"Hide" part of script?

Please check the FAQ (https://www.xyplorer.com/faq.php) before posting a question...
Post Reply
eil
Posts: 1091
Joined: 13 Jan 2011 19:44

"Hide" part of script?

Post by eil » 16 Jan 2020 11:39

is there some way to say "encrypt" part of script with some hash function or smt same similar? i'm using scripts to connect encrypted volumes and thinking about some way to "hide" in script the line that contains pathes, names, parameters.
any hints?

highend
Posts: 9257
Joined: 06 Feb 2011 00:33

Re: "Hide" part of script?

Post by highend » 16 Jan 2020 11:50

The script would still need to decrypt the hidden *things* to use them for something so as long as the user can read the script...

You could embed them in a real program where the script would only exist in memory (after the app has decrypted it internally) which would make it a lot harder to catch it (but ofc not impossible for somebody who knows how to use a disassembler)...
One of my scripts helped you out? Please donate via Paypal or paypal_donate (at) stdmail (dot) de

eil
Posts: 1091
Joined: 13 Jan 2011 19:44

Re: "Hide" part of script?

Post by eil » 16 Jan 2020 12:06

adding another app would be too cumbersome imo. this is not really an effort to hide everything, just make less obvious if laptop gets in "un-proper hands". so if i'd be able to encrypt line of text with smt simple like hash function, that would be enough. plus adding just 1-2 lines to "decrypt" that, wouldn't make script look "suspicious" for smb curious and bored.
so basically i'm asking experienced in XY scripting people if it's possible at all or i'm dreaming.)

highend
Posts: 9257
Joined: 06 Feb 2011 00:33

Re: "Hide" part of script?

Post by highend » 16 Jan 2020 12:25

It's impossible as long as the decrypting happens in the same script.

And no, you can't "hash" a path. That's a fingerprint, not something that can be reversed.

Nobody stops you from scrambling strings in the script, though. Look at inbuilt commands like base64encode / base64decode
One of my scripts helped you out? Please donate via Paypal or paypal_donate (at) stdmail (dot) de

eil
Posts: 1091
Joined: 13 Jan 2011 19:44

Re: "Hide" part of script?

Post by eil » 23 Jan 2020 10:57

@highend wanted to say thanks for hint with scrambling - i actually found a way to quite "hide" important script parts with multi-base64encode-ing. this is not "bulletproof", but obviously needs one to know how many times while() to operate for proper decode to happen.

Code: Select all

$i = input("Enter number");
  $a="V2xkT2IySjVRV2RKYTJod1NWTkpOdz09";
  while($i > 0){
    $a = base64decode($a);
    $i--;
  };
  load $a, ,s;
btw is there some offline/chm file with undocumented commands/variables, kinda same as in this thread?

highend
Posts: 9257
Joined: 06 Feb 2011 00:33

Re: "Hide" part of script?

Post by highend » 23 Jan 2020 11:30

Can't say that I find this very user friendly. Even if you are only afraid of such a script being leaked (and you normally only use them yourself), do you remember every single $i value for each of your scripts that uses this kind of scrambling?

And it's still a peace of cake to circumvent the whole thing for anybody who wants too...

Code: Select all

    // You've encoded it with your own value before you put it into your final script
    $i = 20;
    $a = 'echo  "Hi!";';
    while($i > 0){
        $a = base64encode($a);
        $i--;
    }

    // Anyone who wants to break it without entering a number himself (and without knowing your original number)
    $i   = 1;
    $j   = 50;
    $log = "";
    while($j > 0){
        if (strlen($a) <= 3) { break; }
        $a = base64decode($a);
        $log .= "Try: $i = " . $a . <crlf 2>;
        $i++;
        $j--;
    }
    text $log;
You can't set the first $i value too high (XYplorer will run out of memory for storing the $a variable) anyway and you wouldn't want to store such large strings in your script because it makes it suspicious in the first place.

Just my 2 cents...
btw is there some offline/chm file with undocumented commands/variables, kinda same as in this thread?
No. That's the reason why that thread was created.
One of my scripts helped you out? Please donate via Paypal or paypal_donate (at) stdmail (dot) de

eil
Posts: 1091
Joined: 13 Jan 2011 19:44

Re: "Hide" part of script?

Post by eil » 23 Jan 2020 12:09

highend wrote:
23 Jan 2020 11:30
Can't say that I find this very user friendly. Even if you are only afraid of such a script being leaked (and you normally only use them yourself), do you remember every single $i value for each of your scripts that uses this kind of scrambling?

And it's still a peace of cake to circumvent the whole thing for anybody who wants too...
well that didn't need to be friendly at all and i have good system of "reminding" myself the proper passes. :wink: you're right it's not that hard to reveal everything, BUT not for anybody/ordinary user for sure. initially i was not trying to hide everything from special services, it's only about possible robbers, custody, any home visitors etc.

Post Reply