|
|
|||||||
[Moderator (Sealeopard): Moved thread from 'Scripts' to General' forum] Please see the last messages in this thread for full update information. Get the small (20 Kb) executable kixcrypt.exe from here. Get the small (20 Kb) console-less executable wkixcrpt.exe from here. 17 January 2003 Version 2.16b released Phew, less than a month and another feature release. This release adds the second most requested feature - multiple file inclusion. This means that you can now bundle the KiXtart interpreter, ini files, registry dumps, additional scripts or whatever you fancy with the main script. Changes
Changes
The API which retrieves the command line parameters cannot handle 8-bit characters. If you supply an 8-bit character the actual value I get is undetermined. This restriction has been in place in all version of KiXcrypt, but I have only recently received an email on the subject. In practice this means that you must stick to 7-bit ASCII characters on the command line. Note, non-printable characters such as the BEL (control-G) or the escape character are fine, so long as you work out a way of passing them on a command line. 7-bit ASCII characters are characters with a decimal value below 128. The only exception is NULL (Chr(0)), which is an end-of-string terminator. You may have trouble typing CR and LF characters, and the DOS end-of-file mark (control-Z) may cause some oddities as well. 27 March 2002 Version 2.12b released Changes
Changes
5 December Version 2.04a ReleasedChanges
- Fixed schoolboy error causing "Cannot open self" bug - Added alternative syntax "^s" for file name "%s" to avoid environment variable expansion - Added "-d" debug flag to output previously private debugging information - Added salt to improve encryption algorithm and deny password attacks. 29 November - "Cannot open self" work-aroundThere is a small bug which means that on some version of windows you may get a "Cannot open self" error, after which the program aborts. The work-around is to use the full program name including the ".exe" extension. Thanks to KTS for spotting this. Fixed 30 November SIMPLE USAGE The simplest way to use it is: code:This will create an executable called "crypted.exe" in your current directory which contains the encrypted script. NB if there is already a crypted.exe file it will be overwritten without warning. You may rename crypted.exe if you wish. To run the encrypted script, just run crypted.exe. In this mode a random password it used to encrypt the script.kixcrypt.exe myscript.kix PASSWORD CONTROLLED ACCESS "-p" If you want to force the user to enter a password to run the script use this form: code:The password is not stored in encrypted.exe.kixcrypt -p password myscript.kix To run the script use code:The "-p" is optional here so you may just runcrypted.exe -p password code:NB if the wrong password is entered there is no error, but the script which is decrypted will contain garbage.crypted.exe password INHIBIT KIXTART SCRIPT DELETE "-k" The crypted.exe executable will add KiX script commands to force the file to delete itself when it starts to improve security. If you don't want this feature, use the "-k" switch: code:CHANGING THE INTERPRETER COMMAND LINEkixcrypt.exe -k myscript.kix By default "kix32.exe" is used to run the script. You may change this by appending a command line to the kixcrypt command. You must include a "%s" on the command line which is replaced with the unencrypted script file name when crypted.exe is run. You may also want to replace the default command line to pick up KiXtart from a specific directory or share to improve security, or to add KiXtart variables that you don't want to be visible in the script. The command line is encrypted in the binary. Examples: 1) To avoid trojans, run the version of KiXtart from the logon server: code:2) Pass the password to the script in case someone grabs the temporary script file:kixcrypt.exe myscript.kix \\MYLOGONSERVER\NETLOGON\kix32.exe %s code:USING FILES OTHER THAN KIX FILESkixcrypt.exe myscript.kix \\MYLOGONSERVER\NETLOGON\kix32.exe %s "$PASSWORD=OpenSesame" Some of you have probably already spotted that kixcrypt can be used to distribute any file, not just KiXtart scripts. Don't forget to use the "-k" switch to stop crypted.exe adding the KiXtart file delete commands. The temprary file will be created with the same suffix as the original file. The command is executed as a "%COMSPEC% /C", so you can use DOS builtins. Examples: 1) Execute a batch file: code:2) Display an html page using the local file association:kixcrypt.exe -k mybatch.bat %s code:3) Distribute a password encrypted update:kixcrypt.exe -k index.html start %s code:USER DEFINED STARTUP MESSAGE "-m"kixcrypt.exe -p installpassword -k myprog.exe copy %s myprog.exe If you don't like the startup message displayed by crypted you may define your own using the "-m" option. You may specify the following variables in the text: $v = KiXcrypt version. $s = The path of crypted.exe, including the correct name if you have renamed it. $n = A new line. Examples: code:The second example produces no startup message.kixcrypt.exe -m "$s$n$nThis script encrypted with version $v of KiXcrypt" myscript.kix CHECKSUM SECURITY "-s" Ok, so what if you cannot specify the path to a known executable but are worried about someone copying "notepad.exe" to "kix32.exe" and getting access to your script contents? The "-s" option calculates a checksum for the kix32.exe (or other interpreter) that