Jump to content
Alti

7za password enter idea

Recommended Posts

Hi guys,

I use 7za.exe (7zip’s command line utility) for most of my backups, and use batch files to do the job. But I found that if I want to password protect the archive things gets complex.

You can put the password in the cmd line but don't think that is secure.

e.g. 7za.exe a test.7z *.au3 -ptest

The other option is to enter the password in the command prompt window when prompted for it.

e.g. 7za.exe a test.7z *.au3 -p

But it only prompt the password once and not twice like most programs do, and that itself is a risk.

So I build something with my limited knowledge of Windows and Autoit and would like if you can give me some tips on improving the code, and see if my idea is reasonably safe. Lets say I want to run this on my work computer, will this be secure enough from someone with admin rights snooping on my laptop.

 

I have a small flash drive I keep my personal files on and use this code to make a backup.

Basically it will check that a correct password is used and use this password when 7za prompted for it.

By testing the password against the hash I would know when prompted for a password and only once, the correct one will be entered.

 

#include <Crypt.au3>

;Password hash = test
$hs = '0xEE26B0DD4AF7E749AA1A8EE3C10AE9923F618980772E473F8819A5D4940E0DB27AC185F8A0E1D5F84F88BC887FD67B143732C304CC5FA9AD8E6F57F50028A8FF'

;7za command, basicly update the archive with new files and delete files not found in the flashdrive
$cm = @scriptdir & '\7za.exe u "'  & @scriptdir & '\FlashBackup.7z" "d:\*" -mhe -ms- -mx3 -ssw -uq0p0 -r -p -y'

$tm = 0
$pw = StringToBinary(InputBox("PW"," ","","*",-1,100)); password = test
if _Crypt_HashData(BinaryToString($pw), 0x0000800e) = $hs Then
    $pi = Run(@ComSpec & ' /c ' & $cm, "", @SW_HIDE, 9)
    $Data_Out=''
    do
        $Data_Out &= StdoutRead($pi)
        if $Data_Out <> @CRLF and $Data_Out <> '' then
            ConsoleWrite('!> $Data_Out' & $Data_Out & @CRLF)
            ;Read $Data_Out for specific words to exit or interact
            If StringInStr($Data_Out, 'Everything is Ok') > 0 Then ExitLoop
            If StringInStr($Data_Out, 'WARNING') > 0 or StringInStr($Data_Out, 'ERROR') > 0 Then ExitLoop
            If StringInStr($Data_Out, 'Add new data to archive: 0 files, 0 bytes') > 0 and StringInStr($Data_Out, 'Delete data from archive:') = 0 Then ExitLoop
            If StringInStr($Data_Out, 'Enter password') > 0 Then
                StdinWrite($pi, BinaryToString($pw) & @CRLF)
                If StringInStr($Data_Out, 'Updating archive:') > 0 or StringInStr($Data_Out, 'Creating archive') > 0 Then
                    $pw='' ;clear password
                    $tm = TimerInit()
                    ConsoleWrite('!> Running ...' & @CRLF)
                endif
                $Data_Out=''
            EndIf
        endif
        sleep(100)
    Until @error
$pw = ''
ProcessClose($pi)
if $tm > 0 then
    ConsoleWrite('!> ' & TimerDiff($tm)/1000 & ' sec' & @CRLF)
    _DebugOut(TimerDiff($tm)/1000 & ' sec')
endif
else
    $pw = ''
    MsgBox(0,'','Check PW!')
    exit
endif

 

Edited by Alti
Clarify

Share this post


Link to post
Share on other sites
13 minutes ago, Alti said:

You can put the password in the cmd line but don't think that is secure

But that is exactly what you did here. You start by opening the command prompt hidden, run the command, and wait for it to request the password before putting it in.

However, I imagine that this would be secure enough for protecting your personal files/code... mostly because the files on your flash drive are password protected, so someone would need to get your flash drive, access your work computer, find the command history, and extract the password before extracting your personal files. :)

You might need to overwrite the $hs variable... I'm no security expert, however, so take that with a grain of salt (or a shaker). I don't know if the string would need to be the same size to completely overwrite the data either. Someone else might be able to better help you with that.

As for tips on improving your code, I would suggest putting this in a function and explicitly declaring your variables. You might also consider looking for a UDF for 7Zip, as they are likely to cover a few more edge cases (like where you check the $Data_Out), but with your advanced command line options, that might not be possible.


All my code provided is Public Domain... but it may not work. ;) Use it, change it, break it, whatever you want.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...