|
biobio
初级用户
积分 162
发帖 44
注册 2006-3-24
状态 离线
|
『楼 主』:
[原创][讨论]非编译型批处理加密方案与代码
使用 LLM 解释/回答一下
.bat文件虽然好用,但安全性太脆弱
随便什么人都可以打开查看,甚至修改其中内容
有没有什么办法不把.bat转换成.exe或.com之类,仍是.bat文件
但别人无法查看并修改其中内容???
有没有什么自我加密之类的呢?
高手给个解决的思路吧
───────────────── 版主提示 ─────────────────
目前讨论的方案如下:
1、在批处理代码插入Unicode特征串的方案(7楼,yuanyong630)
相关讨论见于24、25、45、48等楼
代码实现(27楼,pengfei)的下载链接如下:
点击下载:BAT加密工具.rar
对记事本等使用IsTextUnicode函数识别编码类型的程序有效
对type/edit/EditPlus/UltraEdit等不使用IsTextUnicode函数的程序无效
2、给批处理代码头部增加Unicode字节序标记(BOM)的方案(40楼,zxcv)
相关讨论见于41、43、69等楼
代码实现(71楼,zxcv)的下载链接如下:
EncryBat.rar (zxcv)
对记事本、Word、UltraEdit、type等支持Unicode编码的程序有效
对edit/WinRAR内部查看器等不支持Unicode编码的程序无效
3、将批处理代码的回车换行符置换为回车符的方案(17楼,electronixtar)
相关讨论见于26楼
对edit等分别识别回车换行符的编辑器有效
4、对批处理代码进行字典式转换的方案(11楼,3742668)
相关讨论及代码实现见于11、15楼
代码明文运行时动态生成,故此方案与编辑器无关;
积分奖励:
yuanyong630\3742668\pengfei\zxcv各奖励8点积分
electronixtar奖励4点积分
───────────────── 版主提示 ─────────────────
Last edited by willsort on 2006-8-6 at 04:02 ]
Although .bat files are convenient to use, their security is too weak. Anyone can open them to view or even modify the content. Is there a way to keep the file as a .bat without converting it to .exe, .com, or other formats, while preventing others from viewing and modifying its content? Is there any self-encryption method available? Experts, please provide a solution思路.
───────────────── Moderator's Note ─────────────────
The currently discussed solutions are as follows:
1. Inserting Unicode feature strings into batch code (Floor 7, yuanyong630)
Related discussions can be found on Floors 24, 25, 45, 48, etc.
Download link for the code implementation (Floor 27, pengfei):
Click to download: BAT Encryption Tool.rar
Effective for programs that use the IsTextUnicode function to identify encoding types, such as Notepad.
Ineffective for programs that do not use the IsTextUnicode function, such as type/edit/EditPlus/UltraEdit.
2. Adding a Unicode Byte Order Mark (BOM) to the header of batch code (Floor 40, zxcv)
Related discussions can be found on Floors 41, 43, 69, etc.
Download link for the code implementation (Floor 71, zxcv):
EncryBat.rar (zxcv)
Effective for programs that support Unicode encoding, such as Notepad, Word, UltraEdit, and type.
Ineffective for programs that do not support Unicode encoding, such as edit and WinRAR internal viewer.
3. Replacing carriage return-line feed characters in batch code with carriage return characters (Floor 17, electronixtar)
Related discussions can be found on Floor 26.
Effective for editors that separately recognize carriage return-line feed characters, such as edit.
4. Dictionary-based conversion of batch code (Floor 11, 3742668)
Related discussions and code implementations can be found on Floors 11 and 15.
The code is dynamically generated during plaintext execution, so this solution is independent of the editor.
Points Reward:
yuanyong630, 3742668, pengfei, and zxcv will each receive 8 points.
electronixtar will receive 4 points.
