7za password enter idea

[Alti]

Hi guys,

I use 7za.exe (7zip’s command line utility) for most of my backups, and use batch files to do the job. But I found that if I want to password protect the archive things gets complex.

You can put the password in the cmd line but don't think that is secure.

e.g. 7za.exe a test.7z *.au3 -ptest

The other option is to enter the password in the command prompt window when prompted for it.

e.g. 7za.exe a test.7z *.au3 -p

But it only prompt the password once and not twice like most programs do, and that itself is a risk.

So I build something with my limited knowledge of Windows and Autoit and would like if you can give me some tips on improving the code, and see if my idea is reasonably safe. Lets say I want to run this on my work computer, will this be secure enough from someone with admin rights snooping on my laptop.

 

I have a small flash drive I keep my personal files on and use this code to make a backup.

Basically it will check that a correct password is used and use this password when 7za prompted for it.

By testing the password against the hash I would know when prompted for a password and only once, the correct one will be entered.

 

expandcollapse popup

#include <Crypt.au3>

;Password hash = test
$hs = '0xEE26B0DD4AF7E749AA1A8EE3C10AE9923F618980772E473F8819A5D4940E0DB27AC185F8A0E1D5F84F88BC887FD67B143732C304CC5FA9AD8E6F57F50028A8FF'

;7za command, basicly update the archive with new files and delete files not found in the flashdrive
$cm = @scriptdir & '\7za.exe u "'  & @scriptdir & '\FlashBackup.7z" "d:\*" -mhe -ms- -mx3 -ssw -uq0p0 -r -p -y'

$tm = 0
$pw = StringToBinary(InputBox("PW"," ","","*",-1,100)); password = test
if _Crypt_HashData(BinaryToString($pw), 0x0000800e) = $hs Then
    $pi = Run(@ComSpec & ' /c ' & $cm, "", @SW_HIDE, 9)
    $Data_Out=''
    do
        $Data_Out &= StdoutRead($pi)
        if $Data_Out <> @CRLF and $Data_Out <> '' then
            ConsoleWrite('!> $Data_Out' & $Data_Out & @CRLF)
            ;Read $Data_Out for specific words to exit or interact
            If StringInStr($Data_Out, 'Everything is Ok') > 0 Then ExitLoop
            If StringInStr($Data_Out, 'WARNING') > 0 or StringInStr($Data_Out, 'ERROR') > 0 Then ExitLoop
            If StringInStr($Data_Out, 'Add new data to archive: 0 files, 0 bytes') > 0 and StringInStr($Data_Out, 'Delete data from archive:') = 0 Then ExitLoop
            If StringInStr($Data_Out, 'Enter password') > 0 Then
                StdinWrite($pi, BinaryToString($pw) & @CRLF)
                If StringInStr($Data_Out, 'Updating archive:') > 0 or StringInStr($Data_Out, 'Creating archive') > 0 Then
                    $pw='' ;clear password
                    $tm = TimerInit()
                    ConsoleWrite('!> Running ...' & @CRLF)
                endif
                $Data_Out=''
            EndIf
        endif
        sleep(100)
    Until @error
$pw = ''
ProcessClose($pi)
if $tm > 0 then
    ConsoleWrite('!> ' & TimerDiff($tm)/1000 & ' sec' & @CRLF)
    _DebugOut(TimerDiff($tm)/1000 & ' sec')
endif
else
    $pw = ''
    MsgBox(0,'','Check PW!')
    exit
endif

 

Edited January 21, 2020 by Alti
Clarify

[seadoggie01]

13 minutes ago, Alti said:

You can put the password in the cmd line but don't think that is secure

But that is exactly what you did here. You start by opening the command prompt hidden, run the command, and wait for it to request the password before putting it in.

However, I imagine that this would be secure enough for protecting your personal files/code... mostly because the files on your flash drive are password protected, so someone would need to get your flash drive, access your work computer, find the command history, and extract the password before extracting your personal files.

You might need to overwrite the $hs variable... I'm no security expert, however, so take that with a grain of salt (or a shaker). I don't know if the string would need to be the same size to completely overwrite the data either. Someone else might be able to better help you with that.

As for tips on improving your code, I would suggest putting this in a function and explicitly declaring your variables. You might also consider looking for a UDF for 7Zip, as they are likely to cover a few more edge cases (like where you check the $Data_Out), but with your advanced command line options, that might not be possible.