How to encode scripts in an HTA with a VBS _HTA

Ask:
Hello, Scripting Guy! How do I encode a script within an HTA?
--LL
For:
Hello, LL. You know, just when we saw this question, we were thinking, "What's the big deal?" Isn't it possible to encode scripts in an HTML Application (HTA) as you would in an HTML file? "To our great surprise, we don't seem to be able to encode the script in an HTA; every time we try to do this, we return an error message like the following:
Scripting Encoder Object ("Scripting.encoder") failed on C:\Scripts\test.hta
To be honest, we never found a way to encode a script in an HTA. But it doesn't matter, because we did come up with a tricks to solve the problem. We'll show you in a moment.
But before we do, we need to take a moment to explain what it means to encode the script. Microsoft has a utility called Script Encoder, which "disrupts" your scripting code. For example, suppose you have a script similar to the following:
StrComputer = "."
Set objWMIService = GetObject ("winmgmts:\\" & StrComputer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery ("SELECT * from Win32_OperatingSystem")
For each objOperatingSystem in colOperatingSystems
Msgbox objoperatingsystem.caption & "" & objOperatingSystem.Version
Next
Suppose, for some reason, you want people to be unable to read script code. This is a problem: after all, anyone who has the right to run a script has the same right to open the script in Notepad and see what they want to see. However, after the same script is processed by the script encoder, it will appear as follows:
#@~^8aeaaa==@#@&@#@&@#@&,pp,?! 8pv+oru.n.kkw@#@&,pp,~~pkymzg:2;d+. P{~jcj@#@&,pp~~,p~p,~u+o,w (LTQ
und7k^+, ' ~!yr (%+1y ' Rarxsosyd ') wwrp ' pkod;wh2!y+.~lp~j '. Kwo ' mb:\yj*@#@&@#@&~p,p~~,pp,~?yp1gsra+mlokuluxdyh/, ' ~g (
L\ (u+.\b^r3x+1pedh~{@#@&~p,p~~,pp,~p,ppvej+^+1y~e~w
MWhPqrx2 M6A+DCOBXL? HDD+HR#@#@&@#@&P,~P,P~P,P~OKDPACM4PW (%6wdmyr
Xljh/o+s~kp^g^rwn.myrxtjh/o:k@#@&,p,~p,p~p,p~~,phkl4k6pk8%ra+m
Lokuluxdyhr;l2obwx~ ', J~j, ', {@#@&p,pp,p,~p,p~p,p~~,pw (%ra+dmorxt? H/o+h
j+./bgx@#@&~~,pp~~,p~pgnxy@#@&p,ppax9~?! 4@#@&qyqaaa==^#~@
The script still works, but it's hard for anyone to look at the code and plagiarize your work. (You're right: Still, but it's really better than Hello, Scripting Guys!) Most of the jokes mentioned are more meaningful)
Now, the important thing to remember is that we just encode (or disrupt) the script, and absolutely no encryption. What does that mean? This means that the encoder will hide your script for most people, but a real hardcore hacker with a knowledge of coding or a utility downloaded from the Internet can crack the code. This means, in particular, that you should never "hide" the Administrator password in the script, or that the "Scripting Encoder" guarantees that the password will not be spied upon. It's not like you think, because it's a coder, not a cipher, and it's definitely different.
So what about the problem with scripting in an HTA? Well, let's say you have an HTA similar to the one shown below (we also assume that you have downloaded and installed the Script encoder):
<title>operating System version</title>
Applicationname= "Operating System Version"
Scroll= "Yes"
Singleinstance= "Yes"
>
<script language= "VBScript" >
Sub getosversion
StrComputer = "."
Set objWMIService = GetObject ("winmgmts:\\" & StrComputer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
("SELECT * from Win32_OperatingSystem")
For each objOperatingSystem in colOperatingSystems
Msgbox objoperatingsystem.caption & "" & _
objOperatingSystem.Version
Next
End Sub
</script>
<body>
<input type= "button" value= "Operating System" name= "Run_button" onclick= "Getosversion" >
</body>
If you want to encode the VBScript portion of this HTA, first use the ' **start encode** tag to mark the beginning of the part you want to encode. In other words, the,<script> tag needs to be like this so that ' **start encode** happens to precede the first line of VBScript code:
<script language= "VBScript" >
' **start encode**
Sub getosversion
StrComputer = "."
Set objWMIService = GetObject ("winmgmts:\\" & StrComputer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
("SELECT * from Win32_OperatingSystem")
For each objOperatingSystem in colOperatingSystems
Msgbox objoperatingsystem.caption & "" & _
objOperatingSystem.Version
Next
End Sub
</script>
In theory, this allows the script to be encoded by running Screnc.exe and passing two parameters (the name of the existing HTA file (Test.hta) and the name to be assigned to the encoding file (Encoded.hta):
C:\scripts>screnc Test.hta Encoded.hta
Unfortunately, this is not a viable option.
Why? Oh, we're really not sure. However, we know how to make a real pass. All we need to do is change the extension of an existing file. hta to. htm. In other words, we simply rename the test.htm file. The script encoder cannot process HTA files, but processing HTML files is no problem. Now, we can start the script encoder using syntax similar to the following:
C:\scripts>screnc test.htm Encoded.hta
Is it really possible to do this? Don't tell us you doubt the Scripting Guys! The encoded. HTA will resemble the following:
<title>operating System version</title>
Applicationname= "Operating System Version"
Scroll= "Yes"
Singleinstance= "Yes"
>
<script language= "Vbscript.encode" >
' **start encode**#@~^8aeaaa==@#@&@#@&@#@&,pp,?! 8pv+oru.n.kkw@#@&,pp,~~pkymzg:2;d+. P{~jcj@#@&,pp~~,p~p,~u+o,w (LTQ
und7k^+, ' ~!yr (%+1y ' Rarxsosyd ') wwrp ' pkod;wh2!y+.~lp~j '. Kwo ' mb:\yj*@#@&@#@&~p,p~~,pp,~?yp1gsra+mlokuluxdyh/, ' ~g (
L\ (u+.\b^r3x+1pedh~{@#@&~p,p~~,pp,~p,ppvej+^+1y~e~w
MWhPqrx2 M6A+DCOBXL? HDD+HR#@#@&AMP;@#@&AMP;P,~P,P~P,P~OKDPACM4PW (%6wdmyr
Xljh/o+s~kp^g^rwn.myrxtjh/o:k@#@&,p,~p,p~p,p~~,phkl4k6pk8%ra+m
Lokuluxdyhr;l2obwx~ ', J~j, ', {@#@&p,pp,p,~p,p~p,p~~,pw (%ra+dmorxt? H/o+h
j+./bgx@#@&~~,pp~~,p~pgnxy@#@&p,ppax9~?! 4@#@&qyqaaa==^#~@</script>
<body>
<input type= "button" value= "Operating System" name= "Run_button" onclick= "Getosversion" >
</body>
It is still a valid HTA; Clicking the button returns the name and version of the operating system installed on the local machine. But for anyone who tries to look at the code, it looks like a sheer clutter of information. (Needless to say, the Scripting Guys know more about this clutter than anyone else!) ）