Obfuscate code.

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Message
Author
MauricioDeAbreu
Posts: 43
Joined: 12 Dec 2021 06:45

Obfuscate code.

#1 Post by MauricioDeAbreu » 23 Dec 2021 06:41

Friends, I come again to request your help.

I am new to this world, and I have tried to learn through reading, and the few questions that I have asked in this forum. Through which and with your help I have been able to crystallize my ideas.

The point is that, in my work there are some colleagues who may not be very happy with my eagerness to learn to script, and they constantly seek to put their noses in the code. Come on, it is not a code from the other world, but they strive to snoop, and I do not let them look. 😊

So I'm looking for a way to obfuscate the code so it's not visible (when my little project is done), or at least make it as difficult as possible for it.

I tried the following code, from this link:viewtopic.php?f=3&t=7990&hilit=obfuscate

Code: Select all

@ECHO OFF
GOTO:CODE

Drag .bat or .cmd file onto this batch file
It will be encoded and name___.bat will be created which will function as normal
To decode name__.bat file drag onto this file as well
encoded file will be deleted and name.DC.bat created

https://www.dostips.com/forum/viewtopic.php?t=7990
substring manipulation https://ss64.com/nt/syntax-substring.html

:CODE
:: if no perameter exit
if "%~1"=="" exit /b
:: if not .bat or .cmd exit
if /i "%~x1" neq ".bat" if /i "%~x1" neq ".cmd" exit /b
:: check to see if last 3 letter in filename are ___, if so decode
set _name=%~n1
if %_name:~-3% equ ___ goto :DECODE

:ENCODE
for /f %%i in ("certutil.exe") do if not exist "%%~$path:i" (
  echo CertUtil.exe not found.
  pause
  exit /b
)
>"temp.~b64" echo(//4mY2xzDQo=
certutil.exe -f -decode "temp.~b64" "%~n1___%~x1"
del "temp.~b64"
copy "%~n1___%~x1" /b + "%~1" /b
GOTO:EOF

:DECODE
:: _result everything but last 3 characters
SET _result=%_name:~0,-3%
:: del old decoded file
if exist "%_result%.DC%~x1" del "%_result%.DC%~x1"
:: save decoded file to file.DC.ext
for /f "skip=1 delims=" %%L in ('CMD /U /C Type "%~1"') do (
   echo %%L
   echo %%L >>"%_result%.DC%~x1"
)
:: del original encoded file
del %~n1%~x1
Results:
1- It certainly masks the code, the bad thing is that with a Hexadecimal editor you can see and copy the code, which is precisely what I try to avoid.
2- My code runs fine almost to the end, where it sadly fails.
3- The failure is given because at the beginning of my code I have "<#: batch portion", so the final code is not executed. Error that would still give if it was removed and executed.

The question is, what can I do to prevent access to the code, either through other code like the one above, or through a program.

If there is no other way, how can I solve the problem that the use of the code described above presents?

Thankful as always for the help you can give me.

Please excuse my English, I use a translator.

atfon
Posts: 178
Joined: 06 Oct 2017 07:33

Re: Obfuscate code.

#2 Post by atfon » 23 Dec 2021 07:17

One way to do this is through the use of iexpress.exe from the %__APPDIR__% folder. With this utility, you can convert .bat files to .exe and thus obfuscate the code.

MauricioDeAbreu
Posts: 43
Joined: 12 Dec 2021 06:45

Re: Obfuscate code.

#3 Post by MauricioDeAbreu » 23 Dec 2021 10:34

atfon wrote:
23 Dec 2021 07:17
One way to do this is through the use of iexpress.exe from the %__APPDIR__% folder. With this utility, you can convert .bat files to .exe and thus obfuscate the code.
Thanks for answering.

I have followed the steps of 2 tutorials in case there was an error in the first one, but when I run the File.exe it opens and closes. You really don't get to see anything.

I tried several times but it never worked.

I have used the Bat to Exe Converter, but the content of the executable is easily traced and the source code can be obtained.

Any other idea?

Squashman
Expert
Posts: 4486
Joined: 23 Dec 2011 13:59

Re: Obfuscate code.

#4 Post by Squashman » 23 Dec 2021 14:20

Why aren't you using Dbenham Obfuscator.bat
viewtopic.php?f=3&t=7990&start=15#p53278

MauricioDeAbreu
Posts: 43
Joined: 12 Dec 2021 06:45

Re: Obfuscate code.

#5 Post by MauricioDeAbreu » 24 Dec 2021 06:07

Thanks for answering.

I'm going to get to work.

I will report the results or difficulties.

Thanks…

MauricioDeAbreu
Posts: 43
Joined: 12 Dec 2021 06:45

Re: Obfuscate code.

#6 Post by MauricioDeAbreu » 24 Dec 2021 09:02

Friends, this must be silly, but with my little knowledge and more tests I do not know how to solve it.

I am making modifications to my code to be able to Obfuscate it.

But I don't know how to treat this line according to the instructions.

For / f "tokens = *" %% f in ('wmic diskdrive get size / value ^ | find "="') do set "%% f"

If %{size}% == 320070320640 (Echo HDD 320)

How do I get validation?

Thankful in advance for the help you give me.

MauricioDeAbreu
Posts: 43
Joined: 12 Dec 2021 06:45

Re: Obfuscate code.

#7 Post by MauricioDeAbreu » 24 Dec 2021 09:44

Edit: I apologize if the correct thing was to edit the previous message, but my internet connection failed for a long time.
So I considered it more logical to place a new answer.

