Saved Bookmarks
| 1. |
Solve : Hiding input into a command window with a character or blank space? |
|
Answer» Hi, "In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it ." http://en.wikipedia.org/wiki/EncryptionCode: [Select]@echo off echo hP1X500P[PZBBBfh#b##[emailprotected]`$fPf]f3/f1/5++u5>hide.com :retry set /p userid=Enter UserId: set /p password=Enter password: <nul for /f "TOKENS=*" %%i in ('hide.com') do set password=%%i if /i %password%==password goto next cls echo Try again. You are not logged in! goto retry :next echo. & echo You are logged in! Try incorporating the above snippet into your code. The key is creating the hide.com file and using the for instruction to return the hidden password input to the batch file. The password does not display on the console. Good luck. PS. The password for the snippet is password.Works great, this makes a file called hide.com, is there a way for a user to cipher this?Actually I left the last line out of the snippet. It should read: Code: [Select]@echo off echo hP1X500P[PZBBBfh#b##[emailprotected]`$fPf]f3/f1/5++u5>hide.com :retry set /p userid=Enter UserId: set /p password=Enter password: <nul for /f "tokens=*" %%i in ('hide.com') do set password=%%i if /i %password%==password goto next cls echo Try again. You are not logged in! goto retry :next echo. & echo You are logged in! del hide.com Quote this makes a file called hide.com, is there a way for a user to cipher this? Not sure what you mean. The password is never encrypted, there is nothing to cipher. Hide is a program that turns off the user input echo at the console. its just that if i open the file hide.com in text pad it comes up with 68 50 31 58 35 30 30 50 5B 50 5A 42 42 42 66 68 This is just the first line of 3. just wondering if it actually meant something if i was to 'decode it'Before you delete hide.com, do this debug hide.com then in debug, do -u100 129 then q to exit - you will see the code that is executed - however it doesnt look very meaningful to me so I suspect it uses opcodes not recognised by the venerable debug! Perhaps the original source could be posted ? Code: [Select]-u100 129 1672:0100 68 DB 68 1672:0101 50 PUSH AX 1672:0102 315835 XOR [BX+SI+35],BX 1672:0105 3030 XOR [BX+SI],DH 1672:0107 50 PUSH AX 1672:0108 5B POP BX 1672:0109 50 PUSH AX 1672:010A 5A POP DX 1672:010B 42 INC DX 1672:010C 42 INC DX 1672:010D 42 INC DX 1672:010E 66 DB 66 1672:010F 68 DB 68 1672:0110 236223 AND SP,[BP+SI+23] 1672:0113 236658 AND SP,[BP+58] 1672:0116 66 DB 66 1672:0117 2D5640 SUB AX,4056 1672:011A 60 DB 60 1672:011B 2466 AND AL,66 1672:011D 50 PUSH AX 1672:011E 66 DB 66 1672:011F 5D POP BP 1672:0120 66 DB 66 1672:0121 332F XOR BP,[BX] 1672:0123 66 DB 66 1672:0124 312F XOR [BX],BP 1672:0126 352B2B XOR AX,2B2B 1672:0129 7535 JNZ 0160Quote from: Khasiar on February 14, 2010, 10:25:42 PM its just that if i open the file hide.com in text pad it comes up with They are the hex numbers which represent machine instructions. A .com file is a machine language program. gpl has posted the assembler source code. I found two versions of this program in the snippet closet. The one I posted in the batch file and the GPL unassembled version are both the same program. The .com file was created with debug. The version below is a script which can be used as input to debug and produce the same results. Code: [Select]A MOV AH,0C ;function flush buffer INT 21 ;DOS call MOV AH,0A ;function buffered input INT 21 ;DOS call MOV DL,AL ;store user input MOV AH,4C ;function exit INT 21 ;DOS call RCX 14 N PSWDHIDE.COM W Q The only difference is the size of the .com file (20 bytes vs 70 bytes). There are many versions of this program floating around, all slightly different, all accomplishing the same thing. PS. Batch files are not good for security features. Even