How to save decode encoded binary to a variable?

Get help with using AutoHotkey and its commands and hotkeys
pv007
Posts: 21
Joined: 20 Jul 2020, 23:50

How to save decode encoded binary to a variable?

20 Nov 2020, 20:57

Code: Select all

B64 := Base64Enc_FromFile(A_AhkPath)
convert the autohotkey.exe binary to base64;

Code: Select all

File = C:\Users\Documents\decoded_base64_encoded.txt
Base64Dec_ToFile(B64, File)
decode the previous encoded file and save it as a binary into a .txt file;
image.png
image.png (59.49 KiB) Viewed 232 times
How do I store this content shown on the image into a variable, without needing to previous save it into a text file?

I mean something like:

Code: Select all

content = Base64Dec(B64)
And content variable, stores the same thing that is shown on the image above.
I have tested many base64decode functions found here on the forum, but none gives the same output as the one saved on the txt file/shown on the image.
It might be missing to add something.

Code: Select all

Base64Dec_ToFile(ByRef B64, FileName) {
	nBytes := Base64Dec(B64, Bin)
	FileOpen(FileName, "w").RawWrite(Bin, nBytes)
}
I tried to print bin but it are blank, and nBytes are just few numbers, where does the decoded code is stored before written to file?

@SKAN any idea? I have tested all your b64 functions :headwall:

Current script:

Code: Select all

b64 := Base64Enc_FromFile(A_AhkPath)

File = C:\Users\Documents\decodedb64.txt
Base64Dec_ToFile(B64, File)

ExitApp
Base64Enc( ByRef Bin, nBytes, LineLength := 64, LeadingSpaces := 0 ) { ; By SKAN / 18-Aug-2017
Local Rqd := 0, B64, B := "", N := 0 - LineLength + 1  ; CRYPT_STRING_BASE64 := 0x1
  DllCall( "Crypt32.dll\CryptBinaryToString", "Ptr",&Bin ,"UInt",nBytes, "UInt",0x1, "Ptr",0,   "UIntP",Rqd )
  VarSetCapacity( B64, Rqd * ( A_Isunicode ? 2 : 1 ), 0 )
  DllCall( "Crypt32.dll\CryptBinaryToString", "Ptr",&Bin, "UInt",nBytes, "UInt",0x1, "Str",B64, "UIntP",Rqd )
  If ( LineLength = 64 and ! LeadingSpaces )
    Return B64
  B64 := StrReplace( B64, "`r`n" )        
  Loop % Ceil( StrLen(B64) / LineLength )
    B .= Format("{1:" LeadingSpaces "s}","" ) . SubStr( B64, N += LineLength, LineLength ) . "`n" 
Return RTrim( B,"`n" )    
}

Base64Dec( ByRef B64, ByRef Bin ) {  ; By SKAN / 18-Aug-2017
Local Rqd := 0, BLen := StrLen(B64)                 ; CRYPT_STRING_BASE64 := 0x1
  DllCall( "Crypt32.dll\CryptStringToBinary", "Str",B64, "UInt",BLen, "UInt",0x1
         , "UInt",0, "UIntP",Rqd, "Int",0, "Int",0 )
  VarSetCapacity( Bin, 128 ), VarSetCapacity( Bin, 0 ),  VarSetCapacity( Bin, Rqd, 0 )
  DllCall( "Crypt32.dll\CryptStringToBinary", "Str",B64, "UInt",BLen, "UInt",0x1
         , "Ptr",&Bin, "UIntP",Rqd, "Int",0, "Int",0 )
Return Rqd
}

Base64Enc_FromFile(FileName) {
	FileGetSize, nBytes, %FileName%
	FileRead, Bin, *c %FileName%
	return Base64Enc(Bin, nBytes)
}

Base64Dec_ToFile(ByRef B64, FileName) {
	nBytes := Base64Dec(B64, Bin)
	FileOpen(FileName, "w").RawWrite(Bin, nBytes)
}
pv007
Posts: 21
Joined: 20 Jul 2020, 23:50

Re: How to save decode encoded binary to a variable?

