WinBatch Tech Support Home

Database Search

If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.

TechHome

WinBatch
Password Tips

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

How to Hide a Password 

Keywords: hide password	 encryption
Here's some low level code to hide a password from prying eyes. It ought to be able to stop a determined hacker for at least three or four minutes, but is generally suitable to keep the kids or the boss out of something. 
   pswd=AskLine("Enter","Password?","runtintin")
   b=strlen(pswd)
   aa=strcat(b,"@",pswd)
   b=strlen(aa)
   aa=strcat(aa,"JKHJY&GY&RTFUI&YGRDRDTYY*()&*(&*GYGGYR")
   aa=strfix(aa,"&GG&^R^$",32)
   np=""

   for x=1 to b
      xx=char2num(strsub(aa,x,1))
      xx=xx +125
      np=strcat(np,num2char(xx))
   next

   Message("Original=%pswd%","Coded=%np%")

And here's how to get it back: 

   b=strlen(np) 
   orig="" 
  
   for x=1 to b 
      xx=char2num(strsub(np,x,1))
      xx=xx-125
      orig=strcat(orig,num2char(xx))
   next
      s1=ItemExtract(1,orig,"@") 
      Orig=Strsub(orig,strlen(s1)+2,-1) 


   Message(pswd,orig)

Question:

Do you have a method of encrypting (passwords) in winbatch?

My guess would be to try to find an encryption routine of some sort and then encrypt inputs and compare strings with a previously saved encrypted input. I don't have an encryption routine though.. I'll have to start looking..

Answer:

Not yet. We should get one going someday, though.

If you compile the script and put the passwords in the compiled script they are sufficiently hidden for lightweight commercial security.

But what follows is an example from one of our users showing how to sort of get encryption to work.

One common form of encryption involves taking the string that is inputted and running it, along with a "KEY" string, through an algorithm.

e.g., (super-easy algorithm): 

string = "password"
key = "123"
newstring = ""
for i = 1 to StrLen(string) ; for each letter of the password...
keynum = strsub(key, (i mod 3), 1) ; get a digit from the key
newchar = char2num(strsub(string,i,1)) ; get a char from the password
newchar = (newchar + keynum) ; involve the key in some way
if newchar > 126 Then newchar = newchar - 26 ; do any clean up
newchar = num2char(newchar)
newstring = strcat(newstring,newchar) ; make new string
next

message(string, newstring) ; to show encryption.
You will obviously want a better algorithm than this, but you can be creative. Have a reverse algorithm in place so you can decode the encrypted password. Have fun.

And here's some sample code from another user (UNTESTED):

;This utility will encrypt password obtained from prompt and write it to initialization
;file. The second part of the utility will retrieve encrypted password from initialization
;file & decrypt it. Split the utility up as needed. It is only designed to prevent
;untalented prying & will not prevent serious Hackers from cracking this password.

message("chars to avoid",strcat(char2num(@cr),@crlf,char2num(@lf)))
pass = askpassword("Password Encryption Utility","Please enter your password")

;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Encryption Section >>>>>>>>>>>>>>>>>>>>>>>>>>>>
;This section encrypts password & writes to initialization file
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

;Initialize variables
random_key = random(128) ;creates a random number to use as encryption key
rand_int=random(3)

random_charno = 0
randno=0
enc_str = ""

;If random_key variable is > 61 then add a random char to the beginning of the encoded string
;Make sure random character number will not return ASCII codes 48 to 58 (for chars 0 - 9) or CR, LF characters
if random_key > 61

	if random_charno == 13 && random_charno == 10 then random_charno = random_charno * 2

	while random_charno >= 48 && random_charno <= 58
		random_charno = random(128)
	endwhile
	enc_str = num2char(random_charno)
endif

;Insert the encoding key string length & encoding key into the encoded string
enc_str=strcat(enc_str,strlen(random_key),random_key)

;Retrieves each char of password & encodes
for letno = 1 to strlen(pass)
	char=strfixleft(strfix(pass,"",letno),"",1)
	;convert char to numerical value
	charnum = char2num(char)
	;add encoding key to char value & multiply by 8
	encharnum = (charnum + random_key) * 8

	enclen = strlen(encharnum)
	;get string length of numerical value
	if enclen == 4 then enclen = enclen + random(5)

	;add encoded char length & encoded char to encoded string
	enc_str=strcat(enc_str,enclen,encharnum)

	;randomly add a useless char to encoded string, make sure it's not a number or CR, LF characters
	if randno == rand_int
		random_charno = random(128)

		if random_charno == 13 && random_charno == 10 then random_charno = random_charno * 2

		while random_charno >= 48 && random_charno <= 58
			random_charno = random(128)
		endwhile

		enc_str=strcat(enc_str,num2char(random_charno))
		randno = 0
		continue
	endif

	randno = randno + 1

next

;Display encrypted password
message("Encryption Utility",strcat("Your encrypted password is:",@crlf,enc_str))

;Create a text file to place password in
if !fileexist("C:\password.txt")
	hand=fileopen("C:\password.txt","write")
	filewrite(hand,";Text file to place encrypted password in")
	filewrite(hand,strcat("[LoginInfo]",@crlf,"Password="))
	fileclose(hand)
endif

;Write encoded password to file
iniwritepvt("LoginInfo","Password",enc_str,"C:\password.txt")

drop(letno,pass,char,charnum,encharnum,enc_str,random_key,randno,rand_int,random_charno)

;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Decryption Section >>>>>>>>>>>>>>>>>>>>>>>>>>>>
;This section reads encrypted password from initialization file & decrypts
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

enc_str = inireadpvt("LoginInfo","Password","","C:\password.txt")

;check to see if first char is not a number - if not, discard
if !isnumber(strfix(enc_str,"",1)) then enc_str = strfixleft(enc_str,"",strlen(enc_str) - 1)

;Retrieve value for string length of key value
keylen = strfix(enc_str,"",1)

;Retrieve key value
enc_key=strfixleft(strfix(enc_str,"",keylen + 1),"",keylen)

unenc_str=""

;create initial pointer value
start = (keylen + 1)

for charno = start to strlen(enc_str)

	;create temporary string, starting at pointer value
	tempstr=strfixleft(enc_str,"",strlen(enc_str) - charno)

	;retrieve value of string length for next encoded char. If value is not a number, then skip
	enc_char_len = strfix(tempstr,"",1)
	if !isnumber(enc_char_len) then continue

	if enc_char_len >= 4 then enc_char_len = 4

	;retrieve numerical value of encoded char
	enc_num = strfixleft(strfix(tempstr,"",enc_char_len + 1),"",enc_char_len)

	;divide value by 8 and subtract key value
	enc_num = (enc_num /8) - enc_key

	;convert numerical value back to char
	enc_char = num2char(enc_num)

	;add decrypted char to decrypted string
	unenc_str = strcat(unenc_str,enc_char)

	;move pointer past encrypted value
	charno = charno + enc_char_len

next

drop(keylen,enc_key,start,charno,tempstr,enc_char_len,enc_num)

;display encrypted string & decrypted password
message("Decryption Utility",strcat("Your encrypted password is:",@crlf,enc_str,@crlf,"The decrypted password is: ",unenc_str))


exit




Article ID:   W13307

Filename:   Hide a Password - Simple Encryption.txt
File Created: 2000:06:14:11:10:32
Last Updated: 2000:06:14:11:10:32