How do I obscure a single function in a PowerShell module?
https://stackoverflow.com/questions/12483634
-
02-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a module that includes a function with some private data that should be secured. I don't want the hassle of constantly compiling the whole module, if that is even possible.
I want to be able to call the function and get information out of it, but I need to put this script on a variety of machines where it might be accessed and the code read by someone who should not have the information used to derive the output.
I saw something about compiling PowerShell scripts. When compiled, can they be included as commands provided by a module?
How can I go about this?
Solution
The basic answer is that PowerShell was never designed for obfuscation. There is no way, out of the box, to protect your code. To some degree, this is very intentional - we want people to read, validate and leverage/extend code to gain maximum re-usability.
As Latkin suggests. the best way is to compile the code using c# - but even that can be viewed using reflection. http://blogs.msdn.com/b/ericgu/archive/2004/02/24/79236.aspx gives some hints on how to obfuscate the C# code.
If your code is commercially sensitive, then you need to work out how sensitive and take action accordingly. Converting your code to C# is not that difficult (assuming you have VS and know C#!), although the suggestion of coding in C++ then using interop to invoke it seems hard work, but it all depends on the value of the code you are protecting. SO if the code really is sensitive, you have options, but they are not easy ones.
Sorry if this is not quite the answer you wanted.
OTHER TIPS
There is no good way to do this, especially if your tolerance for hassle is so low that compiling a C# module is a no-go.
If your code is in script, then even if you obfuscate the secret data (maybe using base64 encoding or something) you need some kind of de-obfuscation code, which of course the user can see. They can then simply de-obfuscate the secret themselves. Or set a breakpoint in the private function and see whatever they want.
Even if you compile C# cmdlets, it's still very easy to reverse-engineer. A tool like Reflector will pretty much show you the source code of any compiled assembly.
So unless you are willing to invest in putting together a full-grade encryption solution, users will be able to see your secrets with minimal effort if they want to.