you would use to execute the script. If you have included a full path for the command line it uses that specific binary, if not it uses the first one it finds in your path. When the "crypted.exe" binary is executed it calculates the checksum for the environment running it and will not decrypt the script if the checksums do not match. The benefit is that you can be pretty sure that the script is not being run through a trojan, the drawback is that you will need to create a new crypted.exe for each version of KiXtart you want to run it with. Example: 1) Use the checksum of the first instance of kix32.exe as security: code:2) High security - specific executable path and checksum:kixcrypt.exe -s myscript.kix code:The first version of this utility had odd problems with platforms other than Win95, but I believe I've made this one portable. Have a go and let me know how you get on.kixcrypt.exe -s myscript.kix \\LOGONSERVER\NETLOGON\kix32.exe %s BUGS Spaces in script names and paths may cause problems, so avoid them where possible. Some versions of Windows may produce a "Cannot open self" error - the workaround is to use the full program name with extension i.e. "kixcrypt.exe" rather than just "kixcrypt". Fixed 30 November Updated BUG and instructions for "kixcrypt.exe" kludge Changed references from KixTart to KiXtart Updated for version 2.02a Updated for version 2.04a Updated for version 2.06a Updated for version 2.08b Updated for version 2.10b Updated for version 2.12b [ 27. January 2003, 17:00: Message edited by: sealeopard ] |
||||||||
|
|
|||||||
wow!! |
||||||||
|
|
|||||||
Very nice and well done too. Nicely feature rich !!! -Shawn [i wanted to put ten smilies but the UBB filter wouldn't let me - what the heck is going on around here?] [ 28 November 2001: Message edited by: Shawn ] |
||||||||
|
|
|||||||
It sound very nice, but I could not successfuly create the encrypted file. I try: kixcrypt kixtart.kix kixcrypt: Cannot open self! I try: kixcrypt d:\kixcrypt\kixtart.kix kixcrypt: Cannot open self! I try: kixcrypt -p password kixtart.kix kixcrypt: Cannot open self! wow!!! |
||||||||
|
|
|||||||
Ahhh foo! I don't know why this happens. One of the first things the program does is to open itself to check if it is in encrypt or decrypt mode. My speciality is Unix rather than Windows, so I'm not experienced enough to tell whether the problem is down to file semantics in different versions of the OS. Can you guys who've downloaded and tried KixCrypt let me know what version of Windows it ran on and whether or not it worked. |
||||||||
|
|
|||||||
Richard, I initailially got the same message here. This is what I had to do to get kixcrypt running on my Windows 2000 box: I created a shortcut called encrypt.lnk with the following specifics: shortcut->target: c:\kixcrypt.exe c:\test.kix then I simply started the link from the DOS command prompt. This created an executable called crypted.exe in the root of C:. Hopes this gives you a clue as to waht might be happening ! -Shawn [ 29 November 2001: Message edited by: Shawn ] |
||||||||
|
|
|||||||
I had the same Problems creating the encrypted KIX-File like Tan Bandradi. I think the Problem is the call of the Program !! But when you call the Programm with itīs own extension, like it works !! KST |
||||||||
|
|
|||||||
DOH ! - That works great ... I'm an idiot |
||||||||
|
|
|||||||
No Shawn you are not an idiot, I'm a coding muppet. The program attempts to open itself - if that fails it adds ".exe" and tries again, so you shouldn't need to do it yourself. This works for Win95 which is the system I'm compiling / testing on. Perhaps the value passed in argv[0] is slightly different on Win2K. Tan Bandradi - please confirm that using the full executable name "kixcrypt.exe" works for you, and I'll try to dig up a W2K box to play with. Thanks Shawn, KST for helping debug this. |
||||||||
|
|
|||||||
Yes, it works fine now, big thanks! The encrypted executable file also need to include the .exe extension filename in order to run it. I need to test it further more on my environment, but actually this is very good, awesome utility and I think this is the more practical and efficient KiXtart script encryption utility, ever! Tan |
||||||||
|
|
|||||||
Hi, I have couple things that I want to share it with you regarding to this utility, on the following condition: - KixTart is not installed or copied on all clients and KixTart script extension is not associated to run with Kix32.exe These are the result according how do I use the kixcrypt command line switchs: - kixcrypt.exe kixtart.kix - kixcrypt.exe kixtart.kix \\ - kixcrypt.exe kixtart.kix kix32.exe %s Finally, I found out this command line that works on those both Win32's: KC000000.kix is the extracted file of kixtart.kix from the encrypted executable file. Tan
|
||||||||
|
|
|||||||
New version 2.02a released Main features: - Changed references of KixTart->KiXtart, and KixCrypt->KiXcrypt - Running with no parameters gives usage info rather than GPF - Switches may be defined using Windows syntax e.g. "/d /m message" rather than "-d -m message". This was available in 2.01a, but was undocumented. - Usage info updated for -m and -d switches - Fixed schoolboy error causing "Cannot open self" bug - Added alternative syntax "^s" for file name "%s" to avoid environment variable expansion - Added "-d" debug flag to output previously private debugging information - Added salt to improve encryption algorithm and deny password attacks.
