Computer Hope
Microsoft => Microsoft DOS => Topic started by: Khasiar on February 09, 2010, 11:44:42 PM
-
Hi,
Im trying to write a batch that prompts a user to enter a password that is already within the batch file, if the password they entered is correct then the program will open display information needed to the user.
(i know how to do the part in bold)
I dont want other people to see what is entered whilst user is inputing password so changing the characters to a blank space or a * would be desirable
this is my code/pseudocode
@echo off
echo Enter password:
rem if password is wrong loop 3 times before closing
set i=1
:loop
if %errorlevel%==0 (Echo Welcome) else (echo Wrong password. (3 - %i%) attempts left )
(not sure if bolded section there will work)
(i think i need to add if password == true goto info)
if %i%==3 goto eof
set /a i+=1
goto loop
:eof
exit
:info
XXXXXXXXXX
This maybe a bit of a headache but anyhelp will be great :).
Thanks
-
"In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it ."
http://en.wikipedia.org/wiki/Encryption
-
@echo off
echo hP1X500P[PZBBBfh#b##fXf-V@`$fPf]f3/f1/5++u5>hide.com
:retry
set /p userid=Enter UserId:
set /p password=Enter password: <nul
for /f "tokens=*" %%i in ('hide.com') do set password=%%i
if /i %password%==password goto next
cls
echo Try again. You are not logged in!
goto retry
:next
echo. & echo You are logged in!
Try incorporating the above snippet into your code. The key is creating the hide.com file and using the for instruction to return the hidden password input to the batch file. The password does not display on the console.
Good luck. 8)
PS. The password for the snippet is password.
-
Works great,
this makes a file called hide.com, is there a way for a user to cipher this?
-
Actually I left the last line out of the snippet. It should read:
@echo off
echo hP1X500P[PZBBBfh#b##fXf-V@`$fPf]f3/f1/5++u5>hide.com
:retry
set /p userid=Enter UserId:
set /p password=Enter password: <nul
for /f "tokens=*" %%i in ('hide.com') do set password=%%i
if /i %password%==password goto next
cls
echo Try again. You are not logged in!
goto retry
:next
echo. & echo You are logged in!
del hide.com
this makes a file called hide.com, is there a way for a user to cipher this?
Not sure what you mean. The password is never encrypted, there is nothing to cipher. Hide is a program that turns off the user input echo at the console.
8)
-
its just that if i open the file hide.com in text pad it comes up with
68 50 31 58 35 30 30 50 5B 50 5A 42 42 42 66 68
This is just the first line of 3.
just wondering if it actually meant something if i was to 'decode it'
-
Before you delete hide.com, do this
debug hide.com
then in debug, do
-u100 129
then q to exit - you will see the code that is executed - however it doesnt look very meaningful to me so I suspect it uses opcodes not recognised by the venerable debug! Perhaps the original source could be posted ?
-u100 129
1672:0100 68 DB 68
1672:0101 50 PUSH AX
1672:0102 315835 XOR [BX+SI+35],BX
1672:0105 3030 XOR [BX+SI],DH
1672:0107 50 PUSH AX
1672:0108 5B POP BX
1672:0109 50 PUSH AX
1672:010A 5A POP DX
1672:010B 42 INC DX
1672:010C 42 INC DX
1672:010D 42 INC DX
1672:010E 66 DB 66
1672:010F 68 DB 68
1672:0110 236223 AND SP,[BP+SI+23]
1672:0113 236658 AND SP,[BP+58]
1672:0116 66 DB 66
1672:0117 2D5640 SUB AX,4056
1672:011A 60 DB 60
1672:011B 2466 AND AL,66
1672:011D 50 PUSH AX
1672:011E 66 DB 66
1672:011F 5D POP BP
1672:0120 66 DB 66
1672:0121 332F XOR BP,[BX]
1672:0123 66 DB 66
1672:0124 312F XOR [BX],BP
1672:0126 352B2B XOR AX,2B2B
1672:0129 7535 JNZ 0160
-
its just that if i open the file hide.com in text pad it comes up with
68 50 31 58 35 30 30 50 5B 50 5A 42 42 42 66 68
This is just the first line of 3.
just wondering if it actually meant something if i was to 'decode it'
They are the hex numbers which represent machine instructions. A .com file is a machine language program. gpl has posted the assembler source code.
-
I found two versions of this program in the snippet closet. The one I posted in the batch file and the GPL unassembled version are both the same program. The .com file was created with debug.
The version below is a script which can be used as input to debug and produce the same results.
