Over the years, I get used to automate all of those little processes that go beyond a simple copy & paste files, especially the casual ones. This way, they stay not only easily reproducibles, but also well documented.
The best way to document a process, is to create a well structured script able to reproduce it ;-)
This makes my life much easier, but from time to time, I need to execute one of these script on client’s computer. What to do then?
We could copy the script to his computer and simply launch it, but we run the risk of running into one of those “I like to make your life more interesting” user, for whom a so visible script is too much temptation.
In fact, related to those users, I’m not worried at all that they could browse in the script code, maybe they even could learn something, what really worries me is that they could believe that they have discovered the Pandora’s box of administrator secrets, and they could decide to happily modify something, generating the corresponding destruction – more information about this kind of users in any BOFH thematic blog.
As it is said, better safe than sorry, so to avoid temptation, we’d better apply some kind of obfuscation to the script. And as our only goal is to avoid the user to tinker with our code, we can use some of the several free simple techniques which can be easily found googling (see eg free-vbscript-obfuscator).
However, frequently happens that once our script has been obfuscated, the antivirus agent decides that our script is suspected to be a virus, proceeding to its inmediate elimination or simply stopping its execution. With all good intentions, the antivirus has detected the obfuscated code and puts us a little bump on our way towards the automating tasks on the client machine.
Luckily, Microsoft offer a tool for coding scripts (see eg Encode a Script), which once applied to our obfuscated code, creates a second layer of protection over the script. This way, the obfuscated-and-encoded script is no longer visible to antivirus agents.
And as all of these operations have gone beyond a simple copy & paste files, we’d better collect and sort them all in a single script, that automates the process of obfuscation and encoding of those vbs files, whose code it is wanted to stay away from prying eyes ;-)
In any case, you must be aware that these techniques do not provide real security to our script. In deed, some techniques to decode Windows Script Encoded files have been documented (see eg Breaking The Windows Script Encoder ), and once a file is decoded, it will be only more or less legible, depending on the complexity we had implemented in the obfuscation routine.
Option Explicit Dim oEncoder Set oEncoder = CreateObject("Scripting.Encoder") Dim oFso Set oFso = CreateObject("Scripting.FileSystemObject") Dim oFiles set oFiles = WScript.Arguments Randomize Call EnObfuscate(oFiles) Private function EnObfuscate(oFiles) Dim sFileName, oFile, sBody, i Dim sFileOut, sOutput For i = 0 to oFiles.Count - 1 sFileName = oFiles(i) set oFile = oFso.GetFile(sFileName) sBody = ReadFile(oFile) sOutput = Encode(Obfuscate(sBody)) sFileOut = Left(sFileName, Len(sFileName) - 3) & "vbe" WriteFile sFileOut, sOutput Next End Function Private Function ReadFile(oFile) Dim oStream Const IOMODE_FOR_READING = 1 Set oStream = oFile.OpenAsTextStream(IOMODE_FOR_READING) ReadFile = oStream.ReadAll oStream.Close End Function Private Sub WriteFile(sFileOut, sOutput) Dim oOutputFile Set oOutputFile = oFso.CreateTextFile(sFileOut) oOutputFile.Write sOutput oOutputFile.Close End Sub Private Function Obfuscate(txt) Dim enc, i enc = "" for i = 1 to len(txt) enc = enc & "chr( " & form( asc(mid(txt,i,1)) ) & " ) & " next Obfuscate = "Execute(" & enc & " vbcrlf " & " ) " End Function Private Function form(n) dim r, k, ret r = int(rnd * 10000) k = int(rnd * 3) if( k = 0) then ret = (r+n) & "-" & r if( k = 1) then ret = (n-r) & "+" & r if( k = 2) then ret = (n*r) & "/" & r form = ret End Function Private Function Encode(txt) Const Extension = ".vbs" Const Flags = 0 Const Language = "" Encode = oEncoder.EncodeScriptFile(Extension, txt, Flags, Language) End Function
- Create a file with the above code and save it with your preferred name (eg: enobfuscator.vbs)
- To encode a file, just drag & drop it over the “enobfuscator” script.
- Or from command line, just pass in the vbs filename to the script as an argument