Also, try these things: code:kixcrypt kixtart.kix \\\netlogon\kix32.exe .\%s 4) The temporary file name is "kcNNNNNN.kix" where NNNNNN starts at 000000. If there is already a kc000000.kix it uses kc000001.kix and so-on, so you should avoid hard-coding the temporary file name. |
||||||||
|
|
|||||||
Dear Richard !! Now it looks pretty good KST |
||||||||
|
|
|||||||
Richard, Things are looking good. Where I couldn't get your beta version to work at all, 2.02a now works like a charm! |
||||||||
|
|
|||||||
I would just like to comment that this was very impressive work as well. |
||||||||
|
|
|||||||
I'll second that. By the way Richard, are you going to find time to convert your original date math routines to kixtart 4.0 udf's ? That would be bonus ! -Shawn |
||||||||
|
|
|||||||
Richard, Now the new version works fine, I use ".\%%s" parameter to specify the script filename. Thanks! |
||||||||
|
|
|||||||
You're great!! I'm work on a highschool and this really solved the problem that students discover how I set up some policies. KiXcrypt forever! |
||||||||
|
|
|||||||
This is fantastic! I had a similar idea, but I was going to have the new EXE contain the KIX32.exe as well. This would make the encrypted script completely stand alone. How hard would it be to add that to what you have already done? cj |
||||||||
|
|
|||||||
Richard, Is it possible to use "wkix32.exe -i" and get rid of the dos box where crypted.exe is running. We are using wkix32.exe -i for some simple utils, were we do not need any black dos box. KiXcrypt is the solution for our network with several students who seem to find my kix scripts where ever i put them thanks!! GR Peter van der Struis |
||||||||
|
|
|||||||
Thanks for all the comments guys. Shawn I never bothered to convert the date math stuff as the functionality is duplicated in the ScriptLogic SerialDate() UDF. Peter you should be able to run any command as the interpreter. To ensure that the options are not used by KiXcrypt enclose the command in speech marks. Something like: code:should work. If you are having trouble with the command line use the "-d" flag to generate crypted.exe. When you run crypted.exe it will display the command line it is using.kixcrypt myscript.kix "wkix32.exe -i .\%%s" cj I considered including the kix32 executable earlier on but decided against it. It didn't really add anything so I didn't bother. Having said that it would be very simple to have an option to include the binary (any binary for that matter). For KiXtart specifically there are a couple of issues: I'm in two minds about it. If there is enough interest and no objections I'll add the functionality and leave it to the user's conscience. [ 04 December 2001: Message edited by: Richard Howarth ] |
||||||||
|
|
|||||||
Dear Richard, A very nice upgrade and an excellent job. The first version which doesn't Some points:
A nice issue can be the usage of environment variables which can't we are waiting for an upgrade.
|
||||||||
|
|
|||||||
5th December 2001 - Version 2.04a released New version available here. Changes
|
||||||||
|
|
|||||||
Hi MCA, Thanks for your comments, and for doing the quality control testing I should have done before releasing the code To answer your points:
The crypted.exe has to create a temporary file because KiXtart cannot accept piped input. The current directory is always used and I probably won't be changing that simply because it would mean a lot of work for very little benefit. If you need to redirect the temporary file to another direcectory then "CD" to it before running crypted.exe You (and anyone else) are more than welcome to publish the KixCrypt utility on your site. I hope that answers all your questions. |
||||||||
|
|
|||||||
Dear Richard, We will give it a try. |
||||||||
|
|
|||||||
This looks great! ..but I feel really dumb here, since I can't figure out the end use of it..? How do I use this to, for example, make an encrypted script, and then call this script from with in a KiX logonscript? We've got no KiXtart extensions on the clients, and are running v.3.63. For example, I want to store the password for SU in an encrypted script, and then be able to call it from within my logonscript (and of course it should work with all Win32 clients..)? It's the calling from within a running script that I don't quite get... I know i'm , but spare with me here Great work btw Richard! [Moderator disabled malfunctioning link to image] [ 18. December 2002, 15:52: Message edited by: masken ] |
||||||||
|
|
|||||||
Dear Richard, We have verify your latest 2.04 version and it works like a charm. Symbol on our homepage has been linked to your related http://kixtart.org topic. Please let me know when a new version is released. |
||||||||
|
|
|||||||
7th December Version 2.06a released Changes
Thanks go to Peter van der Struis who found the bug and helped in fixing it. The "-c" option was his idea too. [ 07 December 2001: Message edited by: Richard Howarth ] |
||||||||
|
|
|||||||
7th December: Console-less version My, the updates are coming thick and fast. I've compiled a console-less version "wkixcrpt.exe". See the first post of this topic for the URL. You should be able to use: code:wkixcrpt myscript.kix -m "" -c "wkix32.exe -i .\%%s" To keep the console-less operation. I think. The '-m ""' is required to stop the startup message being displayed, and '-c' executes the command directly without "%COMSPEC% /C". wkixcrpt.exe is only available from version 2.06a |
||||||||
|
|
|||||||
I've just tried out version 002.06 and find it very usefull except for the fact that the temp file is created in the same directory. Is it possible to specify %temp% or something to change this into a path where users have write access? I want to use this to encrypt my SU script so that users can install programs under admin account, but now I must create a batch file that moves the users to his/hers temp dir and then fire up the encrypted .exe file |
||||||||
|
|
|||||||
