Franck RICHARD's Blog: Simple Powershell Password Obfuscation

Wednesday, February 15, 2012

Simple Powershell Password Obfuscation

There is many ways to encrypt password in SHA1, MD5 or any other encrypter in powershell using .NET libraries.
This time, I only need a simple and fast obfuscation powershell encoder/decoder to avoid plain text password. I choose this simple solution:
I encode in decimal letter then I add 1
Ex: A = 41 (byte char in hexadecimal) = 65 (byte char in decimal)
obfuscation add 1 so obfuscation result = 65+1 = 66
obfuscation decoder sub 1 so 66-1 = 65 = A
((download scripts)

to encode

$strEncoded = ""
$strToEncode = "ABCD"
$strToEncode.ToCharArray() | Foreach { $strEncoded = $strEncoded + ([BYTE][CHAR]($_)+1)  + " " }
Write-Host $strEncoded

encode result:

66 67 68 69

to decode

$strDecoded = ""
$strToDecode = "66 67 68 69"
$strToDecode.Trim().Split(" ") | Foreach { $strDecoded = $strDecoded + [CHAR][BYTE](($_)-1) }
Write-Host $strDecoded

decode result:

ABCD

Example of obfuscation encoder for your password

#
# Simple Password Obfuscation encoder
# 
# by Franck RICHARD 
# 2012 February
#

$strComputername = Read-Host "Enter Computername"
$username = Read-Host "Enter Username"
$password = read-host "Enter a Password"

# To encode password
$strToEncode = $password
$strEncoded = ""
$strToEncode.ToCharArray() | Foreach { $strEncoded = $strEncoded + ([BYTE][CHAR]($_)+1)  + " " }

$line = $strComputername + ";" + $username + ";" + $strEncoded
Write-Host $line

result with computer mycomputer, user myuser and password mypasswor;

Enter Computername: mycomputer
Enter Username: myuser
Enter a Password: mypassword
mycomputer;myuser;110 122 113 98 116 116 120 112 115 101

Example of obfuscation decoder for your password
you need a test file servers.txt using line generated above

mycomputer;myuser;110 122 113 98 116 116 120 112 115 101
mycomputer2;myuser2;111 102 120 113 98 116 116 120 112 115 101

#
# Simple Password Obfuscation decoder
# 
# by Franck RICHARD 
# 2012 February
#

$strContent = Get-Content servers.txt
Foreach ($strLine in $strContent) {
 $strInfos = $strLine.Trim().Split(";") 
 $strDecoded = ""
 $strToDecode = $strInfos[2]
 $strToDecode.Trim().Split(" ") | Foreach { $strDecoded = $strDecoded + [CHAR][BYTE](($_)-1) }
 Write-Host "Computername:" $strInfos[0] "User:" $strInfos[1] "Password:" $strDecoded
}

2 comments:

Anonymous said...: This is not a very good obfuscation, it just translates characters to a number.
At the very least there could be a second row of numbers to make it that '1' is not always 50...; October 14, 2014 at 9:17 AM
Franck RICHARD said...: I agree, but why obfuscate more when, at the end, a simple write-host can display password? This example is just to avoid to display password for a man in the street. That's not a security way to protect your data. For this, compilation in autoit or c++ is a better way.; October 14, 2014 at 2:31 PM