───────────────── Moderator's Note ─────────────────
Last edited by willsort on 2006-8-6 at 04:02 ]
此帖被 +5 点积分 点击查看详情 | 评分人:【 jonsonqf 】 | 分数: +2 | 时间:2008-4-29 17:25 | | 评分人:【 Wingl83 】 | 分数: +2 | 时间:2008-12-23 14:06 | | 评分人:【 niels 】 | 分数: +1 | 时间:2009-5-16 08:29 |
|
|
|
 2006-7-10 10:52 |
|
|
electronixtar
铂金会员
积分 7493
发帖 2672
注册 2005-9-2
状态 离线
|
『第 2 楼』:
使用 LLM 解释/回答一下
我早就知道这个帖子会火的,所以占了个沙发,哈哈
Last edited by electronixtar on 2007-5-8 at 08:36 PM ]
I knew this thread would become popular a long time ago, so I claimed the first comment spot, haha
Last edited by electronixtar on 2007-5-8 at 08:36 PM ]
|
C:\>BLOG http://initiative.yo2.cn/
C:\>hh.exe ntcmds.chm::/ntcmds.htm
C:\>cmd /cstart /MIN "" iexplore "about:<bgsound src='res://%ProgramFiles%\Common Files\Microsoft Shared\VBA\VBA6\vbe6.dll/10/5432'>" |
|
|
2006-7-10 11:27 |
|
|
kcdsw
中级用户
积分 404
发帖 179
注册 2006-3-30
状态 离线
|
『第 3 楼』:
使用 LLM 解释/回答一下
QuickBFC.EXE
搜索一下 这个程序等于是把bat文件嵌入进去了 所以只要环境对就能正确执行
QuickBFC.EXE
After searching, this program essentially embeds batch files, so it can execute correctly as long as the environment is appropriate.
|
|
|
2006-7-10 17:34 |
|
|
zhaxi
初级用户
积分 112
发帖 40
注册 2006-6-23
状态 离线
|
『第 4 楼』:
使用 LLM 解释/回答一下
这个QuickBFC.EXE只能打包1个bat为exe,没什么用。
有没有把一组bat文件打包为exe的。因为经常会有很多bat组成一个程序啊。
This QuickBFC.EXE can only package one batch file into an executable, which is not very useful.
Is there a tool that can package a group of batch files into an executable? This is because programs often consist of multiple batch files.
|
|
|
2006-7-10 19:19 |
|
|
kcdsw
中级用户
积分 404
发帖 179
注册 2006-3-30
状态 离线
|
『第 5 楼』:
使用 LLM 解释/回答一下
那你去找个有用的吧 干脆你给大伙写个不正好嘛
说这等屁话
Then go find something useful. Why don't you just write one for everyone? Spouting such nonsense.
|
|
|
2006-7-10 19:22 |
|
|
asbai
高级用户
积分 653
发帖 252
注册 2006-4-16
状态 离线
|
『第 6 楼』:
使用 LLM 解释/回答一下
Originally posted by kcdsw at 2006-7-10 19:22:
那你去找个有用的吧 干脆你给大伙写个不正好嘛
说这等屁话
hoho,不至于吧?火气咋这么大?
Originally posted by kcdsw at 2006-7-10 19:22:
Then go find something useful. Why don't you just write one for everyone?
What nonsense are you talking about?
hoho, is that necessary? Why are you so angry?
此帖被 +2 点积分 点击查看详情 | 评分人:【 jckjuc 】 | 分数: +1 | 时间:2007-3-26 15:54 | | 评分人:【 】 | 分数: +1 | 时间:2009-8-24 05:47 |
|
|
|
|
2006-7-11 21:04 |
|
|
yuanyong630
初级用户
积分 49
发帖 13
注册 2006-7-13
状态 离线
|
|
|
2006-7-13 11:28 |
|
|
flying008
中级用户
积分 245
发帖 103
注册 2006-6-30
状态 离线
|
『第 8 楼』:
使用 LLM 解释/回答一下
有效……支持……感谢 ……! 绝对的智慧和技术的结晶!
那请问楼上的,怎么重新显示内容呢?有盾必有矛吧?
Valid... Supported... Thank you... It is an absolute crystallization of wisdom and technology! Then, may I ask the person above, how can the content be displayed again? Where there is a shield, there must be a spear, right?
|
|
|
2006-7-13 11:44 |
|
|
wang6610
银牌会员
积分 1246
发帖 488
注册 2003-11-11
状态 离线
|
『第 9 楼』:
使用 LLM 解释/回答一下
7 楼测试过了能行。
The 7th floor tested it and confirmed it works.
|
|
|
2006-7-13 12:47 |
|
|
bagpipe
银牌会员
DOS联盟捡破烂的
积分 1144
发帖 425
注册 2005-10-20
来自 北京
状态 离线
|
『第 10 楼』:
使用 LLM 解释/回答一下
大家火气都别太大了,4楼zhaxi,用多个批处理能够完成的任务也可以写成一个批处理的,只不过代码量的问题不一样罢了..........
Let's all calm down. Zhaxi on the 4th floor, tasks that can be completed with multiple batch files can also be written into a single batch file; it just differs in terms of code volume.
|
|
|
2006-7-13 12:57 |
|
|
3742668
荣誉版主
积分 2013
发帖 718
注册 2006-2-18
状态 离线
|
 『第 11 楼』:
使用 LLM 解释/回答一下
『第 8 楼』:
有效……支持……感谢 ……! 绝对的智慧和技术的结晶!