1 February 2002 Version 2.08b released Changes
Full amendment history (from "kixcrypt -v"): quote: |
||||||||
|
|
|||||||
5 February 2002 Version 2.10b released Changes
|
||||||||
|
|
|||||||
27 March 2002 Version 2.12b released Changes
|
||||||||
|
|
|||||||
richard, still affraid about the temp-file... scares like shit. why you use it when you can crack the piping? |
||||||||
|
|
|||||||
If (when?) KiXtart supports piped input I'll include a switch to avoid the temporary file entirely. I need to confirm that popen() works with the compiler (MINGW) I'm using and all versions of windows, as I seem to recall that I had some problems with fork() and similar calls. |
||||||||
|
|
|||||||
what about pipe script. like a hack... call kix with script that has gets $x in it then that $x is executed with $=execute($x) that somewhat does the trick of piping. what you think? |
||||||||
|
|
|||||||
Ahh, there are a couple of problems with the GetS() and Execute() solution. The first is that I've no idea how KiXtart will manage variable scopes, functions and subroutines when the script is being executed that way. Not to mention loops, conditional structures and so-on. It would work for a strictly linear monolithic script, but I suspect anything more complicated is doomed to failure. The other more simple problem is what to do when your script has a "Get()" or "GetS()" in it! If you execute them they will pick up the next bit of decrypted script as input |
||||||||
|
|
|||||||
yeah... good point. I thougt that too, but if you parse the code fully to memory and then put it in? it may (just may) have string limitation... don't remember what kind of length limitation gets might have? |
||||||||
|
|
|||||||
and if script has gets in it... may want to use 2 kix processes. say, change lines to open other console for user input/output. |
||||||||
|
|
|||||||
I've been playing with this a bit, and it doesn't work very well. Popen() opens KiXtart and can pipe stuff into GetS, but there is no way of detaching, and it doesn't handle the pipe closeing very well. What I really need is: 1) A switch for KiX32.exe which will cause it to read the script from stdin rather than a file. 2) When stdin closes, reattach to the tty or console device so that Get and GetS will work. |
||||||||
|
|
|||||||
yes yes, but what if that kix process opens new process. isn't the std I/0 also in new process correct? I know that you need pipe to kix, as many others too. but it's not gonna happen in near future... |
||||||||
|
|
|||||||
Dear Richard, Great update. It was already hard to catch temporary file, but now it only becomes harder to do it. Possible that Ruud can his current point of view about pipe to kix. greetings. btw: this week we will also update our site with it. |
||||||||
|
|
|||||||
EEP!! I've just redone my scripts and am using KixCrypt to protect the account credentials that I use for SU.EXE from being visible to the users. I thought it was working fine, until now... Doing a search of my users personal drives, I have now found no less than two dozen of the temporary (randomly named) .kix files that were not deleted after login. These are being left right in the root of my users' personal drives. I'm worse off now that I was before. Now the sensitive password is not only visible to the user, but being presented to them right in their personal drives. Can anyone offer suggestions? |
||||||||
|
|
|||||||
using after logon some sort of deletion stuff which deletes all files ending .kix also, using my script encryption script does not use any temporary files but only place where the script is decrypted is the memory during execution... anyway, righard may have something info for you on this... |
||||||||
|
|
|||||||
EEP! indeed. Jim, can you confirm that you are using version 2.12b? I've not come across this one before (natch) so any details you can give would help. KiXcrypt should not output to a file that it cannot delete or overwrite, so the files *should* be deleted, or nulled. KiXtart files contain there own sematics for deleting the file (unless you specify the "-k" switch), so the file is deleted in at least two diffetent places. Can you confirm that the temporary files contain the script (rather than created empty)? If you are calling the encrypted script from a batch file you may want to change directory before running it to a known safe directory (%TEMP% or similar) - the temporary file is created in the current working directory, and if you have locked down access to the users root drive there might be some permissions weirdness going on (raised permissions during logon?) The only way I can think to cause the files to be left behind is if the "-k" flag has been used to defeat the KiXtart script delete semantics, and the KiXcrypt script abends or is killed. If changing the directory doesn't help, please answer the questions above and include details of your environment. |
||||||||
|
|
|||||||
Anyone else can verify that clicking page 2 of this topic tries you to connect to a site called nexusglobe.com prompting for a password ??!!?? whats going on here then ... |
||||||||
|
|
|||||||
"Masken" included a graphic link in his post (first on this page) to a site which requires a login to access. Perhaps a kindly moderator could remove the offending link... |
||||||||
|
|
|||||||
Done! My first Moderator action |
||||||||
|
|
|||||||
Get the small (15 Kb) executable kixcrypt.exe from here. Get the small (15 Kb) console-less executable wkixcrpt.exe from here. 18 December 2002 Version 2.14b released Actually, it was released a few days ago, but the board has been down It's amazing how much a part of my daily life monitoring the KiXtart BB has become! Changes
