Wednesday, February 15, 2012

Simple Powershell Password Obfuscation

There is many ways to encrypt password in SHA1, MD5 or any other encrypter in powershell using .NET libraries.
This time, I only need a simple and fast obfuscation powershell encoder/decoder to avoid plain text password. I choose this simple solution:
I encode in decimal letter then I add 1
Ex: A = 41 (byte char in hexadecimal) = 65 (byte char in decimal)
obfuscation add 1 so obfuscation result = 65+1 = 66
obfuscation decoder sub 1 so 66-1 = 65 = A
((download scripts)

to encode
$strEncoded = ""
$strToEncode = "ABCD"
$strToEncode.ToCharArray() | Foreach { $strEncoded = $strEncoded + ([BYTE][CHAR]($_)+1)  + " " }
Write-Host $strEncoded

encode result:
66 67 68 69

to decode
$strDecoded = ""
$strToDecode = "66 67 68 69"
$strToDecode.Trim().Split(" ") | Foreach { $strDecoded = $strDecoded + [CHAR][BYTE](($_)-1) }
Write-Host $strDecoded 

decode result:
ABCD

Example of obfuscation encoder for your password
#
# Simple Password Obfuscation encoder
# 
# by Franck RICHARD 
# 2012 February
#

$strComputername = Read-Host "Enter Computername"
$username = Read-Host "Enter Username"
$password = read-host "Enter a Password"

# To encode password
$strToEncode = $password
$strEncoded = ""
$strToEncode.ToCharArray() | Foreach { $strEncoded = $strEncoded + ([BYTE][CHAR]($_)+1)  + " " }

$line = $strComputername + ";" + $username + ";" + $strEncoded
Write-Host $line

result with computer mycomputer, user myuser and password mypasswor;
Enter Computername: mycomputer
Enter Username: myuser
Enter a Password: mypassword
mycomputer;myuser;110 122 113 98 116 116 120 112 115 101


Example of obfuscation decoder for your password
you need a test file servers.txt using line generated above
mycomputer;myuser;110 122 113 98 116 116 120 112 115 101
mycomputer2;myuser2;111 102 120 113 98 116 116 120 112 115 101


#
# Simple Password Obfuscation decoder
# 
# by Franck RICHARD 
# 2012 February
#

$strContent = Get-Content servers.txt
Foreach ($strLine in $strContent) {
 $strInfos = $strLine.Trim().Split(";") 
 $strDecoded = ""
 $strToDecode = $strInfos[2]
 $strToDecode.Trim().Split(" ") | Foreach { $strDecoded = $strDecoded + [CHAR][BYTE](($_)-1) }
 Write-Host "Computername:" $strInfos[0] "User:" $strInfos[1] "Password:" $strDecoded
}

2 comments:

Anonymous said...

This is not a very good obfuscation, it just translates characters to a number.
At the very least there could be a second row of numbers to make it that '1' is not always 50...

Franck RICHARD said...

I agree, but why obfuscate more when, at the end, a simple write-host can display password? This example is just to avoid to display password for a man in the street. That's not a security way to protect your data. For this, compilation in autoit or c++ is a better way.