k blog.kenaro.com
← All articles

How to embedd compressed scripts in other PowerShell scripts

· Ingo Karstein
PowerShell Walkthrough Encryption

For a current project I want to create a “master script” that contains another compressed PowerShell script. This compressed script contains some informations - server names, network share names - that should be as unreadable as possible for normal users. This script is executed during user logon.

I created two scripts

  1. “compress.ps1”
  2. “execute.ps1”

The first script is used to compress a script. The second one is used to execute the compressed script.

Here is the script for compressing:

 

cls

$c = Get-Content $$ -Encoding UTF8 

$r = [string]::Join("
", $c)

$r2 = [regex]::Match($r, "(.*)(#<--)(.*)", [System.Text.RegularExpressions.RegexOptions]::Singleline)

$ms = New-Object System.IO.MemoryStream
$cs = New-Object System.IO.Compression.GZipStream($ms, [System.IO.Compression.CompressionMode]::Compress)

$sw = New-Object System.IO.StreamWriter($cs)
$sw.Write($r2.Groups[3])
$sw.Close();

$bytes = $ms.ToArray()
[System.Convert]::ToBase64String($bytes)

exit
#<--

Write-Host "This is a test"
Get-Service A*

The script produces a base64 string that contains everything behind ”#<—”.

For the script above the output is:

H4sIAAAAAAAEAO29B2AcSZYlJi9tynt/SvVK1+B0oQiAYBMk2JBAEOzBiM3mkuwdaUcjKasqgcplVmVdZhZAzO2dvPfee++999577733ujudTif33/8/XGZkAWz2zkrayZ4hgKrIHz9+fB8/In7j5DdOvlsXbb797app04/ezIsmpf9laZs37Ue/cfJ53m6/zuvLYpqnx9/6jZP/By/6yuMxAAAA

Here is the execution script that contains this base64 string that represents the compressed script:

cls

$data = [System.Convert]::FromBase64String("H4sIAAAAAAAEAO29B2AcSZYlJi9tynt/SvVK1+B0oQiAYBMk2JBAEOzBiM3mkuwdaUcjKasqgcplVmVdZhZAzO2dvPfee++999577733ujudTif33/8/XGZkAWz2zkrayZ4hgKrIHz9+fB8/In7j5DdOvlsXbb797app04/ezIsmpf9laZs37Ue/cfJ53m6/zuvLYpqnx9/6jZP/By/6yuMxAAAA")

$ms = New-Object System.IO.MemoryStream
$ms.Write($data, 0, $data.Length)
$ms.Seek(0,0) | Out-Null

$cs = New-Object System.IO.Compression.GZipStream($ms, [System.IO.Compression.CompressionMode]::Decompress)
$sr = New-Object System.IO.StreamReader($cs)
$t = $sr.readtoend()

Invoke-Expression $t

This executes the following code snipped from the script above:

Write-Host "This is a test"
Get-Service A*

The output is: 

This is a test

Status   Name               DisplayName                           
------   ----               -----------                           
Stopped  AeLookupSvc        Anwendungserfahrung                   
Running  AESTFilters        Andrea ST Filters Service             
Stopped  ALG                Gatewaydienst auf Anwendungsebene     
Stopped  AppIDSvc           Anwendungsidentität                   
Stopped  Appinfo            Anwendungsinformationen               
Running  Apple Mobile De... Apple Mobile Device                   
Stopped  AppMgmt            Anwendungsverwaltung                  
Stopped  aspnet_state       ASP.NET-Zustandsdienst                
Running  AudioEndpointBu... Windows-Audio-Endpunkterstellung      
Running  AudioSrv           Windows-Audio                         
Stopped  AxInstSV           ActiveX-Installer (AxInstSV)

1 comment

MágnásMiska Dec 5, 2015
This is some of the best and most simple posts on the subject. I owe you a whole lot of thanks man!!

Leave a comment

Your comment is reviewed before it appears. Your name is shown with the comment; your email is required for moderation but never published.