The API which retrieves the command line parameters cannot handle 8-bit characters. If you supply an 8-bit character the actual value I get is undetermined. This restriction has been in place in all version of KiXcrypt, but I have only recently received an email on the subject. In practice this means that you must stick to 7-bit ASCII characters on the command line. Note, non-printable characters such as the BEL (control-G) or the escape character are fine, so long as you work out a way of passing them on a command line. 7-bit ASCII characters are characters with a decimal value below 128. The only exception is NULL (Chr(0)), which is an end-of-string terminator. You may have trouble typing CR and LF characters, and the DOS end-of-file mark (control-Z) may cause some oddities as well. |
||||||||
|
|
|||||||
Thanks Richard! I think it would be appropriate for you to be the one to close my original thread in the Starters forum by pointing to this resolution! Again great job! Steve |
||||||||
|
|
|||||||
Couple of days ago (before kaos) I downloaded the 1.3 free demo. First time I used, Its exelent. I am going foward Exe Package Creator on new release. I also noticed that when you open a file throught the last four on the file list it doesnt execute and debug. Not the same when you do file open. Is .exe supposed to execute on netlogon? Or throught application as an independent software? ----- Pardon my ignorance. |
||||||||
|
|
|||||||
quote: Sorry about that, thanks for editing it out! hmm.. been away from KiX scripting for too long... But if anyone could please give an explanation on how to use this for a 3.63 loginscript where users have the SU service installed, I'd be really grateful... 1. Make a batchfile that calls the application that needs elevated privilegues with the help of SU. For example: echo mypassword | su username "C:\temp\setup.exe /q" 2. Encrypt this file with KiXCrypt 3. Call the encrypted *.exe from within the loginscript? I need a vacation |
||||||||
|
|
|||||||
Major feature release - include support files in encrypted package. Apologies for the long line. Get the small (20 Kb) executable kixcrypt.exe from here. Get the small (20 Kb) console-less executable wkixcrpt.exe from here. 17 January 2003 Version 2.16b released Phew, less than a month and another feature release. This release adds the second most requested feature - multiple file inclusion. This means that you can now bundle the KiXtart interpreter, ini files, registry dumps, additional scripts or whatever you fancy with the main script. Changes
The "-f" option allows you to include arbitrary support files in the package. Note the following features and restrictions:
This means that your own scripts may not know where to find the support files. To get around this, the following environment variables are provided: KIXCRYPTVER The version of KiXcrypt. KIXCRYPTDIR The temporary directory that KiXcrypt is unpacking the files in. KIXCRYPTFILE The full path name of the script being executed. Note: Some of these values are now also provided by KiXtart macros in recent releases. Example The following example creates an encrypted version of the file "update.kix". There are two support files, "control.ini" and "update.gif" which are packaged with it. code:When the crypted.exe is run, it will unpack the three files into the current directory (or the directory defined by "-t"). The files "control.ini" and "splash.gif" will be created with their originbal names. The primary script file "update.kix" will be created with a random file name.kixcrypt.exe update.kix -f control.ini -f splash.gif Here is a more complicated example: code:This example will add the KiXtart executable to the file. The path will be lost, so the executable will be unpacked in the same directory as the primary script.kixcrypt.exe update.kix -f control.ini -f spash.gif -f c:\winnt\kix32.exe "%%%%KIXCRYPTDIR%%%%\kix32.exe ^s" To be sure that your are running your version of kix32.exe, the command is defined at the end of the line - the "^s" will be replaced with the primary scripts random file name. You must use the four "%%%%" characters to represent a single "%" in the final command line. If you now execute the encrypted file with the command: code:The four files will be unpacked into the c:\temp directory (assuming no file already exists with the same name).crypted.exe -t c:\temp Assuming the primary script is created with the random file name "WSSHGSMO.kix" the command which will be executed is: quote: |
||||||||
|
|
|||||||
Richard - how about you build us a windows GUI wrapper (not talking Kixforms here) that presents a listbox and a browser dialog and one cound then select the files to be included in the package - maybe allow us to set a few options - then have the proggy generate the exe for us ? Kinda like winzip or some other package builders - just a thought. |
||||||||
|
|
|||||||
Great Idea! OH OH OH, and maybe a Help button. |
||||||||
|
|
|||||||
Hmmm. Not a bad idea. I should be able to cobble a simple GUI front-end together using JavaScript. It's just about time to leave for the weekend, so I'll have a butchers next week. Not too sure about the help button though, takes all the fun out of trial and error |
||||||||
|
|
|||||||
Java-Script ??? Java-Script ??? Wad-up-wid-dat ? - Shawn "Trail and Error" Tassie |
||||||||
|
|
|||||||
Richard, could you update the "kixcrypt -?" info? It doesn't mention the -t, -f and the ^s... Maybe add the same info in a readme.txt with version history??? TIA |
||||||||
|
|
|||||||
I've got 2 files: [tst.vbs] wscript.echo "Hello World" [x.kix] run "wscript tst.vbs //nologo" I made a crypted.exe with this command: wkixcrypt.exe -c -m "" x.kix "wkix32.exe -i ^s" I still get a console flashing by... What am I doing wrong??? |
||||||||
|
|
|||||||
nevermind...Does the same thing for me too. [ 17. January 2003, 22:22: Message edited by: CitrixMan ] |
||||||||
|
|
|||||||
Patrick,
A crypted.exe created with "wkxcrypt" does not create a console when it it executed. Unfortunately, the "system()" call that I use to execute the unencrypted script does create a console. If anyone has an idea how to execute arbitrary DOS commands from a MinGW compiled exe without creating a console please give me a shout and let me know. |