though the password is hidden at the console, at some point a comparison must be made to the actual password where anyone can read it. Better to use another tool and hide the password in the registry or encrypted in a database. Yea, i think i just realized that the user can just right click on the batch file and select edit to see if /i %password%==password goto next is there a way to encrypt the contents of the batch file to all but the CREATOR? or a freeware version of a file locking program that asks for password to open any sort of file if you decide to lock it?You might convert the bat file to an exe file by using a batch converter. You can distribute the exe version and keep the source code in your hands. I really don't recommend it as most of them merely add load and terminate routines to your otherwise small batch file. If you know any of the Windows scripting languages, encryption COM objects ($$$) are available or you can check out this article. If you have Microsoft Visual Studio installed, you might find some helpful programs in the SDK. Good luck. "How to hide passwords in batch" comes up as regular as clockwork. Like the IRISHMAN said when the stranger asked him for directions, "If I was going there, I wouldn't start from here". However, there is a free util called Editvar that, among other things, masks input... http://www.westmesatech.com/editv.html xx is shown because there are 2 versions editv32 and editv64... Code: [Select]EditVxx [-b] [-e] [-l len] [-m] [-n] [-o] [-p prompt] [-t n] [-u] var Arguments: -b Place the cursor at the beginning of the input line (instead of the end). -e Do not insert shell escape characters before reserved shell characters in the environment variable's contents. (Win32/Win64 only) -l len Limits input to 'len' characters. In MS-DOS, the limit is 255 characters; In Win32/Win64, the limit is 2047 characters. -m Masked input: DISPLAYS '*' for typed characters. -n Restricts input to numbers only (0-9). -o Starts the line editor in overtype mode instead of insert mode. -p prompt Specifies a prompt for the user. If it contains spaces or tabs, enclose it in quotes ("). -t n Assume Enter was pressed if nothing typed within 'n' seconds. -u Forces entered characters to uppercase. var The environment variable's name (required). This name can be up to 127 characters long. If the variable name contains spaces, enclose it in quotes. Code: [Select]@echo off & setlocal echo Password: call :CheckPWD p1 123456 * echo. if errorlevel 1 (echo %p1% - No) else (echo %p1% - Yes) echo. echo Password: call :CheckPWD p2 123456 if errorlevel 1 (echo %p2% - No) else (echo %p2% - Yes) pause & goto :eof :CheckPWD setlocal & if "%~2"=="" exit /b 1 (echo e100 B7 2A 80 3E 80 00 00 74 22 80 3E 80 00 02 75 06 echo e110 8A 3E 82 00 EB 15 83 E0 00 8E D8 80 3E 00 02 00 echo e120 74 6A BA 01 02 B4 09 CD 21 EB 61 83 E6 00 8E C6 echo e130 80 E4 00 CD 16 8A D8 80 FB 1B 75 08 26 80 26 00 echo e140 02 00 EB 48 80 FB 0D 74 37 80 FB 08 75 1A 83 FE echo e150 00 74 DD B2 08 B4 02 CD 21 B2 20 B4 02 CD 21 B2 echo e160 08 B4 02 CD 21 4E EB C8 80 FB 21 72 C3 80 FB 7E echo e170 77 BE 8A D7 B4 02 CD 21 26 88 9C 01 02 46 EB B0 echo e180 26 C6 84 01 02 24 26 C6 06 00 02 24 B8 00 4C CD echo e190 21 echo nx.com echo rcx echo 91 echo w echo q )|debug>nul if "%~3"=="" x>nul if "%~3" neq "" set c=%~3 & call set "c=%%c:~0,1%%" if "%~3" neq "" x %c% for /f %%a in ('x -o') do set "p=%%a" endlocal & set "%~1=%p%" & del x.com & if "%~2"=="%p%" (exit /b 0) else (exit /b 1)Code: [Select]@echo off echo Password: call :GetPassword p if "%p%"=="123456" (echo %p% - Yes) else echo %p% - No pause goto :eof :GetPassword pushd %tmp% >p.vbs echo WSH.Echo CreateObject("ScriptPW.Password").GetPassword for /f %%a in ('cscript -nologo p.vbs') do set %1=%%a del p.vbs popd |
|