Script encoding

After an incredible time of non-blogging, I plan to pick up again on putting an entry here on a more regular and frequent basis. This week I’m teaching Windows Scripting Host (WSH) to programmers/administrators at XS4ALL, one of the largest Internet Providers in The Netherlands.

Before I forget, let me recommend the Fabulous Adventures in Coding weblog of Eric Lippert. It is in my top 5 of favorite weblogs. Really excellent material on scripting.

Again we touched upon script encoding, for which Microsoft has a script encoding utility. It will take a piece VBScript or JScript and encode it. For example, this piece of code:

WScript.Echo “The script engine version is ” & WScript.Version

and turn it into this:

#@~^PgAAAA== Um.bwDR21tK~J:tnPkm.raYPUobx+,-nDkkKx~kd~rP’PqjmMk2Oc.+.dbWU0RUAAA==^#~@

by the use of the command-line tool screnc.exe like so:

screnc.exe /l VBScript c:version.vbs c:version.vbe

My point for this entry is that you need to mind the “encoding” part here: it’s not encrypting. If you take a quick look at Google results when searching for “windows script decoder” and “windows script decoding” you will find two utilities that will do the decoding for you.

There is no encryption, so don’t expect any public/private keypairs or other secrets. It is easily decodable as these two tools prove. Most interesting is this article that describes how the decoding was solved by the writer of the Windows Script Decoder. Fun reading.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s