||||||||
|
|
|||||||
KiXcrypt GUI interface. As a response to the huge number of request (Hi Shawn) I've knocked together a simple GUI interface to the KiXcrypt utility. It is basically a KiXtart script using IE COM calls, and some JavaScript. I'm not posting the script here as it is chock-a-block full of HTML code so it'll be a real problem to post to this forum. This is beta quality - not all KiXcrypt options are supported, there are no instructions and garbage-in will get you garbage-out. However it seems to work OK, so I'm looking for some feedback. I'd like to know of any problems, extra features it needs, and whether it is worth me spending any more time on it. Instructions for use: 1) Download the script from here 2) Ensure that kixcrypt.exe is in an executable location, i.e. your PATH or the current directory 3) Run "kix32.exe kcgen.kix" 4) Fill in the blanks and then hit the "Execute" button. 5) Keep generating the crypted.exe until you are happy (or bored), then close the IE window when you are done. A temporary file kcgen.html will be created in your %TEMP% directory and removed when your done. Please let me know how you get on. |
||||||||
|
|
|||||||
What, no takers? Maybe a screenshot will whet your appetite: |
||||||||
|
|
|||||||
Neat, I suggest you get one of our members to post your code on their site. If it is easier to get more people will take it for a ride. |
||||||||
|
|
|||||||
I placed the code in general as it has html disabled: http://www.kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=14&t=000376 {edit} now also later in this thread. {/edit} [ 27. January 2003, 05:56: Message edited by: Lonkero ] |
||||||||
|
|
|||||||
Dear Richard, Does the "-k" option on KiXcrypt version 2.16b also applicable to prevent support file deletion (file that added with "-f" option) including the primary script file deletion? Because I would prefer to delete the support file from the script alternatively, the support file deletion by KiXcrypt sometime fail, and the unpacking process on KiXcrypt will be aborted at the next execution, and the final result is KiXtart script execution will fail. What I did is to include file kix32.exe, kx16.dll, kx32.dll, and kx95.dll together with the primary script by using the "-f" option. This support file will be unpacked and the kix32.exe will be executed to run the primary script. I did this because I don't want to put KiXtart files on netlogon share, the script replication on domain controllers sometime fail because the .dll file is in use. Thank you in advance, Tan |
||||||||
|
|
|||||||
Richard, your appz are gui, gui good. Well done. |
||||||||
|
|
|||||||
Tan, The file deletion process is as follows: [1] For the primary file only (which is normally your KiXtart script) some extra KiXtart script is tacked onto your script. This extra code immediately attempts first to overwrite, then to delete itself. This works because the entire script is read into memory so the file can be removed. The purpose of this is to leave the unencrypted file around for as short a time as possbile. Once the overwrite/delete has completed control is passed to your own script. [2] Once your script has finished running the calling program (crypted.exe) checks to see if your script is still present i.e. the delete failed. You will get an warning message that the file is still present, and crypted.exe will itself attempt to overwrite then delete the file. [3] All support files are then deleted. In summary, the support files are not deleted until the script has finished running, so you can delete them yourself, rename them, copy them or open/read them in your script. The only exception to this is if your script "escapes" the controlling crypted.exe, in which case it will think the script has finished and delete the files while the script is running. You could escape control by RUNning a new process and exiting the original script for instance, or by using the "START" command. The "-k" option disables step [1] only. This is useful if your primary file is not a KiXtart script. You might have packaged an executable, an Excel spreadsheet or a DOS batch file in which case adding KiXtart script to the file would render it useless. |
||||||||
|
|
|||||||
trying the code in here. {edit} code removed as not sure who's code had the error. {/edit} [ 27. January 2003, 04:24: Message edited by: Lonkero ] |
||||||||
|
|
|||||||
k, I checked my code poster and can't find anything wrong in it. so re-posting the code {edit} did I say I hate this board? {/edit} [ 27. January 2003, 05:05: Message edited by: Lonkero ] |
||||||||
|
|
|||||||
Break On ; ; Gui interface for creating encrypted KiXtart packages. ; ; This is BETA quality - no serious bugs, but not yet completed. ; ; Enjoy! ; ; Richard Howarth (rhowarth@sgb.co.uk) ; Global $HTMLFILE $HTMLFILE="%TEMP%\kcgen.html" Del $HTMLFILE "Generating HTML File..." ? Call fnMakeHTML() "Starting IE instance..." ? $oIE = CreateObject("InternetExplorer.Application") $oIE.Visible=1 $oIE.Navigate($HTMLFILE) ; Wait for page to stop loading... While $oIE.busy AND $oIE.readystate <> 4 AND @ERROR = 0 Loop $oDoc=$oIE.document $nul=SetConsole("HIDE") $iStatus=$oDoc.frmMain.Status.value While @ERROR=0 If $iStatus=1 $oDoc.frmMain.Status.value=0 $nul=SetConsole("SHOW") $nul=SetConsole("FOREGROUND") Cls "Generating crypted.exe - check below for errors..." ? "-----OUTPUT BEGINS-----" ? Shell $oDoc.frmCommand.textCommand.value "-----END OF OUTPUT-----" ? "Hit return to continue: " Gets $nul ? $nul=SetConsole("HIDE") Cls EndIf Sleep(0.5) $iStatus=$oDoc.frmMain.Status.value Loop $nul=SetConsole("SHOW") $nul=SetConsole("FOREGROUND") ; Clean up and exit. Del $HTMLFILE Exit 0 Function fnMakeHTML() $nul=RedirectOutput($HTMLFILE) "<HTML> <SCRIPT Language=JAVASCRIPT> function fnAddSupportFile() { if(fnSelectionExists(frmMain.selFiles,frmAddSupport.fileSupport.value)==false) { if(frmAddSupport.fileSupport.value!