vbscript hybrid base64 decoding

[elzooilogico]

Hi to all,

I have seen in this forum some different methods to attach binary data to the script and to extract/decode it.

Some of them use hexadecimal dump and other base64 encoding. But base64 encoding is a bit more space efficient than a hex dump.

I've seen base64 decoding using certutil.

Here the decoding is made using cscript, which I think is present even in XP. Can anyone confirm this point?

Code: Select all

@echo off

:searchAndDecode
SetLocal EnableDelayedExpansion & set "_FILES_=" & set "fil=" & set "ini="
set "_vbs_file_=%TEMP%\%~n0.vbs"

::search for encoded data 
for /F "usebackq tokens=1-3 delims=:" %%1 in (`findstr /B /N ":base64Encoded:" "%~f0"`) do (
    if "%%3" EQU "!fil!" (set "_FILES_=!_FILES_!!fil!:!ini!:%%1,") else (set "fil=%%3" & set "ini=%%1")
)
set "_FILES_=%_FILES_:~0,-1%"

rem create a vbscript to do the decoding
for %%# in (%_FILES_%) do (
  for /F "tokens=1-3 delims=:" %%1 in ("%%#") do (
    (
      echo/set outStream=CreateObject("ADODB.Stream"^) 
      echo/outStream.Type=1 
      echo/outStream.Open
      echo/set oFS=CreateObject("Scripting.FileSystemObject"^) 
      echo/set inStream=oFS.OpenTextFile("%~f0",1,0,0^)
      echo/set oXML=CreateObject("MSXml2.DOMDocument"^)
      echo/set oItem=oXML.createElement("tmp"^)
      echo/oItem.DataType="bin.base64"
      echo/for i=1 to %%2 step 1 
      echo/  inStream.readline
      echo/next
      echo/do while i^<%%3 
      echo/  oItem.text=inStream.readline 
      echo/  decodedBytes=oItem.NodeTypedValue 
      echo/  outStream.Write decodedBytes 
      echo/  i=i+1 
      echo/loop
      echo/outStream.SaveToFile "%TEMP%\%%1",2 
      echo/inStream.close 
      echo/outStream.close
      echo/set oItem=nothing 
      echo/set oXML=nothing 
      echo/set outStream=nothing 
      echo/set inStream=nothing 
      echo/set oFS=nothing
    )>"%_vbs_file_%"
    Cscript.exe /B /E:vbs "%_vbs_file_%" >NUL
    start notepad "%TEMP%\%%1"
  )
)
del /F /Q "%_vbs_file_%" 2>NUL

