# Man sure glad I can use SysMon to find this file without decrypting it manually, but don't tell OW - TJ # IT WOULD""VE BEEEN NICE TO KNWO! - OW # heh. oops - TJ $Filename="decrypt.encrypted.ps1" $Key=$args[0] echo "key is $Key" # safe filenaming so no one will overwrite a file accidentally -TJ $end_thing = [System.IO.Path]::GetFileNameWithoutExtension($Filename) $begin_thing = [System.IO.Path]::GetExtension($Filename) $safe_filename = $end_thing + ".encrypted" + $begin_thing $safe_path = [SYSTEM.IO.PATH]::Combine([System.IO.PATH]::GetDirectoryName($Filename), $safe_filename) # TJ: while writing this, was inspired in part by https://github.com/watson/base64-emoji function emojiTo64($str) { $newstr = "" $convert_to_table = New-Object system.collections.hashtable $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,133,176))] = "A" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,133,177))] = "B" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]194,169))] = "C" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]226,152,160))] = "D" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,148,154))] = "E" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,152,135))] = "F" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,143,140,239,184,143,226,128,141,226,153,128,239,184,143))] = "G" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,144,177,226,128,141,240,159,146,187))] = "H" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,164,159))] = "I" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,142,131))] = "J" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,142,185))] = "K" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,148,172))] = "L" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]226,147,130))] = "M" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,153,143))] = "N" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,133,190))] = "O" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,133,191))] = "P" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,166,134))] = "Q" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,144,176))] = "R" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,143,185))] = "S" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,166,150))] = "T" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,155,184))] = "U" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]226,156,136))] = "V" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,152,171))] = "W" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]226,157,140))] = "X" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,146,185))] = "Y" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,164,170))] = "Z" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,148,160))] = "a" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,155,132))] = "b" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,147,134))] = "c" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,146,128))] = "d" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]226,154,161))] = "e" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,145,188))] = "f" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,143,140,239,184,143,226,128,141,226,153,130,239,184,143))] = "g" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,155,160))] = "h" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]226,132,185))] = "i" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,165,159))] = "j" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,166,182))] = "k" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,167,170))] = "l" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,167,153,226,128,141,226,153,130,239,184,143))] = "m" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]226,143,173))] = "n" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]226,173,149))] = "o" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,140,143))] = "p" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,167,175))] = "q" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]194,174))] = "r" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,141,182))] = "s" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,143,147))] = "t" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,145,189))] = "u" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,154,162))] = "v" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,152,169))] = "w" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]226,156,150))] = "x" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,159,168))] = "y" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,144,141))] = "z" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]48,239,184,143,226,131,163))] = "0" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]49,239,184,143,226,131,163))] = "1" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]50,239,184,143,226,131,163))] = "2" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]51,239,184,143,226,131,163))] = "3" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]52,239,184,143,226,131,163))] = "4" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]53,239,184,143,226,131,163))] = "5" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]54,239,184,143,226,131,163))] = "6" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]55,239,184,143,226,131,163))] = "7" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]56,239,184,143,226,131,163))] = "8" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]57,239,184,143,226,131,163))] = "9" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]226,143,175))] = "+" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,154,137))] = "/" $convert_to_table[[System.Text.Encoding]::UTF8.GetString(@([byte]240,159,144,142))] = "=" $bytes = [system.Text.Encoding]::UTF8.GetBytes($str) for($i = 0; $i -lt $bytes.length; ) { $byte = $bytes[$i] if ($byte -eq 240) { if ($bytes[$($i+3)] -eq 153) { $offset = 12 } elseif ($bytes[$($i+3)] -eq 140) { if ($bytes[$($i+12)] -eq 140) { $offset = 16 } else { $offset = 15 } } elseif ($bytes[$($i+3)] -eq 177) { if ($bytes[$($i+2)] -ne 133) { $offset = 10 } else { $offset = 3 } } else { $offset = 3 } $subsection = $bytes[$i..$($i+$offset)] $emoji = [System.Text.Encoding]::UTF8.GetString($subsection) $newstr += $convert_to_table[$emoji] $i = $i+$offset+1 } elseif ($byte -eq 194) { $subsection = $bytes[$i..$($i+1)] $emoji = [System.Text.Encoding]::UTF8.GetString($subsection) $newstr += $convert_to_table[$emoji] $i = $i+2 } elseif ($byte -eq 226) { $subsection = $bytes[$i..$($i+2)] $emoji = [System.Text.Encoding]::UTF8.GetString($subsection) $newstr += $convert_to_table[$emoji] $i = $i+3 } else { $subsection = $bytes[$i..$($i+6)] $emoji = [System.Text.Encoding]::UTF8.GetString($subsection) $newstr += $convert_to_table[$emoji] $i = $i+7 } } return $newstr } # this is super secure - TJ # i know, I tried for a while to break it, couldn't find a way - OW # I moved the decrypt to another file, so no one could break it - TJ # Good good good, now they'll never decrypt our customer credit card data - OW function decrypt($str, $key) { $bytes = [System.Convert]::FromBase64String($str) $key_bytes = $key.toCharArray() # vinginere cipher for($i = 0; $i -lt $bytes.length; $i++) { $key_byte = $key_bytes[$i % $key_bytes.length] $thing = $bytes[$i] if ($thing -lt $key_byte) { $thing2 = ((($thing - $key_byte) % 256) + 256) % 256 } else { $thing2 = ($thing - $key_byte) % 256 } $bytes[$i] = $thing2 } # Caesar to the rescue! to bad brutus got to him. for($i = 0; $i -lt $bytes.length; $i++) { if ($bytes[$i] -lt 3) { $bytes[$i] = ((($bytes[$i]- 3) % 256) + 256) % 256 } else { $bytes[$i] = ($bytes[$i] - 3) % 256 } } # shuffle if ($bytes.length % 2 -eq 0) { for($i = 0; $i -lt $($bytes.length / 2); $i++) { $cur_pos = $i * 2 $orig = $bytes[$cur_pos..$($cur_pos + 2)] $bytes[$cur_pos + 1] = $orig[0] $bytes[$cur_pos + 0] = $orig[1] } } # add to bytes if ($bytes.length % 3 -eq 0) { for($i = 0; $i -lt $($bytes.length / 3); $i++) { $cur_pos = $i * 3 $orig = $bytes[$cur_pos..$($cur_pos + 3)] if ($orig[0] -lt 7) { $orig[0] = ((($orig[0] - 7) % 256) + 256) % 256 } else { $orig[0] = ($orig[0] - 7) % 256 } if ($orig[1] -lt 3) { $orig[1] = ((($orig[1] - 3) % 256) + 256) % 256 } else { $orig[1] = ($orig[1] - 3) % 256 } if ($orig[2] -lt 1) { $orig[2] = ((($orig[2] - 1) % 256) + 256) % 256 } else { $orig[2] = ($orig[2] - 1) % 256 } $bytes[$cur_pos + 0] = $orig[0] $bytes[$cur_pos + 1] = $orig[1] $bytes[$cur_pos + 2] = $orig[2] } } # add and shuffle bytes if ($bytes.length % 5 -eq 0) { for($i = 0; $i -lt $($bytes.length / 5); $i++) { $cur_pos = $i * 5 $orig = $bytes[$cur_pos..$($cur_pos + 5)] if ($orig[1] -lt 3) { $orig[1] = ((($orig[1] - 3) % 256) + 256) % 256 } else { $orig[1] = ($orig[1] - 3) % 256 } if ($orig[2] -lt 1) { $orig[2] = ((($orig[2] - 1) % 256) + 256) % 256 } else { $orig[2] = ($orig[2] - 1) % 256 } $orig[3] = ((($orig[3] - 0) % 256) + 256) % 256 if ($orig[0] -lt 255) { $orig[4] = ((($orig[4] - 255) % 256) + 256) % 256 } else { $orig[4] = ($orig[4] - 255) % 256 } if ($orig[0] -lt 254) { $orig[0] = ((($orig[0] - 254) % 256) + 256) % 256 } else { $orig[0] = ($orig[0] - 254) % 256 } $bytes[$cur_pos + 0] = $orig[1] $bytes[$cur_pos + 1] = $orig[2] $bytes[$cur_pos + 2] = $orig[3] $bytes[$cur_pos + 3] = $orig[4] $bytes[$cur_pos + 4] = $orig[0] } } # shuffle bytes if ($bytes.length % 7 -eq 0) { for($i = 0; $i -lt $($bytes.length / 7); $i++) { $cur_pos = $i * 7 $orig = $bytes[$cur_pos..$($cur_pos + 7)] # $bytes[$cur_pos + 0] = $orig[0] $bytes[$cur_pos + 2] = $orig[1] $bytes[$cur_pos + 1] = $orig[2] $bytes[$cur_pos + 6] = $orig[3] $bytes[$cur_pos + 5] = $orig[4] $bytes[$cur_pos + 4] = $orig[5] $bytes[$cur_pos + 3] = $orig[6] } } return [System.Text.Encoding]::UTF8.GetString($bytes) } $toencrypt=gc $Filename -Encoding utf8 -Raw echo "file $Filename -> $safe_path w/$Key" $plaintext=emojiTo64 "$toencrypt" $plaintext=decrypt "$plaintext" "$Key" echo $plaintext SET-CONTENT -Force -PaTH $safe_path -NoNewLine -Encoding utf8 -Value "$plaintext"