A
MOV AH,0C ;function flush buffer
INT 21 ;DOS call
MOV AH,0A ;function buffered input
INT 21 ;DOS call
MOV DL,AL ;store user input
MOV AH,4C ;function exit
INT 21 ;DOS call
RCX
14
N PSWDHIDE.COM
W
Q
The only difference is the size of the .com file (20 bytes vs 70 bytes). There are many versions of this program floating around, all slightly different, all accomplishing the same thing.
8)
PS. Batch files are not good for security features. Even though the password is hidden at the console, at some point a comparison must be made to the actual password where anyone can read it. Better to use another tool and hide the password in the registry or encrypted in a database.
-
Yea, i think i just realized that the user can just right click on the batch file and select edit to see
if /i %password%==password goto next
is there a way to encrypt the contents of the batch file to all but the creator?
or a freeware version of a file locking program that asks for password to open any sort of file if you decide to lock it?
-
You might convert the bat file to an exe file by using a batch converter (http://download.cnet.com/Bat-To-Exe-Converter/3000-2069_4-10555897.html). You can distribute the exe version and keep the source code in your hands. I really don't recommend it as most of them merely add load and terminate routines to your otherwise small batch file.
If you know any of the Windows scripting languages, encryption COM objects ($$$) are available or you can check out this article (http://www.4guysfromrolla.com/webtech/010100-1.shtml). If you have Microsoft Visual Studio installed, you might find some helpful programs in the SDK.
Good luck. 8)
-
"How to hide passwords in batch" comes up as regular as clockwork. Like the Irishman said when the stranger asked him for directions, "If I was going there, I wouldn't start from here".
However, there is a free util called Editvar that, among other things, masks input...
http://www.westmesatech.com/editv.html
xx is shown because there are 2 versions editv32 and editv64...
EditVxx [-b] [-e] [-l len] [-m] [-n] [-o] [-p prompt] [-t n] [-u] var
Arguments:
-b Place the cursor at the beginning of the input line (instead of the
end).
-e Do not insert shell escape characters before reserved shell
characters in the environment variable's contents. (Win32/Win64
only)
-l len Limits input to 'len' characters. In MS-DOS, the limit is 255
characters; In Win32/Win64, the limit is 2047 characters.
-m Masked input: Displays '*' for typed characters.
-n Restricts input to numbers only (0-9).
-o Starts the line editor in overtype mode instead of insert mode.
-p prompt Specifies a prompt for the user. If it contains spaces or tabs,
enclose it in quotes (").
-t n Assume Enter was pressed if nothing typed within 'n' seconds.
-u Forces entered characters to uppercase.
var The environment variable's name (required). This name can be up to
127 characters long. If the variable name contains spaces, enclose
it in quotes.
-
@echo off & setlocal
echo Password:
call :CheckPWD p1 123456 *
echo.
if errorlevel 1 (echo %p1% - No) else (echo %p1% - Yes)
echo.
echo Password:
call :CheckPWD p2 123456
if errorlevel 1 (echo %p2% - No) else (echo %p2% - Yes)
pause & goto :eof
:CheckPWD
setlocal & if "%~2"=="" exit /b 1
(echo e100 B7 2A 80 3E 80 00 00 74 22 80 3E 80 00 02 75 06
echo e110 8A 3E 82 00 EB 15 83 E0 00 8E D8 80 3E 00 02 00
echo e120 74 6A BA 01 02 B4 09 CD 21 EB 61 83 E6 00 8E C6
echo e130 80 E4 00 CD 16 8A D8 80 FB 1B 75 08 26 80 26 00
echo e140 02 00 EB 48 80 FB 0D 74 37 80 FB 08 75 1A 83 FE
echo e150 00 74 DD B2 08 B4 02 CD 21 B2 20 B4 02 CD 21 B2
echo e160 08 B4 02 CD 21 4E EB C8 80 FB 21 72 C3 80 FB 7E
echo e170 77 BE 8A D7 B4 02 CD 21 26 88 9C 01 02 46 EB B0
echo e180 26 C6 84 01 02 24 26 C6 06 00 02 24 B8 00 4C CD
echo e190 21
echo nx.com
echo rcx
echo 91
echo w
echo q
)|debug>nul
if "%~3"=="" x>nul
if "%~3" neq "" set c=%~3 & call set "c=%%c:~0,1%%"
if "%~3" neq "" x %c%
for /f %%a in ('x -o') do set "p=%%a"
endlocal & set "%~1=%p%" & del x.com & if "%~2"=="%p%" (exit /b 0) else (exit /b 1)
-
@echo off
echo Password:
call :GetPassword p
if "%p%"=="123456" (echo %p% - Yes) else echo %p% - No
pause
goto :eof
:GetPassword
pushd %tmp%
>p.vbs echo WSH.Echo CreateObject("ScriptPW.Password").GetPassword
for /f %%a in ('cscript -nologo p.vbs') do set %1=%%a
del p.vbs
popd