So I can make it work:

For / f "tokens = *" %% f in ('wmic diskdrive get size / value ^ | find "="') do set "%% f"

set {SizeHDD}= %size%

If %{SizeHDD}% == 320070320640 (Echo HDD 320)

But ..., "size" must not be between %{size}%?

This has me somewhat confused.
Last edited by MauricioDeAbreu on 24 Dec 2021 10:59, edited 1 time in total.

Squashman
Expert
Posts: 4486
Joined: 23 Dec 2011 13:59

Re: Obfuscate code.

#8 Post by Squashman » 24 Dec 2021 10:56

MauricioDeAbreu wrote:
24 Dec 2021 09:02
For / f "tokens = *" %% f in ('wmic diskdrive get size / value ^ | find "="') do set "%% f"
The for variable references should not have a space. Nor should the tokens option.

MauricioDeAbreu
Posts: 43
Joined: 12 Dec 2021 06:45

Re: Obfuscate code.

#9 Post by MauricioDeAbreu » 24 Dec 2021 10:58

Squashman wrote:
24 Dec 2021 10:56
MauricioDeAbreu wrote:
24 Dec 2021 09:02
For / f "tokens = *" %% f in ('wmic diskdrive get size / value ^ | find "="') do set "%% f"
The for variable references should not have a space. Nor should the tokens option.
I apologize for the space, it was probably the translator, the original code does not have spaces.

-----------------------------------

Edit:
I believe I made the correct modifications to MyFile.bat before obfuscating.

I did not know how to use the line "ObfuscateBatch / m MyFile.bat" or "ObfuscateBatch.bat / m MyFile.bat", I tried in the command console, I tried doing a .bat and it did not work.

So I dragged “MyFIle.bat” and dropped it on “ObfuscateBatch.bat”, I create the file “MyFile_Obfuscated.bat”.

Result:
The file was detected by the antivirus as "Trojan-Dropper.BAT.Agent.dv"

ShadowThief
Expert
Posts: 1166
Joined: 06 Sep 2013 21:28
Location: Virginia, United States

Re: Obfuscate code.

#10 Post by ShadowThief » 26 Dec 2021 15:09

Yeah, every single technique to obfuscate batch files is either trivial to reverse, gets flagged by an antivirus, or both.

If you want to make your source code inaccessible, use a language that actually compiles.

MauricioDeAbreu
Posts: 43
Joined: 12 Dec 2021 06:45

Re: Obfuscate code.

#11 Post by MauricioDeAbreu » 27 Dec 2021 07:21

ShadowThief wrote:
26 Dec 2021 15:09
Yeah, every single technique to obfuscate batch files is either trivial to reverse, gets flagged by an antivirus, or both.

If you want to make your source code inaccessible, use a language that actually compiles.
OK thank you very much.

Aacini
Expert
Posts: 1914
Joined: 06 Dec 2011 22:15
Location: México City, México
Contact:

Re: Obfuscate code.

#12 Post by Aacini » 27 Dec 2021 15:15

There is a simple method to "hide" values, like a password, in a Batch file that have proved to be effective against most intermediate Batch file users. I posted here such a method as a challenge: try to broke the code and get the password, but reviewing the Program.BAT file only! You can NOT review the Installer.BAT file for now...

To start the challenge, run the Install.BAT file once so the Program.BAT file is created. After that, run the Program.BAT file.

Code: Select all

@echo off
setlocal EnableDelayedExpansion

rem Install.BAT: Create Program.BAT file that include a "hidden" password
rem https://www.dostips.com/forum/viewtopic.php?f=3&t=6185
rem Antonio Perez Ayala aka Aacini (https://apaacini.com)


rem Do NOT review the code for now!!









for /F %%a in ('echo prompt $H ^| cmd') do set "BS=%%a" 
for %%i in (A,B,C) do echo Protection scheme part %%i > %%i 
> ".\C:passîð!BS!!BS!Word.txtÿ" echo Yes, You Did It 
echo This is not the password > passWord.txt 

(
echo @echo off
echo setlocal EnableDelayedExpansion
echo/
echo set /P "pass1=Enter password: "
echo set /P "pass2=" ^< ".\C:passîð!BS!!BS!Word.txtÿ"
echo if "^!pass1^!" equ "^!pass2^!" goto OK
echo echo Bad password
echo goto :EOF
echo/
echo :OK
echo echo You did it!
) > Program.bat

echo Program.bat file created
When you broke the password, please do NOT post what the protection scheme is! Just post that you did it, so other users keep interested in the challenge...

Although this scheme is used here to hide only a password, it can also be used to hide sections of Batch code. Further details about this point in a posterior post...

Antonio

ShadowThief
Expert
Posts: 1166
Joined: 06 Sep 2013 21:28
Location: Virginia, United States

Re: Obfuscate code.

#13 Post by ShadowThief » 27 Dec 2021 17:08

Good stuff, Aacini. I've tried to use similar techniques in the past but I've found that pre-making the files makes it impossible to transfer the files while keeping the hidden content intact.

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Obfuscate code.

#14 Post by aGerman » 27 Dec 2021 18:08

That's because it requires a feature available on only one file system. In other words, Antonio should have mentioned that even Install.BAT may fail depending on the drive vou're running it (like it happened to me in the first place :lol:).

Steffen

penpen
Expert
Posts: 2009
Joined: 23 Jun 2013 06:15
Location: Germany

Re: Obfuscate code.

#15 Post by penpen » 27 Dec 2021 20:03

I would have expected any intermediate batch file user to easily get the password (at least here in this case, where we are allowed to see the code), though i have no access to such a group to check.

penpen

Post Reply