21 Nov 2020, 05:53

My intention is not to run hidden executables, is: to not write to disk things installed inside my executables.
I know it's still accessible in the src or that have x ways to for people still get it, but that's not the case, as you ask this is my goal.
User avatar
TheArkive
Posts: 401
Joined: 05 Aug 2016, 08:06
GitHub: TheArkive

Re: How to save decode encoded binary to a variable?

21 Nov 2020, 06:39

I suppose loading an EXE into memory could be a faster way to poll data/resources inside the exe, or even make repeated calls to the EXE faster then continually reading from the harddrive.

Sounds like it could be a legit usage.

As far as decoding Base64 to a var:

Code: Select all

b64Decode(string) {
    ; ====================
    ; https://autohotkey.com/boards/viewtopic.php?f=6&t=47895
    ; Base64 Encode / Decode a string (binary-to-text encoding)
   ; =========================
    InvalidChars := RegexMatch(string,"[\#\(\)\$\^\{\}\[\]\.\*\?\+\|]+")
    If (InvalidChars > 0) {
        MsgBox Invalid characters detected.  Halting.  (Char position: %InvalidChars%)
        return
    }
    
    If (string <> "") {
        if !(DllCall("crypt32\CryptStringToBinary", "ptr", &string, "uint", 0, "uint", 0x1, "ptr", 0, "uint*", size, "ptr", 0, "ptr", 0))
            throw Exception("CryptStringToBinary failed", -1)
        VarSetCapacity(buf, size, 0)
        if !(DllCall("crypt32\CryptStringToBinary", "ptr", &string, "uint", 0, "uint", 0x1, "ptr", &buf, "uint*", size, "ptr", 0, "ptr", 0))
            throw Exception("CryptStringToBinary failed", -1)
        
        return StrGet(&buf, size, "UTF-8")
    }
    
    b64Encode(string)
    {
    If (string <> "") {
        VarSetCapacity(bin, StrPut(string, "UTF-8")) && len := StrPut(string, &bin, "UTF-8") - 1 
        if !(DllCall("crypt32\CryptBinaryToString", "ptr", &bin, "uint", len, "uint", 0x1, "ptr", 0, "uint*", size))
            throw Exception("CryptBinaryToString failed", -1)
        VarSetCapacity(buf, size << 1, 0)
        if !(DllCall("crypt32\CryptBinaryToString", "ptr", &bin, "uint", len, "uint", 0x1, "ptr", &buf, "uint*", size))
            throw Exception("CryptBinaryToString failed", -1)
        return StrGet(&buf)
        }
    }
}
... this should work.

Aside from this @pv007, you may also want to consider looking at mcode.
Last edited by TheArkive on 21 Nov 2020, 08:23, edited 1 time in total.
pv007
Posts: 21
Joined: 20 Jul 2020, 23:50

Re: How to save decode encoded binary to a variable?

21 Nov 2020, 07:40

@TheArkive When i try to decode using your function it says

Code: Select all

Invalid characters detected
I tried with the same script i post before.
Also, i have never heard about MCode, is it a kind of obfuscation?
User avatar
TheArkive
Posts: 401
Joined: 05 Aug 2016, 08:06
GitHub: TheArkive

Re: How to save decode encoded binary to a variable?

21 Nov 2020, 08:11

pv007 wrote:
21 Nov 2020, 07:40
@TheArkive When i try to decode using your function it says

Code: Select all

Invalid characters detected
I tried with the same script i post before.
Also, i have never heard about MCode, is it a kind of obfuscation?
When i try to decode using your function it says Invalid characters detected
That's not surprising. That function is actually meant for text. But the DllCall actually operates on a binary variable. So a little bit of tweaking to remove the "text limitations" and you should be in business.
i have never heard about MCode, is it a kind of obfuscation?
No not obfuscation. It is for running compiled code directly from AutoHotkey.