EndLocal
exit/B 0



:base64Encoded:loremIpsum.txt:
TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2Np
bmcgZWxpdCwgc2VkIGRvIGVpdXNtb2QgdGVtcG9yIGluY2lkaWR1bnQgDQp1dCBs
YWJvcmUgZXQgZG9sb3JlIG1hZ25hIGFsaXF1YS4gVXQgZW5pbSBhZCBtaW5pbSB2
ZW5pYW0sIHF1aXMgbm9zdHJ1ZCBleGVyY2l0YXRpb24gdWxsYW1jbyANCmxhYm9y
aXMgbmlzaSB1dCBhbGlxdWlwIGV4IGVhIGNvbW1vZG8gY29uc2VxdWF0LiBEdWlz
IGF1dGUgaXJ1cmUgZG9sb3IgaW4gcmVwcmVoZW5kZXJpdCBpbiB2b2x1cHRhdGUg
DQp2ZWxpdCBlc3NlIGNpbGx1bSBkb2xvcmUgZXUgZnVnaWF0IG51bGxhIHBhcmlh
dHVyLiBFeGNlcHRldXIgc2ludCBvY2NhZWNhdCBjdXBpZGF0YXQgbm9uIHByb2lk
ZW50LCANCnN1bnQgaW4gY3VscGEgcXVpIG9mZmljaWEgZGVzZXJ1bnQgbW9sbGl0
IGFuaW0gaWQgZXN0IGxhYm9ydW0uDQoNClNlZCB1dCBwZXJzcGljaWF0aXMgdW5k
ZSBvbW5pcyBpc3RlIG5hdHVzIGVycm9yIHNpdCB2b2x1cHRhdGVtIGFjY3VzYW50
aXVtIGRvbG9yZW1xdWUgbGF1ZGFudGl1bSwgDQp0b3RhbSByZW0gYXBlcmlhbSwg
ZWFxdWUgaXBzYSBxdWFlIGFiIGlsbG8gaW52ZW50b3JlIHZlcml0YXRpcyBldCBx
dWFzaSBhcmNoaXRlY3RvIGJlYXRhZSB2aXRhZSANCmRpY3RhIHN1bnQgZXhwbGlj
YWJvLiBOZW1vIGVuaW0gaXBzYW0gdm9sdXB0YXRlbSBxdWlhIHZvbHVwdGFzIHNp
dCBhc3Blcm5hdHVyIGF1dCBvZGl0IGF1dCBmdWdpdCwgDQpzZWQgcXVpYSBjb25z
ZXF1dW50dXIgbWFnbmkgZG9sb3JlcyBlb3MgcXVpIHJhdGlvbmUgdm9sdXB0YXRl
bSBzZXF1aSBuZXNjaXVudC4gTmVxdWUgcG9ycm8gcXVpc3F1YW0gZXN0LCANCnF1
aSBkb2xvcmVtIGlwc3VtIHF1aWEgZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVy
LCBhZGlwaXNjaSB2ZWxpdCwgc2VkIHF1aWEgbm9uIG51bXF1YW0gZWl1cyBtb2Rp
IA0KdGVtcG9yYSBpbmNpZHVudCB1dCBsYWJvcmUgZXQgZG9sb3JlIG1hZ25hbSBh
bGlxdWFtIHF1YWVyYXQgdm9sdXB0YXRlbS4gVXQgZW5pbSBhZCBtaW5pbWEgdmVu
aWFtLCANCnF1aXMgbm9zdHJ1bSBleGVyY2l0YXRpb25lbSB1bGxhbSBjb3Jwb3Jp
cyBzdXNjaXBpdCBsYWJvcmlvc2FtLCBuaXNpIHV0IGFsaXF1aWQgZXggZWEgY29t
bW9kaSBjb25zZXF1YXR1cj8gDQpRdWlzIGF1dGVtIHZlbCBldW0gaXVyZSByZXBy
ZWhlbmRlcml0IHF1aSBpbiBlYSB2b2x1cHRhdGUgdmVsaXQgZXNzZSBxdWFtIG5p
aGlsIG1vbGVzdGlhZSBjb25zZXF1YXR1ciwgDQp2ZWwgaWxsdW0gcXVpIGRvbG9y
ZW0gZXVtIGZ1Z2lhdCBxdW8gdm9sdXB0YXMgbnVsbGEgcGFyaWF0dXI/DQoNCkF0
IHZlcm8gZW9zIGV0IGFjY3VzYW11cyBldCBpdXN0byBvZGlvIGRpZ25pc3NpbW9z
IGR1Y2ltdXMgcXVpIGJsYW5kaXRpaXMgcHJhZXNlbnRpdW0gdm9sdXB0YXR1bSAN
CmRlbGVuaXRpIGF0cXVlIGNvcnJ1cHRpIHF1b3MgZG9sb3JlcyBldCBxdWFzIG1v
bGVzdGlhcyBleGNlcHR1cmkgc2ludCBvY2NhZWNhdGkgY3VwaWRpdGF0ZSBub24g
cHJvdmlkZW50LCANCnNpbWlsaXF1ZSBzdW50IGluIGN1bHBhIHF1aSBvZmZpY2lh
IGRlc2VydW50IG1vbGxpdGlhIGFuaW1pLCBpZCBlc3QgbGFib3J1bSBldCBkb2xv
cnVtIGZ1Z2EuIA0KRXQgaGFydW0gcXVpZGVtIHJlcnVtIGZhY2lsaXMgZXN0IGV0
IGV4cGVkaXRhIGRpc3RpbmN0aW8uIE5hbSBsaWJlcm8gdGVtcG9yZSwgY3VtIHNv
bHV0YSBub2JpcyBlc3QgZWxpZ2VuZGkgDQpvcHRpbyBjdW1xdWUgbmloaWwgaW1w
ZWRpdCBxdW8gbWludXMgaWQgcXVvZCBtYXhpbWUgcGxhY2VhdCBmYWNlcmUgcG9z
c2ltdXMsIG9tbmlzIHZvbHVwdGFzIGFzc3VtZW5kYSBlc3QsIA0Kb21uaXMgZG9s
b3IgcmVwZWxsZW5kdXMuIFRlbXBvcmlidXMgYXV0ZW0gcXVpYnVzZGFtIGV0IGF1
dCBvZmZpY2lpcyBkZWJpdGlzIGF1dCByZXJ1bSBuZWNlc3NpdGF0aWJ1cyANCnNh
ZXBlIGV2ZW5pZXQgdXQgZXQgdm9sdXB0YXRlcyByZXB1ZGlhbmRhZSBzaW50IGV0
IG1vbGVzdGlhZSBub24gcmVjdXNhbmRhZS4gDQpJdGFxdWUgZWFydW0gcmVydW0g
aGljIHRlbmV0dXIgYSBzYXBpZW50ZSBkZWxlY3R1cywgdXQgYXV0IHJlaWNpZW5k
aXMgdm9sdXB0YXRpYnVzIG1haW9yZXMgYWxpYXMgY29uc2VxdWF0dXIgDQphdXQg
cGVyZmVyZW5kaXMgZG9sb3JpYnVzIGFzcGVyaW9yZXMgcmVwZWxsYXQu
:base64Encoded:loremIpsum.txt:

