Let’s say you are writing a series of numbers to the registry for desktop management scanning or security purposes (Bitlocker passwords, phone numbers, serial numbers, etc.). In these scenarios, you want the numbers to be available to desktop software, however not be visible by the end-user. A great way to secure these numbers is through simple numeric to alpha translation.
For example,
On Error Resume Next
Set objShell = WScript.CreateObject("WScript.Shell")
'RegValue
numValue = objShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\TheNumber\RegValue")
if numValue = "" then WScript.Quit()
Set re = New RegExp
re.Pattern = "[A-Z]"
re.IgnoreCase = True
re.Global = True
hasMatches = re.Test(numValue)
If hasMatches = True Then
wscript.quit
End If
'ENCODING HERE
EncodedValue = (Replace(numValue,"0","Z"))
EncodedValue = (Replace(EncodedValue,"1","K"))
EncodedValue = (Replace(EncodedValue,"2","Y"))
EncodedValue = (Replace(EncodedValue,"3","X"))
EncodedValue = (Replace(EncodedValue,"4","D"))
EncodedValue = (Replace(EncodedValue,"5","O"))
EncodedValue = (Replace(EncodedValue,"6","C"))
EncodedValue = (Replace(EncodedValue,"7","V"))
EncodedValue = (Replace(EncodedValue,"8","S"))
EncodedValue = (Replace(EncodedValue,"9","P"))
EncodedValue = (Replace(EncodedValue,"-","Q"))
'WRITE TO REGISTRY HERE
objShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\TheNumber\RegValue",EncodedValue,"REG_SZ"
Screenshot 1 – Before script
Screenshot 2 – After script
What’s great about this, is that no matter what the length or complexity of the number, it can be translated into something more secure.
So, how do you reverse the process? Easy. Just swap your translation alphanumerics.
For example: 0 Z becomes Z 0.
Example script
On Error Resume Next
Set objShell = WScript.CreateObject("WScript.Shell")
'RegValue
numValue = objShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\TheNumber\RegValue")
if numValue = "" then WScript.Quit()
Set re = New RegExp
re.Pattern = "[A-Z]"
re.IgnoreCase = True
re.Global = True
hasMatches = re.Test(numValue)
If hasMatches = False Then
wscript.quit
End If
'DECODING HERE
DecodedValue = (Replace(numValue,"Z","0"))
DecodedValue = (Replace(DecodedValue,"K","1"))
DecodedValue = (Replace(DecodedValue,"Y","2"))
DecodedValue = (Replace(DecodedValue,"X","3"))
DecodedValue = (Replace(DecodedValue,"D","4"))
DecodedValue = (Replace(DecodedValue,"O","5"))
DecodedValue = (Replace(DecodedValue,"C","6"))
DecodedValue = (Replace(DecodedValue,"V","7"))
DecodedValue = (Replace(DecodedValue,"S","8"))
DecodedValue = (Replace(DecodedValue,"P","9"))
DecodedValue = (Replace(DecodedValue,"Q","-"))
'WRITE TO REGISTRY HERE
objShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\TheNumber\RegValue",DecodedValue,"REG_SZ"