A simple C# console application to recreate one or more binary files through a Powershell script. You can choose 2 formats: as an explicit byte array (default option, either in hex or decimal format, bigger in size, but it should be more difficult to be detected) or as a base64 string (option -b, it is shorter). By default it will generate a script file for all specified input files with the _script.ps1 suffix, if the option -s is specified it will generate a single script called either SingleScript.ps1. The generated script should work both on standard PowerShell (tested on 5.1.22621.1778) and PowerShell Core (tested on 7.3.7).
In order to bypass the most hardened environments I have implemented the same C# code also in Powershell, you can find it here together with C# code. To bypass Powershell execution policies you can simply copy the code and paste it inside a Powershell console and hit return, after having done this you can convert any file you want just by calling the function BinaryToPowershellScript with the same below parameters.
CodeProject detailed article about how to use this code: How to Transform Binary Files into Powershell Script(s) in Order to Copy them Silently on a Server
-i, --inputs Required. Specify the input file(s) to process, you can use also a wildcard pattern or specify multiple files separted by space
-o, --outputfolder Specify the output folder where all the powershell scripts will be generated
-b, --base64 Specify the base64 file format for the powershell script(s), otherwise the hex text format will be used.
-d, --decimal Specify the decimal file format for the powershell script(s).
-c, --compress Specify to compress the input file(s) with gzip compression.
-h, --hash Specify to add a SHA256 hash as check on file(s) integrity in the powershell script(s).
-s, --single Specify to create just a single script file for all input files.
-p, --password Specify the password used to encrypt data with AES.
-r, --recurse Specify to perform recursive search on all input file(s).
--help Display this help screen.
--version Display version information.
.\BinaryToPowershellScript.exe -i * -o c:\temp -r --> it will script all files in the current folder and its subfolders to the output folder c:\temp by creating a script file for all them with the byte array format.
.\BinaryToPowershellScript.exe -i * -o c:\temp -r -c --> it will script all files in the current folder and its subfolders to the output folder c:\temp by creating a script file for all them with the byte array format and compressing it with gzip compression.
.\BinaryToPowershellScript.exe -i * -o c:\temp -b --> it will script all files in the current folder to the output folder c:\temp by creating a script file for all them with the base64 format.
.\BinaryToPowershellScript.exe -i * -o c:\temp -d -s --> it will script all files in the current folder as a single file in the output folder c:\temp with the decimal format.
.\BinaryToPowershellScript.exe -i * -o c:\temp -s --> it will script all files in the current folder as a single file in the output folder c:\temp with the byte array format.
.\BinaryToPowershellScript.exe -i * -o c:\temp -b -s --> it will script all files in the current folder as a single file in the output folder c:\temp with the base64 format.
.\BinaryToPowershellScript.exe -i * -o c:\temp -b -s -h --> it will script all files in the current folder as a single file in the output folder c:\temp with the base64 format, checking the SHA256 hash for each file after recreation.
.\BinaryToPowershellScript.exe -i * c:\windows\*.exe -o c:\temp -s -b -> it will script all files in the current folder and in c:\windows with *.exe extension as a single file in the output folder c:\temp with the base64 format.
.\BinaryToPowershellScript.exe -i * -o c:\temp -s -p password --> it will script all files in the current folder as a single file in the output folder c:\temp with the byte array format encrypting all files with password "password".
.\BinaryToPowershellScript.exe -i * \windows*.exe -o c:\temp -s -b Scripting file .\BinaryToPowershellScript.deps.json Scripting file .\BinaryToPowershellScript.dll Scripting file .\BinaryToPowershellScript.exe Scripting file .\BinaryToPowershellScript.pdb Scripting file .\BinaryToPowershellScript.runtimeconfig.json Scripting file .\BinaryToPowershellScript_deps_json_script.ps1 Scripting file .\BinaryToPowershellScript_dll_script.ps1 Scripting file .\BinaryToPowershellScript_exe_script.ps1 Scripting file .\BinaryToPowershellScript_pdb_script.ps1 Scripting file .\BinaryToPowershellScript_runtimeconfig_json_script.ps1 Scripting file .\CommandLine.dll Scripting file .\CommandLine_dll_script.ps1 Scripting file .\test.txt Scripting file \windows\bfsvc.exe Scripting file \windows\explorer.exe Scripting file \windows\HelpPane.exe Scripting file \windows\hh.exe Scripting file \windows\notepad.exe Scripting file \windows\regedit.exe Scripting file \windows\splwow64.exe Scripting file \windows\TbtControlCenterToastLauncher.exe Scripting file \windows\TbtP2pShortcutService.exe Scripting file \windows\ThunderboltService.exe Scripting file \windows\winhlp32.exe Scripting file \windows\write.exe Creating single script file c:\temp\SingleScript_base64.ps1...
.\BinaryToPowershellScript.exe -i \windows*.exe -o c:\temp Scripting file \windows\bfsvc.exe into c:\temp\bfsvc_exe_script.ps1... Scripting file \windows\explorer.exe into c:\temp\explorer_exe_script.ps1... Scripting file \windows\HelpPane.exe into c:\temp\HelpPane_exe_script.ps1... Scripting file \windows\hh.exe into c:\temp\hh_exe_script.ps1... Scripting file \windows\notepad.exe into c:\temp\notepad_exe_script.ps1... Scripting file \windows\regedit.exe into c:\temp\regedit_exe_script.ps1... Scripting file \windows\splwow64.exe into c:\temp\splwow64_exe_script.ps1... Scripting file \windows\TbtControlCenterToastLauncher.exe into c:\temp\TbtControlCenterToastLauncher_exe_script.ps1... Scripting file \windows\TbtP2pShortcutService.exe into c:\temp\TbtP2pShortcutService_exe_script.ps1... Scripting file \windows\ThunderboltService.exe into c:\temp\ThunderboltService_exe_script.ps1... Scripting file \windows\winhlp32.exe into c:\temp\winhlp32_exe_script.ps1... Scripting file \windows\write.exe into c:\temp\write_exe_script.ps1...
Single Base64 Script
Hex ByteArray Script per file
Decimal ByteArray Script per file
