop such a system anyway.

Thank you.
Kind regards,
Adrian

References:
technique mentioned above: http://bytes.com/topic/c-sharp/answers/ ... d-securely
'Lock folder' batch file code: http://www.tweakandtrick.com/2010/08/cr ... t-you.html


Code for custom cipher I got a while ago from DosTips.com:

Code: Select all

::Encrypt text String START
:EncryptFunction
set "EncryptOut="
:encrypt2
set encrypt_char=%Encrypt2:~0,1%
set Encrypt2=%Encrypt2:~1%
set EncryptOut=%EncryptOut%!CHAR_EN[%encrypt_char%]!
if not "%Encrypt2%"=="" goto encrypt2
exit /b
::Encrypt text String END
::Decrypt text String START
:DecryptFunction
set "DecryptOut="
:decrypt2
set decrypt_char=%Decrypt2:~0,6%
set Decrypt2=%Decrypt2:~6%
set DecryptOut=%DecryptOut%!CHAR_DE[%decrypt_char%]!
if not "%Decrypt2%"=="" goto decrypt2
exit /b
::%Encrypt2%
::%Decrypt2%
::Decrypt text String END

:DecryptPassword
if "%passencryptmap%"=="Enabled" (
set "Decrypt2=%passwordvar%"
call :DecryptKeysV2
call :DecryptFunction )
exit /b

