Author Topic: CLR: Secure String [Plan B]  (Read 346 times)

stanl

  • Pundit
  • *****
  • Posts: 1110
CLR: Secure String [Plan B]
« on: May 04, 2019, 03:29:01 am »
Attached Secure String is displayed as plain text with the script below. Needed to run it through Powershell as the SecureStringToGlobalAllocUnicode method failed via normal CLR [at least for me]. Of course, secure strings are really not that secure ::)
Code: Winbatch

;Stan Littlefield May 4th 2019   [ May 4th be with you ]
;=================================================================================


file="c:\TEMP\secretdata.txt"
If ! FileExist(file) Then Terminate(@TRUE,"Cannot Continue","Missing ":file)


Message("Secure String",FileGetW(file))
ClipPut("")


cScript='$storage = "%file%"':@CRLF
cScript=cScript:'$secureString = Get-Content -Path $storage | ConvertTo-SecureString':@CRLF
cScript=cScript:'$ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToGlobalAllocUnicode($secureString)':@CRLF
cScript=cScript:'$mysecret = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($ptr)':@CRLF
cScript=cScript:'$mysecret | clip'




ObjectClrOption("useany", "System.Management.Automation")
objAutoPs = ObjectClrNew("System.Management.Automation.PowerShell")
oPshell = objAutoPs.Create()
oScope = ObjectType("BOOL",@TRUE)
oPshell.AddScript(cScript,oScope)
objAsync = oPshell.BeginInvoke()
oPShell.EndInvoke(objAsync)      


oPShell=0


Message("Decrypted",ClipGet())




Exit