那请问楼上的,怎么重新显示内容呢?有盾必有矛吧?
『第 9 楼』:
7 楼测试过了能行。
我太菜了,居然看不出7楼的代码怎么能够实现加密代码的作用。
难道8,9楼的朋友把7楼的代码粘贴到自己的脚本开头保存后再打开就看不到自己的代码了?感觉有点耸人听闻。。
既然大家对加密都这么感兴趣,俺也来搅和一把:
关于BAT的加密,很早以前也曾憧憬过,不过由于BAT的局限性,如果纯粹地用BAT来加密BAT,可能就算加了密别人还是能很简单就查看到源码。 不过如果你想对付的只是并不高明的新手的话,可能下面的方法会有所帮助:
在我们的系统中,默认是有不少环境变量的,例如在我的XP SP2中,运行SET命令可以得到如下的变量列表:
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\**\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GOOGLE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\**
LOGONSERVER=\\GOOGLE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;"C:\Program Files\S
ymantec\Norton Ghost 2003\"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\**\LOCALS~1\Temp
TMP=C:\DOCUME~1\**\LOCALS~1\Temp
USERDOMAIN=GOOGLE
USERNAME=**
USERPROFILE=C:\Documents and Settings\**
windir=C:\WINDOWS
另外,还有些不确定的变量:
%CD% - 扩展到当前目录字符串。
%DATE% - 用跟 DATE 命令同样的格式扩展到当前日期。
%TIME% - 用跟 TIME 命令同样的格式扩展到当前时间。
%RANDOM% - 扩展到 0 和 32767 之间的任意十进制数字。
%ERRORLEVEL% - 扩展到当前 ERRORLEVEL 数值。
%CMDEXTVERSION% - 扩展到当前命令处理器扩展名版本号。
%CMDCMDLINE% - 扩展到调用命令处理器的原始命令行。
利用这些环境变量,完全可以把我们的脚本改变得面目全非。例如:
@echo BBS.CN-DOS.NET
相信大家一眼就看出来它的作用是打印 bbs.cn-dos.net 这段字符串到屏幕上。那么下面这段代码是否能一眼就看出它的作用呢?(只有一行)
@%commonprogramfiles:~-2,1%%ComSpec:~-7,1%%pathext:~-1,1%%windir:~-3,1% %pathext:~11,1%%pathext:~11,1%%pathext:~22,1%%pathext:~0,1%%pathext:~1,1%%windir:~5,1%-%windir:~6,1%%windir:~7,1%%windir:~-1,1%%pathext:~0,1%%windir:~5,1%%PATHEXT:~6,1%%tmp:~-4,1%
或者自己定义变量:
@echo off
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=fdip.cct+do-ept+ofu
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:.= %
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:t=s%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:c=b%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:+=.%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:u=t%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:o=n%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:f=e%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:d=c%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:i=h%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:p=o%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:~0,12%d%,:~13%
%,%
pause
怎么样,有点乱花渐欲迷人眼了吧?
老鸟要偷笑了:只要在%,%那行前面加上echo然后再运行,代码就自己显示出来了……
我靠,还好咱也不是吃素的:
@echo off
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=abcd3742668fdip.cct+do-ept+ofu
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:.= %
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:t=s%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:c=b%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:+=.%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:u=t%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:o=n%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:f=e%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:d=c%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:i=h%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:p=o%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:~0,23%d%,:~24%
%,:*3742668=echo.^">nul&%
pause
对付新手,上面的方法已经会让他眼花缭乱了。不过,这也仅仅只是个开头,还有插入迷惑人的垃圾代码,变量高级加密,运行一次后代码自动改变等等方法,好戏还在后头呢。
(待续)
『Floor 8』:
Effective... Supported... Thank you... It is definitely a crystallization of wisdom and technology!
May I ask the person above, how can I redisplay the content? Where there is a shield, there must be a spear, right?
『Floor 9』:
Tested on the 7th floor, it works.
I am too inexperienced; I can't figure out how the code on the 7th floor can实现加密代码的作用.
Could it be that friends on the 8th and 9th floors pasted the code from the 7th floor at the beginning of their own scripts, saved it, and then couldn't see their own code when they opened it? It seems a bit sensational.