:EncryptKeysV1
(set CHAR_EN[a]=UDFM45) & (set CHAR_EN[b]=H21DGF) & (set CHAR_EN[c]=FDH56D) & (set CHAR_EN[d]=FGS546) & (set CHAR_EN[e]=JUK4JH)
(set CHAR_EN[f]=ERG54S) & (set CHAR_EN[g]=T5H4FD) & (set CHAR_EN[h]=RG641G) & (set CHAR_EN[i]=RG4F4D) & (set CHAR_EN[j]=RT56F6)
(set CHAR_EN[k]=VCBC3B) & (set CHAR_EN[l]=F8G9GF) & (set CHAR_EN[m]=FD4CJS) & (set CHAR_EN[n]=G423FG) & (set CHAR_EN[o]=F45GC2)
(set CHAR_EN[p]=TH5DF5) & (set CHAR_EN[q]=CV4F6R) & (set CHAR_EN[r]=XF64TS) & (set CHAR_EN[s]=X78DGT) & (set CHAR_EN[t]=TH74SJ)
(set CHAR_EN[u]=BCX6DF) & (set CHAR_EN[v]=FG65SD) & (set CHAR_EN[w]=4KL45D) & (set CHAR_EN[x]=GFH3F2) & (set CHAR_EN[y]=GH56GF)
(set CHAR_EN[z]=45T1FG) & (set CHAR_EN[1]=D4G23D) & (set CHAR_EN[2]=GB56FG) & (set CHAR_EN[3]=SF45GF) & (set CHAR_EN[4]=P4FF12)
(set CHAR_EN[5]=F6DFG1) & (set CHAR_EN[6]=56FG4G) & (set CHAR_EN[7]=USGFDG) & (set CHAR_EN[8]=FKHFDG) & (set CHAR_EN[9]=IFGJH6)
(set CHAR_EN[0]=87H8G7) & (set CHAR_EN[@]=G25GHF) & (set CHAR_EN[#]=45FGFH) & (set CHAR_EN[$]=75FG45) & (set CHAR_EN[*]=54GDH5)
(set CHAR_EN[(]=45F465) & (set CHAR_EN[.]=HG56FG) & (set CHAR_EN[,]=DF56H4) & (set CHAR_EN[-]=F5JHFH) & (set CHAR_EN[ ]=SGF4HF)
(set CHAR_EN[\]=45GH45) & (set CHAR_EN[/]=56H45G)
exit /b
:DecryptKeysV1
(set CHAR_DE[UDFM45]=a) & (set CHAR_DE[H21DGF]=b) & (set CHAR_DE[FDH56D]=c) & (set CHAR_DE[FGS546]=d) & (set CHAR_DE[JUK4JH]=e)
(set CHAR_DE[ERG54S]=f) & (set CHAR_DE[T5H4FD]=g) & (set CHAR_DE[RG641G]=h) & (set CHAR_DE[RG4F4D]=i) & (set CHAR_DE[RT56F6]=j)
(set CHAR_DE[VCBC3B]=k) & (set CHAR_DE[F8G9GF]=l) & (set CHAR_DE[FD4CJS]=m) & (set CHAR_DE[G423FG]=n) & (set CHAR_DE[F45GC2]=o)
(set CHAR_DE[TH5DF5]=p) & (set CHAR_DE[CV4F6R]=q) & (set CHAR_DE[XF64TS]=r) & (set CHAR_DE[X78DGT]=s) & (set CHAR_DE[TH74SJ]=t)
(set CHAR_DE[BCX6DF]=u) & (set CHAR_DE[FG65SD]=v) & (set CHAR_DE[4KL45D]=w) & (set CHAR_DE[GFH3F2]=x) & (set CHAR_DE[GH56GF]=y)
(set CHAR_DE[45T1FG]=z) & (set CHAR_DE[D4G23D]=1) & (set CHAR_DE[GB56FG]=2) & (set CHAR_DE[SF45GF]=3) & (set CHAR_DE[P4FF12]=4)
(set CHAR_DE[F6DFG1]=5) & (set CHAR_DE[56FG4G]=6) & (set CHAR_DE[USGFDG]=7) & (set CHAR_DE[FKHFDG]=8) & (set CHAR_DE[IFGJH6]=9)
(set CHAR_DE[87H8G7]=0) & (set CHAR_DE[G25GHF]=@) & (set CHAR_DE[45FGFH]=#) & (set CHAR_DE[75FG45]=$) & (set CHAR_DE[54GDH5]=*)
(set CHAR_DE[45F465]=() & (set CHAR_DE[HG56FG]=.) & (set CHAR_DE[DF56H4]=,) & (set CHAR_DE[F5JHFH]=-) & (set CHAR_DE[SGF4HF]= )
(set CHAR_DE[45GH45]=\) & (set CHAR_DE[56H45G]=/)
exit /b
:EncryptKeysV2
(set CHAR_EN[a]=G65FJ4) & (set CHAR_EN[b]=FGH456) & (set CHAR_EN[c]=TGH4FG) & (set CHAR_EN[d]=8R1MK3) & (set CHAR_EN[e]=XF21GR)
(set CHAR_EN[f]=DGH2GF) & (set CHAR_EN[g]=X5C4VF) & (set CHAR_EN[h]=TH5DXE) & (set CHAR_EN[i]=E5A12C) & (set CHAR_EN[j]=A5RJHA)
(set CHAR_EN[k]=52D6FG) & (set CHAR_EN[l]=A12SB1) & (set CHAR_EN[m]=9ER52S) & (set CHAR_EN[n]=5A20XS) & (set CHAR_EN[o]=4A1E1C)
(set CHAR_EN[p]=423DR1) & (set CHAR_EN[q]=412RGS) & (set CHAR_EN[r]=A4T2DS) & (set CHAR_EN[s]=C82A3U) & (set CHAR_EN[t]=5E2A6R)
(set CHAR_EN[u]=CV12HB) & (set CHAR_EN[v]=L2F5DR) & (set CHAR_EN[w]=SG4HJL) & (set CHAR_EN[x]=A54RE2) & (set CHAR_EN[y]=A52E8A)
(set CHAR_EN[z]=45D6R4) & (set CHAR_EN[1]=52R2SF) & (set CHAR_EN[2]=4GB2S6) & (set CHAR_EN[3]=A1E0SA) & (set CHAR_EN[4]=D6A3EA)
(set CHAR_EN[5]=R1E56R) & (set CHAR_EN[6]=U4D10F) & (set CHAR_EN[7]=A8W64V) & (set CHAR_EN[8]=5E5E2A) & (set CHAR_EN[9]=HY54A8)
(set CHAR_EN[0]=SDEF23) & (set CHAR_EN[@]=1W5SA2) & (set CHAR_EN[#]=LD5S3A) & (set CHAR_EN[$]=DS4A2E) & (set CHAR_EN[*]=AE2SA5)
(set CHAR_EN[(]=1BV231) & (set CHAR_EN[.]=SDFG54) & (set CHAR_EN[,]=8Z5F4T) & (set CHAR_EN[-]=SYW3AE) & (set CHAR_EN[ ]=T8A3TR)
(set CHAR_EN[\]=S21D3E) & (set CHAR_EN[/]=4E56TS)
exit /b
:DecryptKeysV2
(set CHAR_DE[G65FJ4]=a) & (set CHAR_DE[FGH456]=b) & (set CHAR_DE[TGH4FG]=c) & (set CHAR_DE[8R1MK3]=d) & (set CHAR_DE[XF21GR]=e)
(set CHAR_DE[DGH2GF]=f) & (set CHAR_DE[X5C4VF]=g) & (set CHAR_DE[TH5DXE]=h) & (set CHAR_DE[E5A12C]=i) & (set CHAR_DE[A5RJHA]=j)
(set CHAR_DE[52D6FG]=k) & (set CHAR_DE[A12SB1]=l) & (set CHAR_DE[9ER52S]=m) & (set CHAR_DE[5A20XS]=n) & (set CHAR_DE[4A1E1C]=o)
(set CHAR_DE[423DR1]=p) & (set CHAR_DE[412RGS]=q) & (set CHAR_DE[A4T2DS]=r) & (set CHAR_DE[C82A3U]=s) & (set CHAR_DE[5E2A6R]=t)
(set CHAR_DE[CV12HB]=u) & (set CHAR_DE[L2F5DR]=v) & (set CHAR_DE[SG4HJL]=w) & (set CHAR_DE[A54RE2]=x) & (set CHAR_DE[A52E8A]=y)
(set CHAR_DE[45D6R4]=z) & (set CHAR_DE[52R2SF]=1) & (set CHAR_DE[4GB2S6]=2) & (set CHAR_DE[A1E0SA]=3) & (set CHAR_DE[D6A3EA]=4)
(set CHAR_DE[R1E56R]=5) & (set CHAR_DE[U4D10F]=6) & (set CHAR_DE[A8W64V]=7) & (set CHAR_DE[5E5E2A]=8) & (set CHAR_DE[HY54A8]=9)
(set CHAR_DE[SDEF23]=0) & (set CHAR_DE[1W5SA2]=@) & (set CHAR_DE[LD5S3A]=#) & (set CHAR_DE[DS4A2E]=$) & (set CHAR_DE[AE2SA5]=*)
(set CHAR_DE[1BV231]=() & (set CHAR_DE[SDFG54]=.) & (set CHAR_DE[8Z5F4T]=,) & (set CHAR_DE[SYW3AE]=-) & (set CHAR_DE[T8A3TR]= )
(set CHAR_DE[S21D3E]=\) & (set CHAR_DE[4E56TS]=/)
exit /b

Method of obtaining the 'Windows Extended PID':

Code: Select all

:getEPID returnValue
cscript //nologo %_slmgr% -dlv|findstr /i "Extended PID: " >nul 2>nul
for /f "tokens=3 delims=: " %%g in ('cscript //nologo %_slmgr% -dlv^|findstr /i "Extended PID: "') do set "EPID=%%g">nul
set %~1=%EPID%
exit /b