How to embedd compressed scripts in other PowerShell scripts


For a current project I want to create a “master script” that contains another compressed PowerShell script. This compressed script contains some informations – server names, network share names – that should be as unreadable as possible for normal users. This script is executed during user logon.

I created two scripts

  1. "compress.ps1"
  2. "execute.ps1"

The first script is used to compress a script. The second one is used to execute the compressed script.

Here is the script for compressing:

 

cls

$c = Get-Content $$ -Encoding UTF8 

$r = [string]::Join("
", $c)

$r2 = [regex]::Match($r, "(.*)(\#\<--)(.*)", [System.Text.RegularExpressions.RegexOptions]::Singleline)

$ms = New-Object System.IO.MemoryStream
$cs = New-Object System.IO.Compression.GZipStream($ms, [System.IO.Compression.CompressionMode]::Compress)

$sw = New-Object System.IO.StreamWriter($cs)
$sw.Write($r2.Groups[3])
$sw.Close();

$bytes = $ms.ToArray()
[System.Convert]::ToBase64String($bytes)

exit
#<--

Write-Host "This is a test"
Get-Service A*

The script produces a base64 string that contains everything behind "#<–".

For the script above the output is:

H4sIAAAAAAAEAO29B2AcSZYlJi9tynt/SvVK1+B0oQiAYBMk2JBAEOzBiM3mkuwdaUcjKasqgcplVmVdZhZAzO2dvPfee++999577733ujudTif33/8/XGZkAWz2zkrayZ4hgKrIHz9+fB8/In7j5DdOvlsXbb797app04/ezIsmpf9laZs37Ue/cfJ53m6/zuvLYpqnx9/6jZP/By/6yuMxAAAA

Here is the execution script that contains this base64 string that represents
the compressed script:

cls

$data = [System.Convert]::FromBase64String("H4sIAAAAAAAEAO29B2AcSZYlJi9tynt/SvVK1+B0oQiAYBMk2JBAEOzBiM3mkuwdaUcjKasqgcplVmVdZhZAzO2dvPfee++999577733ujudTif33/8/XGZkAWz2zkrayZ4hgKrIHz9+fB8/In7j5DdOvlsXbb797app04/ezIsmpf9laZs37Ue/cfJ53m6/zuvLYpqnx9/6jZP/By/6yuMxAAAA")

$ms = New-Object System.IO.MemoryStream
$ms.Write($data, 0, $data.Length)
$ms.Seek(0,0) | Out-Null

$cs = New-Object System.IO.Compression.GZipStream($ms, [System.IO.Compression.CompressionMode]::Decompress)
$sr = New-Object System.IO.StreamReader($cs)
$t = $sr.readtoend()

Invoke-Expression $t

This executes the following code snipped from the script above:

Write-Host "This is a test"
Get-Service A*

The output is: 

This is a test

Status   Name               DisplayName                           
------   ----               -----------                           
Stopped  AeLookupSvc        Anwendungserfahrung                   
Running  AESTFilters        Andrea ST Filters Service             
Stopped  ALG                Gatewaydienst auf Anwendungsebene     
Stopped  AppIDSvc           Anwendungsidentität                   
Stopped  Appinfo            Anwendungsinformationen               
Running  Apple Mobile De... Apple Mobile Device                   
Stopped  AppMgmt            Anwendungsverwaltung                  
Stopped  aspnet_state       ASP.NET-Zustandsdienst                
Running  AudioEndpointBu... Windows-Audio-Endpunkterstellung      
Running  AudioSrv           Windows-Audio                         
Stopped  AxInstSV           ActiveX-Installer (AxInstSV)          

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s