Since everyone is so interested in encryption, I'll join in too:
Regarding BAT encryption, I也曾憧憬过 it a long time ago. However, due to the limitations of BAT, if you purely use BAT to encrypt BAT, even after encryption, others might still be able to view the source code very easily. But if the people you want to deal with are just unskilled beginners, the following method might be helpful:
In our system, there are quite a few default environment variables. For example, in my XP SP2, running the SET command gives the following list of variables:
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\**\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GOOGLE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\**
LOGONSERVER=\\GOOGLE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;"C:\Program Files\S
ymantec\Norton Ghost 2003\"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\**\LOCALS~1\Temp
TMP=C:\DOCUME~1\**\LOCALS~1\Temp
USERDOMAIN=GOOGLE
USERNAME=**
USERPROFILE=C:\Documents and Settings\**
windir=C:\WINDOWS
In addition, there are some variable variables:
%CD% - Expands to the current directory string.
%DATE% - Expands to the current date in the same format as the DATE command.
%TIME% - Expands to the current time in the same format as the TIME command.
%RANDOM% - Expands to a random decimal number between 0 and 32767.
%ERRORLEVEL% - Expands to the current ERRORLEVEL value.
%CMDEXTVERSION% - Expands to the current command processor extension version number.
%CMDCMDLINE% - Expands to the original command line that invoked the command processor.
Using these environment variables, we can completely transform our scripts beyond recognition. For example:
@echo BBS.CN-DOS.NET
I believe everyone can immediately see that its function is to print the string bbs.cn-dos.net to the screen. Then can you immediately see the function of the following code? (It is only one line)
@%commonprogramfiles:~-2,1%%ComSpec:~-7,1%%pathext:~-1,1%%windir:~-3,1% %pathext:~11,1%%pathext:~11,1%%pathext:~22,1%%pathext:~0,1%%pathext:~1,1%%windir:~5,1%-%windir:~6,1%%windir:~7,1%%windir:~-1,1%%pathext:~0,1%%windir:~5,1%%PATHEXT:~6,1%%tmp:~-4,1%
Or define your own variables:
@echo off
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=fdip.cct+do-ept+ofu
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:.= %
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:t=s%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:c=b%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:+=.%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:u=t%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:o=n%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:f=e%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:d=c%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:i=h%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:p=o%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:~0,12%d%,:~13%
%,%
pause
How about it, a bit dazzling, isn't it?
Veterans will snicker: Just add echo before the %, % line and run it, and the code will display itself...
Oh no, fortunately, I am not to be trifled with either:
@echo off
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=abcd3742668fdip.cct+do-ept+ofu
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:.= %
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:t=s%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:c=b%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:+=.%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:u=t%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:o=n%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:f=e%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:d=c%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:i=h%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:p=o%
%windir:~-1,1%%ComSpec:~-1,1%%tmp:~-4,1%,=%,:~0,23%d%,:~24%
%,:*3742668=echo.^">nul&%
pause
To deal with beginners, the above method will already make them dazzled. However, this is just the beginning. There are also methods such as inserting misleading garbage code, advanced variable encryption, and automatic code modification after one run. The best is yet to come.
(To be continued)
|
|
|
2006-7-13 15:41 |
|
|
buddiyar
初级用户
积分 160
发帖 75
注册 2006-6-28
状态 离线
|
『第 12 楼』:
使用 LLM 解释/回答一下
真的有效么
那么又是为什么呢?
达人们解释一下先
Is this really effective?
Then why is that?
Could the experts please explain first?
|
|
|
2006-7-15 01:06 |
|
|
flying008
中级用户
积分 245
发帖 103
注册 2006-6-30
状态 离线
|
『第 13 楼』:
使用 LLM 解释/回答一下
奇怪了,现在粘贴代码又不能隐藏BAT内容了,真是怪了,前几天还可以的,
That's strange. Now when pasting code, the BAT content can't be hidden again. It was working just a few days ago.
|
|
|
2006-7-21 14:24 |
|
|
雨露
管理员
DOS非常爱好者
积分 6209
发帖 2598
注册 2006-1-20
状态 离线
|
『第 14 楼』:
使用 LLM 解释/回答一下
7楼的方法好像没有一点用!
The method in the 7th floor does not seem to work at all.
|
|
|
|
2006-7-21 15:32 |
|
|
namejm
荣誉版主
batch fan
积分 5226
发帖 1737
注册 2006-3-10
来自 成都
状态 离线
|
『第 15 楼』:
使用 LLM 解释/回答一下
3742668版主的加密用到了字符的截取和字符的置换,呵呵,得把密码学的常用方法学到手才行,不过这样写代码要自己手握一份字符置换表,有点累人啊。
Moderator 3742668's encryption uses character truncation and character substitution. It seems necessary to master common cryptographic methods, but writing code this way requires manually maintaining a character substitution table, which is somewhat tedious.
|
|
|
2006-7-21 15:48 |
|
|