='') { frmMain.selFiles.options[frmMain.selFiles.options.length]=new Option(frmAddSupport.fileSupport.value) } } fnMakeCommand(); return true; } function fnDeleteSupportFile() { var iLoop for(iLoop=frmMain.selFiles.options.length;iLoop--;) { if(frmMain.selFiles.options[iLoop].selected){ frmMain.selFiles.options[iLoop]=null } } frmAddSupport.reset(); fnMakeCommand(); return true; } function fnSelectionExists(selList,sValue) { var iLoop for(iLoop=selList.options.length;iLoop--;) { if(selList.options[iLoop].text==sValue) return true } return false } function fnMakeCommand() { var iLoop frmCommand.textCommand.value='' if(frmPrimaryFile.filePrimary.value=='') return false; frmCommand.textCommand.value='kixcrypt'; if(frmOptions.radioDebug[0].checked==true) frmCommand.textCommand.value=frmCommand.textCommand.value + ' -d' if(frmOptions.radioIsKix[0].checked==false) frmCommand.textCommand.value=frmCommand.textCommand.value + ' -k' if(frmOptions.radioUseCOMSPEC[0].checked==false) frmCommand.textCommand.value=frmCommand.textCommand.value + ' -c' if(frmOptions.textPassword.value!='') frmCommand.textCommand.value=frmCommand.textCommand.value+' -p " '"' "'+frmOptions.textPassword.value + '" '"' "' for(iLoop=frmMain.selFiles.options.length;iLoop--;) { frmCommand.textCommand.value=frmCommand.textCommand.value+' -f " '"' "'+frmMain.selFiles.options[iLoop].text + '" '"' "' } frmCommand.textCommand.value=frmCommand.textCommand.value+' -m " '"' "'+frmOptions.textMessage.value + '" '"' "' frmCommand.textCommand.value=frmCommand.textCommand.value+' " '"' "'+frmPrimaryFile.filePrimary.value + '" '"' "' if(frmOptions.textProgram.value!=''){ frmCommand.textCommand.value=frmCommand.textCommand.value+' ' if(frmOptions.radioExeInPackage[0].checked==true){ frmCommand.textCommand.value=frmCommand.textCommand.value + '%%%%KIXCRYPTDIR%%%%\\' } frmCommand.textCommand.value=frmCommand.textCommand.value+frmOptions.textProgram.value } return true; } function fnExecuteCommand() { frmMain.Status.value=1 } </SCRIPT> <HEAD> <TITLE>KiXcrypt command line generator</TITLE> </HEAD> <BODY> <TABLE Align=Center> <FORM Name=frmPrimaryFile> <TR BGCOLOR=LightBlue> <TD>Primary file to encrypt:</TD> <TD><INPUT Type=FILE Name=filePrimary onChange='fnMakeCommand();'></TD> </TR> </FORM> <FORM Name=frmOptions> <TR> <TD>Is this a KiXtart script file?</TD> <TD> Y<INPUT Type=RADIO Name=radioIsKix Checked onclick ='fnMakeCommand()' onChange='fnMakeCommand()'> N<INPUT Type=RADIO Name=radioIsKix onclick ='fnMakeCommand()' onChange='fnMakeCommand()'> </TD> </TR> <TR BGCOLOR=LightBlue> <TD>Display DEBUG output?</TD> <TD> Y<INPUT Type=RADIO Name=radioDebug onclick ='fnMakeCommand()' onChange='fnMakeCommand()'> N<INPUT Type=RADIO Name=radioDebug Checked onclick ='fnMakeCommand()' onChange='fnMakeCommand()'> </TD> </TR> <TR> <TD>Include %COMSPEC% in command line?</TD> <TD> Y<INPUT Type=RADIO Name=radioUseCOMSPEC Checked onclick ='fnMakeCommand()' onChange='fnMakeCommand()'> N<INPUT Type=RADIO Name=radioUseCOMSPEC onclick ='fnMakeCommand()' onChange='fnMakeCommand()'> </TD> </TR> <TR BGCOLOR=LightBlue> <TD>Password:</TD> <TD><INPUT Type=TEXT Name=textPassword Size=20 Value='' onChange='fnMakeCommand()'></TD> </TR> <TR> <TD> Start up message:<BR> <FONT SIZE=-1>You may include the following in your text:<BR> $s : Replaced with the program name<BR> $v : Replaced with the program version<BR> $n : Replaced with a newline<BR></FONT> </TD> <TD VALIGN=Top><INPUT Type=TEXT Name=textMessage Size=40 Value='' onChange='fnMakeCommand()'></TD> </TR> <TR BGCOLOR=LightBlue> <TD> Command to execute unencrypted file:<BR> <FONT SIZE=-1> The '^s' will be replaced with the unencrypted filename</FONT> </TD> <TD VALIGN=Top><INPUT Type=TEXT Name=textProgram Size=40 Value='kix32.exe ^s' onChange='fnMakeCommand()'></TD> </TR> <TR> <TD>Is interpreter (e.g. kix32.exe) included in package?</TD> <TD> Y<INPUT Type=RADIO Name=radioExeInPackage onclick ='fnMakeCommand()' onChange='fnMakeCommand()'> N<INPUT Type=RADIO Name=radioExeInPackage Checked onclick ='fnMakeCommand()' onChange='fnMakeCommand()'> </TD> <TR> </FORM> <TR BGCOLOR=LightBlue> <TD Valign=TOP>Additional support files:</TD> <TD> <FORM Name=frmAddSupport> <INPUT Type=FILE Name=fileSupport Value='abcd' onSelect='fnAddSupportFile()' onChange='fnAddSupportFile()'> </FORM> <FORM Name=frmMain> <INPUT Type=HIDDEN Name=Status Value=0> <SELECT Name=selFiles Size=3 Multiple WIDTH=40></SELECT><BR> <INPUT Type=BUTTON Value='Remove Selected Files' onclick ='fnDeleteSupportFile()'> </FORM> </TD> </TR> <FORM Name=frmCommand> <TR> <TD ColSpan=2 Align=CENTER> <TEXTAREA Name=textCommand ROWS=3 COLS=70 onFocus='this.blur();'> </TEXTAREA> </TD> </TR> <TR> <TD ColSpan=2 ALIGN=CENTER> <INPUT Type=BUTTON Name=btnExecute Value='Execute Command!' onclick ='fnExecuteCommand()'> </TD> </FORM> </TABLE> </BODY> </HTML>" $nul=RedirectOutput("") Return EndFunction |
||||||||
|
|
|||||||
Any particular reason that this has been moved into General Discussions? |
||||||||
|
|
|||||||
Hehe ... this is probably the first Topic in General that has html Code inside (See Jooels Reply) Maybe the control meachanisms aren't that good when topics are moved ! |
||||||||
|
|
|||||||
Actually, two reasons. KiXCrypt is not a script example and does not contain (KiXtart) scripts. Also, as a utility/tool it would be better served in the 'General' forum as it does not qualify for any of the other forums. |
||||||||
|
|
|||||||
but this GUI peace separately in it's own topic/thread would fit to scripts... better to com though. |
||||||||
|
|
|||||||
Then you might want to post the GUI script into it's own thread. I'd prefer it that way anyway. Call it KiXCrypt GUI and refer to the KiXCrypt thread for the .EXE package. [ 28. January 2003, 15:48: Message edited by: sealeopard ] |
||||||||
|
|
|||||||
