Reputation: 19
Obfuscating a PowerShell script
I have written a PowerShell script in many hours and days and would like to obfuscate it, but so that the code is no longer readable or decompilable, but the script can still be executed. Is there something like that?
Upvotes: 1
Views: 16442
Answers (3)
Reputation: 127
With regards to actually obfuscating an entire powershell script, this site seems to do just that.
I tested a script a little over a year ago and here are some of my findings:
- Windows10: The obfuscated script worked on Windows 10. I dont remember the Powershell version I had back then.
- macOS: Confirmed it also works on Macs (if you have powershell installed), but I remember there were some errors spat out.
I just tested another script a few minutes ago on a Windows Server 2016 (PSVersion:5.1./Desktop) system. No issues so far.
Now, as was already mentioned by previous posters, it is important to note that any obfuscation can be hacked into. It's just a matter of incentive for the hacker.
I say "any" specifically because you dont control the hosts on which your powershell script will be used. And as such, those who do, if inclined, can alter the binary of the powershell program to get it to spit out everything that it does. How easy that is, I do not know. But a quick google search suggests there are settings available that, if turned on, can log the entire execution of your powershell script, obfuscated or not.
A couple of links that touches on Powershell logging:
- PowerShell Logging: Recording and Auditing all Things
- About Logging Windows - PowerShell - Microsoft Docs
Upvotes: 2
Reputation:
If you want something to obfuscate your powershell code to make it unreadable but keep it working you should check a project called Invoke-Obfuscationation done by Daniel Bohannan. You should check his talk about powershell obfuscation where he presented the tool.
Upvotes: 0
Reputation: 15508
There is a thing named Powershell Constrained language.
Quoting from here: https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/
Constrained language mode is a language mode of PowerShell designed to support day-to-day administrative tasks, yet restrict access to sensitive language elements that can be used to invoke arbitrary Windows APIs.
In Constrained mode, these are not supported:
- COM objects
- Unapproved .NET types
- XAML based workflows
- PowerShell classes
It's best for running administrative tasks, still it's not better for daily uses. To start it use:
$ExecutionContext.SessionState.LanguageMode = 'ConstrainedLanguage'
Read more here: https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/
The Invoke-Obsufcation wrote by Daniel Bohmann is much better for this purpose. Link: https://github.com/danielbohannon/Invoke-Obfuscation
Usage Guide: https://blog.vonhewitt.com/2017/08/obfuscating-powershell-commands-using/
Upvotes: 0
Related Questions
- Secure String Powershell
- How to prevent the application of a variable?
- How can I prevent variable injection in PowerShell?
- Is it possible to obfuscate a single Powershell line?
- Hide source script PowerShell GUI
- Hide script code from the user who is running it?
- Securing my PowerShell Scripts
- Powershell - Masking a line with secure string causing
- Prevent PowerShell script from being read
- How to hide powershell script module code