0

I want to integrate a vbscript that use a function with a symmetric encryption function into a batch file that ask user to enter its password using powershell to mask the input text :

@echo off
set "psCommand=powershell -Command "$pword = read-host 'Enter Password' -AsSecureString ; ^
    $BSTR=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pword); ^
        [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)""
for /f "usebackq delims=" %%p in (`%psCommand%`) do set password=%%p
echo %password%
pause

Vbscript code :

Encrypted_String = Crypt("123456789")
wscript.echo Encrypted_String
Decrypted_String = Crypt(Encrypted_String)
wscript.echo Decrypted_String
'***************************************************************************
Function Crypt(text) 
Dim i,a
For i = 1 to len(text)
      a = i mod len(255)
      if a = 0 then a = len(255)
      Crypt = Crypt & chr(asc(mid(255,a,1)) XOR asc(mid(text,i,1)))
Next
End Function
'***************************************************************************

So, i'm trying to combine those codes into a batch file like that :

The combined Batch-File :

@echo off & Setlocal EnableDelayedExpansion
Title %~n0 - Encrypt_Decrypt passwords by Hackoo 2016
Mode 60,5 & Color 0E
:Main
Call :Clean
Call :InputPassword "Please choose your password" MyPass
Call :Crypt_Decrypt !MyPass! >%tmp%\MyCryptedPass.txt
(set /p CryptPass=)<%tmp%\MyCryptedPass.txt
echo The encrypted password is :!CryptPass! 
pause
cls
Call :Crypt_Decrypt !CryptPass!>%tmp%\MyPlaintextPass.txt
(set /P MyPlaintextPass=)<%tmp%\MyPlaintextPass.txt
echo The password in plain text is : !MyPlaintextPass! 
pause
Goto :Main
::********************************************************************************
:InputPassword
Cls
echo.
set "psCommand=powershell -Command "$pword = read-host '%1' -AsSecureString ; ^
    $BSTR=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pword); ^
      [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)""
        for /f "usebackq delims=" %%p in (`%psCommand%`) do set %2=%%p
Goto :eof   
::********************************************************************************
:Crypt_Decrypt
Call :Clean
(
echo StringEnCrypted = Crypt("%~1"^)
echo wscript.echo StringEnCrypted
echo '****************************************************************************
echo Function Crypt(text^) 
echo Dim i,a
echo For i = 1 to len(text^)
echo       a = i mod len(255^)
echo       if a = 0 then a = len(255^)
echo       Crypt = Crypt ^& chr(asc(mid(255,a,1^)^) XOR asc(mid(text,i,1^)^)^)
echo Next
echo End Function
echo '****************************************************************************
)>%tmp%\Crypt_Decrypt.vbs
cscript /nologo %tmp%\Crypt_Decrypt.vbs
goto :eof
::********************************************************************************
:Clean
If Exist %tmp%\Crypt_Decrypt.vbs Del %tmp%\Crypt_Decrypt.vbs
goto :eof
::********************************************************************************

So, this last Batch script can encrypt and dercypt strings; but when i enter only numbers or something like this it didn't work ??? For example if enter :

  1. 123456789 as password ==> Not Ok
  2. hackoo123 as password ==> Not Ok

Thank you for your help !

Community
  • 1
  • 1
Hackoo
  • 18,337
  • 3
  • 40
  • 70

1 Answers1

1

Your encryption can produce null (ascii decimal 0), carriage return (ascii decimal 13), and newline (ascii decimal 10) bytes, all of which will wreak havoc when you write the value to a file and then try to read it back in again. It is possible to work with carriage return and newline within environment variables, but null is an absolute no go.

Well, almost end of story. Batch can use FC in binary mode to read a binary file, byte by byte, outputting each byte in hex notation. (see HEXDUMP.BAT) But I don't think you want to go there.

If you want to deal with encrypted values within batch environment variables, then I suggest you come up with a new encryption scheme that avoids the troublesome bytes. At a minimum you must avoid null bytes.

Another option would be to abandon symmetric encryption, and let VBS convert the encrypted form into hex notation before you write it to disk.

Which leads me to another concern - Why are you writing a password to disk? That does not sound like a good idea.

Final note - Passing arbitrary strings on the command line is fraught with peril. You are better off passing the name of an environment variable that contains the value, and then let the called routine get the value from the variable. Certainly VBS can read an environment variable given the variable name.

dbenham
  • 127,446
  • 28
  • 251
  • 390