[foxidrive]

Your code works here in XP Pro.

This uses carlos' BHX.EXE tool to create this file, and an extra command to use makecab to shrink the source file into a .cab file.

Code: Select all

@Echo Off
SetLocal EnableExtensions
Call :Rebuild
If ErrorLevel 1 Echo Rebuild failed.
Goto :Eof

:Rebuild
Rem Script made using BHX 5.6 { consolesoft.com/p/bhx }
SetLocal EnableExtensions EnableDelayedExpansion
Set "bin=loremIpsum.cab"
Set /A "size=1141"
For %%# In (
"loremIpsum.txt"
"!bin!" "!bin!.da" "!bin!.tmp"
) Do If Exist "%%#" (Del /A /F /Q "%%#" >Nul 2>&1
If ErrorLevel 1 Exit /B 1 )
Set "fsrc=%~f0"
Findstr /B /N ":+res:!bin!:" "!fsrc!" >"!bin!.tmp"
(Set /P "inioff="
Set /P "endoff=") <"!bin!.tmp"
For /F "delims=:" %%# In ("!inioff!") Do Set "inioff=%%#"
For /F "delims=:" %%# In ("!endoff!") Do Set "endoff=%%#"
Set ".=ado="adodb.stream""
Set ".=!.! :set a=createobject(ado) :a.type=1 :a.open"
Set ".=!.! :set u=createobject(ado) :u.type=2 :u.open"
Set ".=!.! :set fs=createobject("scripting.filesystemobject")"
Set ".=!.! :set s=fs.opentextfile("!fsrc!",1,0,0)"
Set ".=!.! :e="0123456789abcdefghijklmnopqrstuvwxyzABCDEF"
Set ".=!.!GHIJKLMNOPQRSTUVWXYZ.-:+=^^`/*?&<>()[]{}~,$#"
Set ".=!.!" :max=!size! :wri=0 :n=array(0,0,0,0,0)"
Set ".=!.! :for i=1 to !inioff! step 1 :s.readline :next"
Set ".=!.! :do while i<!endoff! :d=replace(s.readline," ","")"
Set ".=!.! :for j=1 to len(d) step 5 :num85=mid(d,j,5)"
Set ".=!.! :v=0 :for k=1 to len(num85) step 1"
Set ".=!.! :v=v*85+instr(1,e,mid(num85,k,1))-1 :next"
Set ".=!.! :n(1)=Fix(v/16777216) :v=v-n(1)*16777216"
Set ".=!.! :n(2)=Fix(v/65536) :v=v-n(2)*65536"
Set ".=!.! :n(3)=Fix(v/256) :n(4)=v-n(3)*256"
Set ".=!.! :for m=1 to 4 step 1 :if (wri < max) then"
Set ".=!.! :u.writetext chrb(n(m)) :wri=wri+1 :end if :next"
Set ".=!.! :next :i=i+1 :loop"
Set ".=!.! :u.position=2 :u.copyto a :u.close :set u=nothing"
Set ".=!.! :a.savetofile "!bin!",2 :a.close :set a=nothing"
Set ".=!.! :s.close :set s=nothing :set fs=nothing"
Echo !.!>"!bin!.da"
Set "ret=1"
Cscript.exe /B /E:vbs "!bin!.da" >Nul
For %%# In ("!bin!") Do If "%%~z#"=="!size!" Set "ret=0"
If "0"=="!ret!" Expand.exe -r "!bin!" -F:* . >Nul
If ErrorLevel 1 Set "ret=1"
Del /A /F "!bin!" "!bin!.da" "!bin!.tmp" >Nul
Exit /B !ret!

