New Experimental Feature, Obfuscation

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 1 year and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
infosecautomation
Posts: 8
Last visit: Wed Oct 18, 2023 8:42 am
Has voted: 1 time

New Experimental Feature, Obfuscation

Post by infosecautomation »

To help you better we need some information from you.

*** Please fill in the fields below. If you leave fields empty or specify 'latest' rather than the actual version your answer will be delayed as we will be forced to ask you for this information. ***

Product, version and build: PS Studio 2022, Version 5.8.212 (newest)
Operating system: Windows 10, 19044.2251
PowerShell version(s): PowerShell 5.1.19041.1682

*** Please add details and screenshots as needed below. ***

Hi,

I was trying to test a new obfuscation feature on a small simple test powershell script. Under packager setting I have selected "Obfuscate PowerShell Files". When running a build, in the Tools Output pane it all seems well. I see the line saying Adding c:\....\test.obfuscated.ps1, but when going to that location, obfuscated file is not there.

I know this feature is experimental, but was just wondering if it is functional yet?

Regards
InfoSec
User avatar
brittneyr
Site Admin
Posts: 1655
Last visit: Thu Mar 28, 2024 3:14 pm
Answers: 39
Been upvoted: 30 times

Re: New Experimental Feature, Obfuscation

Post by brittneyr »

This feature was intentionally limited to packaging only at this time. The script used when packaging to an executable is the obfuscated script you see listed in output.
Brittney
SAPIEN Technologies, Inc.
infosecautomation
Posts: 8
Last visit: Wed Oct 18, 2023 8:42 am
Has voted: 1 time

Re: New Experimental Feature, Obfuscation

Post by infosecautomation »

Thank you Britney. Understood, but what I am saying is that the obfuscated file is actually not getting created. When I go to the location where the obfuscated file should be, it is not there.
User avatar
brittneyr
Site Admin
Posts: 1655
Last visit: Thu Mar 28, 2024 3:14 pm
Answers: 39
Been upvoted: 30 times

Re: New Experimental Feature, Obfuscation

Post by brittneyr »

Are you not getting an executable when packaging with the obfuscation enabled?

If so, are you getting any errors in the output?

Just to clarify, the obfuscation process at this time will only output an executable. The script you see listed in output a temporary file made during the process of creating the executable.
Brittney
SAPIEN Technologies, Inc.
infosecautomation
Posts: 8
Last visit: Wed Oct 18, 2023 8:42 am
Has voted: 1 time

Re: New Experimental Feature, Obfuscation

Post by infosecautomation »

Thank you. Yes, I am getting .exe file, but I thought that the test.obsfuscated.ps1 file would be some powershell file with ps code being obfuscated.

Thank you
User avatar
Alexander Riedel
Posts: 8479
Last visit: Thu Mar 28, 2024 9:29 am
Answers: 20
Been upvoted: 37 times

Re: New Experimental Feature, Obfuscation

Post by Alexander Riedel »

It is. During the packaging process your test.ps1 is obfuscated into test.obfuscated.ps1, which then in turn is packaged as an executable.
This will make the code from your exe, when executed, show up as obfuscated in script block logging.
Alexander Riedel
SAPIEN Technologies, Inc.
infosecautomation
Posts: 8
Last visit: Wed Oct 18, 2023 8:42 am
Has voted: 1 time

Re: New Experimental Feature, Obfuscation

Post by infosecautomation »

Thank you. Got it, before using this feature, .exe files, although providing some level of obfuscation could be "decrypted" by looking through the event viewer powershell logs. Now with the obfuscation enabled, that same executable file, would not provide easily readable powershell logs? Correct?
User avatar
Alexander Riedel
Posts: 8479
Last visit: Thu Mar 28, 2024 9:29 am
Answers: 20
Been upvoted: 37 times

Re: New Experimental Feature, Obfuscation

Post by Alexander Riedel »

Yes, exactly. That is the plan.
Alexander Riedel
SAPIEN Technologies, Inc.
This topic is 1 year and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.