what if i can decode the last level?

[KhanhNguyen9872]

Explain below

[github-actions[bot]]

If you need fast help join the server https://discord.gg/batch

[KhanhNguyen9872]

If you need fast help join the server https://discord.gg/batch

try give me a file with last level you can obfuscate it

[KDot227]

If you need fast help join the server https://discord.gg/batch

try give me a file with last level you can obfuscate it

Go into examples folder I just updated it all

[KDot227]

Also the last level ain’t even the strongest it’s just each characters numeric value being increased by 129

[KhanhNguyen9872]

Also the last level ain’t even the strongest it’s just each characters numeric value being increased by 129

please give me a file that cannot be opened from notepad,..... because all of these are openable, i use Linux for deobfuscate it

[KhanhNguyen9872]

okay, i was create a obfuscate for myself, i will try for that, thanks <3

[KhanhNguyen9872]

Also the last level ain’t even the strongest it’s just each characters numeric value being increased by 129

here is a test deobfuscate of ultimate. that not at all deobfuscate, but it can be recreated from this code

Code: test_8.txt

Original ultimate: test_8.bat.ultimate.txt

Deobfuscate: test_8.txt

[KDot227]

Ok

[KDot227]

Also the last level ain’t even the strongest it’s just each characters numeric value being increased by 129

please give me a file that cannot be opened from notepad,..... because all of these are openable, i use Linux for deobfuscate it

Ultimate can't be opened by windows notepad and windows notepad++

[KDot227]

If u have any ideas on how I can make it better lmk

[KhanhNguyen9872]

Also the last level ain’t even the strongest it’s just each characters numeric value being increased by 129

please give me a file that cannot be opened from notepad,..... because all of these are openable, i use Linux for deobfuscate it

Ultimate can't be opened by windows notepad and windows notepad++

it can't be opened because this file is too big and use FFFE on first 2 bytes of file, replace first 2 bytes of file with string FFFE and disable powershell, this code can run without any error and can be opened with notepad

[KDot227]

Also the last level ain’t even the strongest it’s just each characters numeric value being increased by 129

please give me a file that cannot be opened from notepad,..... because all of these are openable, i use Linux for deobfuscate it

Ultimate can't be opened by windows notepad and windows notepad++

it can't be opened because this file is too big and use FFFE on first 2 bytes of file, replace first 2 bytes of file with string FFFE and disable powershell, this code can run without any error and can be opened with notepad

yes that's the entire point of the byte trick

[KDot227]

along with being another method of obfuscation

[KDot227]

also after reading the deobfuscated version you removed a lot of code that was needed in order for the entire thing to work. This might be a ok solution for something such as test_8 which only prints abcdef... 10 times but for more abstracted things this method won't work very well

[KDot227]

on top of that I'm 90% sure it isn't using any of the experimental functions but that doesn't help very much

[KhanhNguyen9872]

on top of that I'm 90% sure it isn't using any of the experimental functions but that doesn't help very much

Because there are many different types of obfuscate batch scripts, but they all use set to assign characters to variables, so it takes experience with batch script to be able to solve it quite well if the script is complicated.

[KDot227]

on top of that I'm 90% sure it isn't using any of the experimental functions but that doesn't help very much

Because there are many different types of obfuscate batch scripts, but they all use set to assign characters to variables, so it takes experience with batch script to be able to solve it quite well if the script is complicated.

ngl that's basically the only way to obfuscate batch files besides ofc compiling it to an exe which I have but it's not very secure if the person knows that it is that.

[KDot227]

if u have any ideas tho PLEASE LMK cause I'm 100% out 😭 @KhanhNguyen9872

[KhanhNguyen9872]

if u have any ideas tho PLEASE LMK cause I'm 100% out 😭 @KhanhNguyen9872

you must try to verify some file, for example powershell.exe, taskkill.exe, net.exe,.... because this file can be faked to bypass the script, for example you call taskkill to kill the process but taskkill does not work and returns exit code that looks like a real taskkill close.bat can be limited by the system then script cannot create close.bat file, try random close.bat file name, for example: close_as721n.bat

[KhanhNguyen9872]

if u have any ideas tho PLEASE LMK cause I'm 100% out 😭 @KhanhNguyen9872

when this script was bypass, this script can be call from cmd without run a exit command and work properly, then i can use echo to get string from variable each line (warning: echo.exe can be fake to other name, then you cannot block only name echo.exe)