:+res:loremIpsum.cab:
o&BzG00000BP.WA00000ec2UI000000,5A50rr9100000o8[}(0rrimNG~([
00000006-7UQftIy&su9zaOX/B.~:MCYS~O~q4SZ1EYQ2FpJQV5tC0Y05KWi
mf3c>gZfQ~Bt/bg/)<k)as476TiF[p?`:u~<kb3g~,j$(0hoGF8uG)YU/PNf
&6L+R{~pk)CN3c.w*3DG})Ro*lY>{l{S]`SX[T-Cw[yzi7P`}8+?YZtYLcQg
xA4]hFDbVI03RBY80M.i(K.E7yYsti~]Fj>B+2QLCN:h#i`wJxFD=.azfl.Q
.A:qcO~+p1Z,bdH{iCp/EcmKn1,2cXF:i]1~<t7py=rTe.~R}wVc=zg1{>lE
k}fq`a&`~}7e#w[ne88(2(w<kuzKg~2-38x9xY,wrda(3LM:K)RFU7,1,jMm
^~ovw5X0i9ugk?G6JQy~OM0N~+Zs^J/k06lRTHPLka<jhO$rlMV]/U:pvz1?
dS57Fo{A22US<ee-=E#?Vg9e)l[p$2U.eM*O.WvT&01c?1&*wYiVxo(f<DH7
8wlc=v{,1o11n5X<VobNg,`UZ0=NKs0`ZZedGXSEcLYo)3Am1v<k5S]Ku?Y~
*q(v?]38^bha:ia76W0k?J(}h82>?M)O=>8KC-fHI9})op=jv45mZd[4ixUw
FVeSHsY7b*=o9SU3pezHW(OcD`tyOG^=A1my#xfAlZVa>B/REh18<BK8LB^+
Hx#4=wn}doI7eFDE7u3G+1&/s>}x)&::zYDs=):)BK<)SP^&oc[3Rar:<[=V
j-3.?jzSc.RtIH,)N)7Mu],)bnw+o9~Dok1DV5nlcc#VC/T]>GsZKbCNZR}C
cu~ngVe/-:G,}&-Mc7]6k5wSuETQr9DF8l1gp>aAaDH{678^uEW/8=guxZMH
4clb+n?*p1N3Qd8LXeUCYrR$6MoSvy>sOX$15NITIC}dGmAT9lN+waq)WEkk
aK3QhG.4O6mB5fb4FmAmr[?G6H*M?ET#gC3jiZm..vZ<*N$?#h~3)L(&*Q)N
ICPgJb?ZO]2:RiGbV6=UG.SjMW1vS<]R.>kqdA0qw,#)0Ny~EefJ}Zl`>psM
jpnhTY4DA]C7$RBaj?M&xH4>6RmfIO>#}ZUp?&6StK88qO^i^PYdQyRcW(+n
&UfXHdM&1QDwj~AdEa^W`D2ts[(Om$QRK6cDHZDaxg3J2Mzexsh)IHKM+Hj$
83P-pU4qKvV/NB2M-?DHf/e[?<I[Jmbq9c5`PsEEp9j3Km^nV9=BnI(U5eqV
rA(+E}$,SE}D6i=(57]uK0]v]n.Xj+>1>vhn&*Fn&5W}lM6riGv^AXz`QoP.
lODy*kmk+)r*#[LQSTxe-/^vI(eUSEh/]60MT}Wyxu#<~E},Yx.erb8xGeZ[
-C#UZ)}f^rf,A+*=/#<WH:>BVbdBJuTU,GgibM0D:Q3*$*w?iN
:+res:loremIpsum.cab:

[elzooilogico]

Your code works here in XP Pro.

This uses carlos' BHX.EXE tool to create this file, and an extra command to use makecab to shrink the source file into a .cab file.

Thanks foxidrive, glad to know that it works in XP.

I'll have tested carlos' BHX and found that only one file is encoded.

I'm currently using a modified version of Igor Pavlov's lzma encoding. It gives me a size gain about 50/80% and lets me add as many files in only one archive to attach to the script.

if you are interested in it, is written in c. Source code & binaries at https://drive.google.com/open?id=0B6xXr ... TY2c2RZTDg