Thursday, February 06, 2014

PowerGUI wraps PS1 to EXE - How does it work ?

I have lot of PowerShell Script which I want wrapped as an executable using PowerGUI (as PowerGUI Pro is free now).

PowerGUI lets you do that easy.....




After this it gives you option to name the exe , .NET version to target, Hide/Show console window in the back-end, Password protect your source etc.




I thought maybe putting password will protect my source and was curious how does it really works. 

But it works a bit differently then I thought. When you share this with your colleagues then in order for them to use this exe you need to share the password above.




In this case I have a simple script which creates a simple UI and asks for a Computer name to reboot.




When I give a wrong machine name it throws me an error and if you see the highlighted entry it points to a PS1 .
If I go to the path in the error message I can see the source lying around:




Now I haven't put any hard-coded credentials on it (BTW that's a bad practice ).
Though PowerGUI wraps the PS1 as an exe, but it eventually puts the PS1 in a temporary location and executes it.

Now I can hide the back console window just as a precaution but my source PS1 is still lying around in the system.

13 comments:

  1. http://www.sapien.com/blog/2012/04/30/how-safe-are-credentials-in-script-packages/

    We do not advise to put credentials into a script, but that was the question we have been asked. Our packager does not use temporary files unless specifically told to do so. It's not 100% secure of course but it keeps the regular folks out.

    ReplyDelete
  2. Hi Alexander,
    Does PowerShell Studio support obscuring the PassWord or other sensitive data too ?
    The blog refers only Primal Script. Sure that is one level of added security.

    Regards

    ReplyDelete
  3. how about this? http://ps2exe.codeplex.com/

    ReplyDelete
    Replies
    1. HI Chaitanya... had used this a while back...forgot about it. Will give it a try and update the post.
      Thanks and Cheers :)

      ~Regards~
      Dex

      Delete
    2. Hi Chaitanya,
      Sorry this took long to reply. I tried the ps2exe codeplex project and indeed it doesn't dump the PS1 somewhere but as per the Developer of the project it has the whole script encoded and embedded which I was able to retrieve using dot peek.

      I think that will be make a good post.
      Thanks again for suggesting it :)

      Delete
  4. PrimalScript and PowerShell Studio share the same packager. So yes, it applies.
    Everything you package is encrypted and not visible for anyone looking at the exe with a binary editor.
    Keep in mind that it will have to be decrypted at some point to run the script, so you can potentially get to it with a debugger.
    Think of it like a car lock. You lock your car to keep the riff-raff out but it won't defeat the car thief with the tow truck :-)

    ReplyDelete
    Replies
    1. Thanks Alexander...that makes sense.

      BTW I think Sapien makes great tools, am a big fan of PowerShell Studio.
      I bet every PowerShell Scripter does want it in their Toolkit...makes the GUI dev so easy.

      Delete
  5. I got probs with it.

    After I compiled to EXE to my desktop I cannot execute it frome anywhere else.
    Or if I compiled to EXE to a USB drive then it will execute only from USB.

    ReplyDelete
  6. Can you please remove the warez link above?

    ReplyDelete
    Replies
    1. Hi Alexander,

      Which link are you referring to here?

      Delete
  7. "Very helpful suggestions that help in the optimizing website. Thank you for valuable suggestions.Powershell Studio 2017"

    The "Powershell Studio 2017" is a link when you hover over it.

    ReplyDelete
    Replies
    1. Thanks, it is done.
      I missed it when reviewing the comment.

      Delete