May I ask what you are using this for? How you implement something directly impacts what methods work best for the implementation...

EDIT: The detected invalid characters are due to the fact that what you are trying to "decode" is not base64. If you are trying to decode the text screenshot in your post, that is NOT base64. Base64 is mostly alpha-numeric, with only a few punctuation symbols.

EDIT2: Just out of curiosity, after analyzing the thread that @just me posted, why don't you ask for help in the AutoHotkey_H forum? It looks like BinRun() was designed for or is a part of AutoHotkey_H, so asking for help here is moot (as far as i can tell). And again. What are you using this for?
pv007
Posts: 21
Joined: 20 Jul 2020, 23:50

Re: How to save decode encoded binary to a variable?

21 Nov 2020, 08:40

EDIT2: Just out of curiosity, after analyzing the thread that @just me posted, why don't you ask for help in the AutoHotkey_H forum? It looks like BinRun() was designed for or is a part of AutoHotkey_H, so asking for help here is moot (as far as i can tell). And again. What are you using this for?
Im not using AutoHotkey_H, I'm using nomal Ahk, I already got BinRun() working on it, now what missing is just store the base64 decoded code into a variable to be able to use it with BinRun()

EDIT: The detected invalid characters are due to the fact that what you are trying to "decode" is not base64. If you are trying to decode the text screenshot in your post, that is NOT base64. Base64 is mostly alpha-numeric, with only a few punctuation symbols.
It is base64, look at the code below, I'm not trying to decode the content shown on the image.

Im trying to store in a variable the content from the function

Code: Select all

Base64Dec_ToFile
I think could be easier to understand if you try this code below:

Code: Select all

B64 := Base64Enc_FromFile(A_AhkPath)
; Clipboard .= sB64
File = %A_ScriptDir%\base64_decoded.txt
Base64Dec_ToFile(B64, File)

Base64Enc( ByRef Bin, nBytes, LineLength := 64, LeadingSpaces := 0 ) { ; By SKAN / 18-Aug-2017
Local Rqd := 0, B64, B := "", N := 0 - LineLength + 1  ; CRYPT_STRING_BASE64 := 0x1
  DllCall( "Crypt32.dll\CryptBinaryToString", "Ptr",&Bin ,"UInt",nBytes, "UInt",0x1, "Ptr",0,   "UIntP",Rqd )
  VarSetCapacity( B64, Rqd * ( A_Isunicode ? 2 : 1 ), 0 )
  DllCall( "Crypt32.dll\CryptBinaryToString", "Ptr",&Bin, "UInt",nBytes, "UInt",0x1, "Str",B64, "UIntP",Rqd )
  If ( LineLength = 64 and ! LeadingSpaces )
    Return B64
  B64 := StrReplace( B64, "`r`n" )        
  Loop % Ceil( StrLen(B64) / LineLength )
    B .= Format("{1:" LeadingSpaces "s}","" ) . SubStr( B64, N += LineLength, LineLength ) . "`n" 
Return RTrim( B,"`n" )    
}

Base64Dec( ByRef B64, ByRef Bin ) {  ; By SKAN / 18-Aug-2017
Local Rqd := 0, BLen := StrLen(B64)                 ; CRYPT_STRING_BASE64 := 0x1
  DllCall( "Crypt32.dll\CryptStringToBinary", "Str",B64, "UInt",BLen, "UInt",0x1
         , "UInt",0, "UIntP",Rqd, "Int",0, "Int",0 )
  VarSetCapacity( Bin, 128 ), VarSetCapacity( Bin, 0 ),  VarSetCapacity( Bin, Rqd, 0 )
  DllCall( "Crypt32.dll\CryptStringToBinary", "Str",B64, "UInt",BLen, "UInt",0x1
         , "Ptr",&Bin, "UIntP",Rqd, "Int",0, "Int",0 )
Return Rqd
}

