newbypass.bat need to be clarified
Closed this issue · 4 comments
Hello, on taking a closer look at the file newbypass.bat, I noticed that it was in Chinese...
I tried to figure out what this meant and asked ChatGPT and BlackBox.ai for their help in understanding what exactly this file does. Neither of them could give me an answer...
So I'm asking the creator to explain how the file works, what it does and why it's in Chinese, so that I can check that it doesn't contain any malicious commands or viruses.
Thanks in advance!
Complete guess so I may be wrong but I don't think that he made it, I think he just found these around the internet and put them into a file so it's easier for you to find and use
sorry for 3 weeks late aswell
The Chinese text is due to the encoding, if we run it through strings we get batch script
however it is obfuscated
cls
set "D=JXnoHdISwA GUaKmqegRlf7E1kML3@DzhZ2p9xc5vWsiNVyBFbuQ06OYTr84tCjP"
:~29,1%%D
:~42,1%%D
:~17,1%%D
:~60,1%%D
:~10,1%"%D
:~4,1%%D
:~41,1%%D
:~6,1%=%D
etc......
so pretty much what this does is it sets the variable D to the long string of text
:~29,1%%D
this pretty much takes the 29th letter from the 1st letter in the D variable so it would be "@"
and that does another set command
it keeps going like this
until it eventually runs this command
cmd /min /c "set __cOmPaT_LaYER=runasinvoker && start "" "command"
he had likely done this to help mitigate AV interference
The Chinese text is due to the encoding, if we run it through strings we get batch script however it is obfuscated
cls set "D=JXnoHdISwA GUaKmqegRlf7E1kML3@DzhZ2p9xc5vWsiNVyBFbuQ06OYTr84tCjP" :~29,1%%D :~42,1%%D :~17,1%%D :~60,1%%D :~10,1%"%D :~4,1%%D :~41,1%%D :~6,1%=%D etc......
so pretty much what this does is it sets the variable D to the long string of text
:~29,1%%D
this pretty much takes the 29th letter from the 1st letter in the D variable so it would be "@" and that does another set commandit keeps going like this until it eventually runs this command
cmd /min /c "set __cOmPaT_LaYER=runasinvoker && start "" "command"
he had likely done this to help mitigate AV interference
Interested in obfuscation?
Try my batch file obfuscator...
https://github.com/l-urk/CHINESE.BAT-OBFUSCATOR