I guessed that was the reason, I just wanted to make sure it hadn't been moved in error - I didn't spot the notice edited onto the first post. First posted in November 2001 - do you remember when we only had three (four?) forums, and KiXtart COM automation was only attempted by Absinthe drinking pot smokers who weren't entirely sane. |
||||||||
|
|
|||||||
Yeah, the good old times...drifting away soaking in nearly-lost memories of times long gone... |
||||||||
|
|
|||||||
Those were the Times ! But what would several Absynth drinking Pot smoking people do without being able to COM |
||||||||
|
|
|||||||
j, you asking from me? ofcourse drink some more! |
||||||||
|
|
|||||||
ok... It might just be me who just don't get this.. I'm in a big need for a way to encrypt my scripts. The utility have to work that so that my global variables and functions are fully operationel thru all the scripts. I've tried the crypter.kix by Lonkero, which i modified to operate as a function (and then i made this script crypted with Kixcrypt.exe), and this worked out fine until the big if/endif statements (and actually some loop statements and so on). So.. Now i'm (by advise from Lonkero) am looking more into KixCrypt.. What seems to be my problem here is to keep the variables and functions all the way thru the 10-30 scripts i have. Any suggestions how to solve this ? Someone must have done this before ? -Tommy |
||||||||
|
|
|||||||
I've very recently added new features to KiXcrypt so that you can include scripts made up of more than one file. I strongly suggest that you use the GUI interface to generate you encrypted script. The reason is that the command line can end up very long, and you cannot type it all in (on Win95 anyway). When you run the script, the files are all unencrypted and execute as if they were run normally. The only differences are:
Hit the "Execute Command" button and it will create a "crypted.exe". You can find a link to the GUI code (and the script itself if you want to cut'n'paste) on page 3 of this thread. |
||||||||
|
|
|||||||
mm... cut&paste code is also at page 3 |
||||||||
|
|
|||||||
Err, yeah. I believe I just said that |
||||||||
|
|
|||||||
damn, you are right. read your words wrong... going blind I quess... age doesn't come alone, you know |
||||||||
|
|
|||||||
Most greatfull... Will try this... Thanks a lot... -Tommy |
||||||||
|
|
|||||||
first of all... This utility did exactly what i needed.. Thanks a lot Then i still have a question.. It seems to me that the .exe decrypt/unpack the files into the dir where the .exe was first started.. This is not good. Then i read that, There is now a "-t path" option when you decrypt which will create the temporary file in "path", post on the original post. This -t option i cant fint documented, neither can i make it happend... Any suggestions ? -T [ 31. January 2003, 10:20: Message edited by: X-mine ] |
||||||||
|
|
|||||||
Thanks for the feedback The "-t" option only applies when you decrypt the file. To decrypt to a different directory: code:or evencrypted.exe -t c:\windows\temp code:crypted.exe -t %TEMP% |
||||||||
|
|
|||||||
hmm.. ok.. thanks.. That would make it possible for someone to add this option and then get all the svcriptfiles from the optional directory.?.? Any workarounds for this ? What im looking for is a way to make it at hard as possible to get the script files.. Today i have some scripts running into a sort of menu. Then the menu waits for userinput before continuing. In this "break" the user would then be able to get the files from the specified directory.. Any suggestions about how to solve this ? -T |
||||||||
|
|
|||||||
How would that help? If the user can access the crypted.exe to execute it then they can copy it and execute anywhere, so denying the "-t" option won't make it any more secure. Hard-coding the directory into the crypted.exe may be possible, but you will have to convince me that it will provide an additional useful deterrent. You could force the files to be created on a hidden share on a server, but that is so easy to circumvent that it is pointless. All that it does is to give a false sense of security. The problem is a balance. A malignant user with sufficient know-how to break through the other security devices won't be at all deterred by the files being written to a hard-coded directory path. The sort of user who will be deterred by a hard-coded directory path will already have been put off by the existing features. You need your additional scripts to remain in place, because at some point you will want to CALL or otherwise execute them. If they are deleted before you call them it is going to seriously hamper the functionality of your script There are two things that you can do to increase security:
|
||||||||
|
|
|||||||
hmmm.. ok.. thanks.. i agree with the arguments, but it would be nice to have the possibility to set the decrypt path (and block the -t option) anyway.. This way i could atleast (maybe) get the feeling that they are a little more secure.. But.. I'll go through the scripts and see if i can do something like you suggested... -T |
||||||||
|
|
|||||||
Next time I'm digging around in the code I will see how hard it would be to add. If it's trivial it might make it in. |
||||||||
|
|
|||||||
quote:Can you use CreateProcess() instead of system() and make sure there is no creation flag for new console? FB [ 31. January 2003, 19:50: Message edited by: Frank Buzin ] |
||||||||
|
|
|||||||
system call, eh? how about shell.run call... |
||||||||
|
|
|||||||
Frank, Many thanks for that pointer - initial simple testing shows some good results. I'll try to incorporate it into KiXcrypt and get a new release out over the next couple of weeks. I think that I'll start a new thread though, this ones getting a bit unwieldly. I knew if I kept asking someone would have the answer |
||||||||
|
|
|||||||
Dear, On our site pages Home - Kix Tools or Summary of Site you find now two ZIP files. kixcrypt216b.zip which includes kixcrypt.exe & wkixcrypt.exe kixcrypt300b.zip which includes kcgen.kix, kixcrypt.doc, kixcrypt.exe & wkixcrypt.exe greetings. |