Base64Enc_FromFile(FileName) {
	FileGetSize, nBytes, %FileName%
	FileRead, Bin, *c %FileName%
	return Base64Enc(Bin, nBytes)
}

Base64Dec_ToFile(ByRef B64, FileName) {
	nBytes := Base64Dec(B64, Bin)
	FileOpen(FileName, "w").RawWrite(Bin, nBytes)
    Return nBytes
}
image.png
image.png (27.02 KiB) Viewed 170 times

The function writes the value to a file on a disk, what I'm trying is to store this value in a variable without writing anything to disk.

I already try to use all b64 decode function I have found here to decode the content got from:

Code: Select all

B64 := Base64Enc_FromFile(A_AhkPath)
But it did not work, it's missing something, maybe because it's a base64 code generated from an executable? I dunno
Last edited by pv007 on 21 Nov 2020, 09:43, edited 4 times in total.
User avatar
TheArkive
Posts: 401
Joined: 05 Aug 2016, 08:06
GitHub: TheArkive

Re: How to save decode encoded binary to a variable?

21 Nov 2020, 08:46

@pv007

You misunderstood what I was suggesting, but that's ok. So what are you using this for?

EDIT: And why is it necessary in this case to load the EXE directly from memory instead of packaging it with the script as a separate file and just using a normal Run or RunWait command?
pv007
Posts: 21
Joined: 20 Jul 2020, 23:50

Re: How to save decode encoded binary to a variable?

21 Nov 2020, 08:52

TheArkive wrote:
21 Nov 2020, 08:46
@pv007

You misunderstood what I was suggesting, but that's ok. So what are you using this for?
I have a main executable that works like as authenticator, and if the user is authorized, then it runs another exe that would be saved inside this main exe as b64 string, then this second exe will be run directly to the memory without having it stored in the user disk;

--
If any moderator wants I can go to the AutoHotkey discord group and share my screen and show my code to prove there's nothing malicious with my script :problem:
Last edited by pv007 on 21 Nov 2020, 09:49, edited 1 time in total.
User avatar
TheArkive
Posts: 401
Joined: 05 Aug 2016, 08:06
GitHub: TheArkive

Re: How to save decode encoded binary to a variable?

21 Nov 2020, 09:48

@pv007

So, hypothetically, what would happen if this embedded exe is made into a file.exe on a harddrive and scanned by antivirus?

I'm still unclear as to why you need to embed this EXE, as opposed to just package it with your script.

As far as what you misunderstood, after you use Base64Dec_ToFile(), the resulting output / file is not Base64.
pv007
Posts: 21
Joined: 20 Jul 2020, 23:50

Re: How to save decode encoded binary to a variable?

21 Nov 2020, 09:51

TheArkive wrote:
21 Nov 2020, 09:48
@pv007

As far as what you misunderstood, after you use Base64Dec_ToFile(), the resulting output / file is not Base64.
I never said it's a base64 I said I'm trying to store its value into a variable without writing to a file before.
User avatar
TheArkive
Posts: 401
Joined: 05 Aug 2016, 08:06
GitHub: TheArkive

Re: How to save decode encoded binary to a variable?

21 Nov 2020, 10:17

So what does this other exe do? And does it work better if loaded from memory as opposed to Run / RunWait?

EDIT: I'm sorry to say, yes I have a concern for how this is being used. Just not sure as to why you haven't shared that information yet, and also unsure as to why this program needs to be run from an embedded source, other than from the HDD.

I've done a lot of work with command line sessions, and you can get a fair amount of speed from the command line if you run everything in a single session, rather than creating / destroying a session for every command.

if you like i can meet you on Discord...

Return to “Ask For Help”

Who is online

Users browsing this forum: Bing [Bot], effel, mikeyww, yagami19821223 and 54 guests