[KhanhNguyen9872]

if u have any ideas tho PLEASE LMK cause I'm 100% out 😭 @KhanhNguyen9872

you must try to verify some file, for example powershell.exe, taskkill.exe, net.exe,.... because this file can be faked to bypass the script, for example you call taskkill to kill the process but taskkill does not work and returns exit code that looks like a real taskkill close.bat can be limited by the system then script cannot create close.bat file, try random close.bat file name, for example: close_as721n.bat

call: net session || echo "exit" when bypass net.exe, command echo "exit" is not running

[KDot227]

I understand that but I'm not too sure that there is anything I can really do to combat this. The only thing I can think of is to check for the hash of echo.exe but at the same time any exe can be used to print the output. on top of that you can always go one line at a time and eventually get the source. Right now I'm trying to add some of the editing aspects of level 5 (made by https://www.dostips.com/forum/viewtopic.php?f=3&t=7990&start=15#p53278) so if the script is edited and set to utf-8 the file won't run.

[KDot227]

I also like the idea of adding a random name to the close.bat which should be very easy in my case

[KDot227]

I also plan on adding base64 and hex encoding too with certutil to decode

[KhanhNguyen9872]

I also plan on adding base64 and hex encoding too with certutil to decode

when level 5 complete? can i try it now?

[KhanhNguyen9872]

I understand that but I'm not too sure that there is anything I can really do to combat this. The only thing I can think of is to check for the hash of echo.exe but at the same time any exe can be used to print the output. on top of that you can always go one line at a time and eventually get the source. Right now I'm trying to add some of the editing aspects of level 5 (made by https://www.dostips.com/forum/viewtopic.php?f=3&t=7990&start=15#p53278) so if the script is edited and set to utf-8 the file won't run.

it not need change to utf-8 encode because i can edit it with another encode

[KDot227]

I also plan on adding base64 and hex encoding too with certutil to decode

when level 5 complete? can i try it now?

That's for ultimate which I'm in the process of recoding

[KhanhNguyen9872]

ok good job, i will wait for complete, call me if you done it

[KDot227]

ok good job, i will wait for complete, call me if you done it

It's gonna take forever lmao there is hella stuff I have to fix. But if u wanna contribute LmO

[KDot227]

Lmk

[KhanhNguyen9872]

ok good job, i will wait for complete, call me if you done it

It's gonna take forever lmao there is hella stuff I have to fix. But if u wanna contribute LmO

i'm not good python i already create a repo for Deobfuscate for some type of obfuscate BashDecryption

and some file already deobfuscate: all_bat_decrypt

but because obfuscate have very much type, then i cannot do all of this, i already stop update for 2 repo

[KDot227]

ok good job, i will wait for complete, call me if you done it

It's gonna take forever lmao there is hella stuff I have to fix. But if u wanna contribute LmO

i'm not good python

i already create a repo for Deobfuscate for some type of obfuscate BashDecryption

and some file already deobfuscate: all_bat_decrypt

but because obfuscate have very much type, then i cannot do all of this, i already stop update for 2 repo

I mean less of adding to code and more general ideas to obfuscate

[KhanhNguyen9872]

ok good job, i will wait for complete, call me if you done it

It's gonna take forever lmao there is hella stuff I have to fix. But if u wanna contribute LmO

i'm not good python i already create a repo for Deobfuscate for some type of obfuscate BashDecryption and some file already deobfuscate: all_bat_decrypt but because obfuscate have very much type, then i cannot do all of this, i already stop update for 2 repo

I mean less of adding to code and more general ideas to obfuscate

yes i know bro

[KhanhNguyen9872]

ok good job, i will wait for complete, call me if you done it

It's gonna take forever lmao there is hella stuff I have to fix. But if u wanna contribute LmO

i'm not good python i already create a repo for Deobfuscate for some type of obfuscate BashDecryption and some file already deobfuscate: all_bat_decrypt but because obfuscate have very much type, then i cannot do all of this, i already stop update for 2 repo

I mean less of adding to code and more general ideas to obfuscate

Better than before, good job!

i just test Hello World!

[KDot227]

ok good job, i will wait for complete, call me if you done it

It's gonna take forever lmao there is hella stuff I have to fix. But if u wanna contribute LmO

i'm not good python

i already create a repo for Deobfuscate for some type of obfuscate BashDecryption

and some file already deobfuscate: all_bat_decrypt

but because obfuscate have very much type, then i cannot do all of this, i already stop update for 2 repo

I mean less of adding to code and more general ideas to obfuscate

Better than before, good job!

i just test Hello World!

That's also without 3 of the 4 parsed methods added but those are coming next update.