Upload 11 files

Obfus/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 K.Dot
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Obfus/example/test.ps1

@@ -0,0 +1,44 @@
+function Hello-World {
+    Write-Host "Hello, World!"
+}
+
+function Xor-Encrypt {
+    param (
+        [string] $string,
+        [string] $key
+    )
+
+    $keyLength = $key.Length
+    $stringLength = $string.Length
+    $encryptedString = ""
+
+    for ($i = 0; $i -lt $stringLength; $i++) {
+        $encryptedString += [char]($string[$i] -bxor $key[$i % $keyLength])
+    }
+
+    return $encryptedString
+}
+
+function Xor-Decrypt {
+    param (
+        [string] $string,
+        [string] $key
+    )
+
+    $keyLength = $key.Length
+    $stringLength = $string.Length
+    $decryptedString = ""
+
+    for ($i = 0; $i -lt $stringLength; $i++) {
+        $decryptedString += [char]($string[$i] -bxor $key[$i % $keyLength])
+    }
+
+    return $decryptedString
+}
+
+Hello-World
+$encrypted = Xor-Encrypt -string "Hello, World!" -key "key"
+Write-Host $encrypted
+$decrypted = Xor-Decrypt -string $encrypted -key "key"
+Write-Host $decrypted
+

Obfus/example/test_hard.ps1

@@ -0,0 +1,100 @@
+Add-Type -AssemblyName "System.IO.Compression"
+
+$compressionTypes = 'Gzip', 'Deflate'
+$method = ""
+$decode_command = @"
+function Decode-Code(`$compressedBytes, `$compressionPick) {
+    [System.IO.MemoryStream] `$input1 = New-Object System.IO.MemoryStream
+    `$input1.Write(`$compressedBytes, 0, `$compressedBytes.Length)
+    `$input1.Seek(0, [IO.SeekOrigin]::Begin)
+
+    `$compressionStream = $null
+    `$reader = $null
+    `$decompressedData = $null
+
+    if (`$compressionPick -eq 'Gzip') {
+        `$compressionStream = New-Object System.IO.Compression.GzipStream `$input1, ([IO.Compression.CompressionMode]::Decompress)
+    } elseif (`$compressionPick -eq 'Deflate') {
+        `$compressionStream = New-Object System.IO.Compression.DeflateStream `$input1, ([IO.Compression.CompressionMode]::Decompress)
+    }
+
+    `$reader = New-Object System.IO.StreamReader `$compressionStream
+    `$decompressedData = `$reader.ReadToEnd()
+
+    `$reader.Close()
+    `$compressionStream.Close()
+
+    `$input1.Close()
+    return `$decompressedData
+}
+"@
+
+function Read-And-Interpret-Script($scriptPath) {
+    $scriptContent = [System.IO.File]::ReadAllBytes($scriptPath)
+    
+    $compressionPick = $compressionTypes | Get-Random
+    
+    $encodedScriptContent = Encode-Code -code $scriptContent -compressionPick $compressionPick
+    Write-Host "Encoded Script Content:"
+    Write-Host $encodedScriptContent
+
+    $decodedScriptContent = Decode-Code -compressedBytes $encodedScriptContent -compressionPick $compressionPick
+
+    Write-Host "Decoded Script Content:"
+    Write-Host $decodedScriptContent[1]
+}
+
+function Obfuscate-Code($code) {
+    $obfuscatedCode = $code
+    return $obfuscatedCode
+}
+
+function Encode-Code($code, $compressionPick) {
+    [System.IO.MemoryStream] $output = New-Object System.IO.MemoryStream
+    $compressionStream = $null
+
+    if ($compressionPick -eq 'Gzip') {
+        $compressionStream = New-Object System.IO.Compression.GzipStream $output, ([IO.Compression.CompressionMode]::Compress)
+    } elseif ($compressionPick -eq 'Deflate') {
+        $compressionStream = New-Object System.IO.Compression.DeflateStream $output, ([IO.Compression.CompressionMode]::Compress)
+    }
+
+    $compressionStream.Write($code, 0, $code.Length)
+    $compressionStream.Close()
+    $compressedBytes = $output.ToArray()
+
+    $output.Close()
+    return $compressedBytes
+}
+
+function Decode-Code($compressedBytes, $compressionPick) {
+    [System.IO.MemoryStream] $input1 = New-Object System.IO.MemoryStream
+    $input1.Write($compressedBytes, 0, $compressedBytes.Length)
+    $input1.Seek(0, [IO.SeekOrigin]::Begin)
+
+    $compressionStream = $null
+    $reader = $null
+    $decompressedData = $null
+
+    if ($compressionPick -eq 'Gzip') {
+        $compressionStream = New-Object System.IO.Compression.GzipStream $input1, ([IO.Compression.CompressionMode]::Decompress)
+    } elseif ($compressionPick -eq 'Deflate') {
+        $compressionStream = New-Object System.IO.Compression.DeflateStream $input1, ([IO.Compression.CompressionMode]::Decompress)
+    }
+
+    $reader = New-Object System.IO.StreamReader $compressionStream
+    $decompressedData = $reader.ReadToEnd()
+
+    $reader.Close()
+    $compressionStream.Close()
+
+    $input1.Close()
+    return $decompressedData
+}
+
+
+
+
+
+$scriptPath = "example\test.ps1"
+Read-And-Interpret-Script -scriptPath $scriptPath

Obfus/main.ps1

@@ -0,0 +1,456 @@
+#python import type shi
+$scriptPath = split-path -parent $MyInvocation.MyCommand.Definition
+
+. "$scriptPath\util\strings\strings.ps1"
+. "$scriptPath\util\variables\variables.ps1"
+. "$scriptPath\util\commands\commands.ps1"
+. "$scriptPath\util\commands\function_names.ps1"
+. "$scriptPath\util\final\encodeOutput.ps1"
+. "$scriptPath\util\numbers\obfuscate_numbers.ps1"
+
+$global:pass_number = 1
+
+$times = 2
+$verbose = $false
+$verbose_out_file = $true
+
+if ($verbose_out_file) {
+    #redirect standard output when we need the verbose in a file
+    $VerbosePreference = "Continue"
+    $date_and_time = Get-Date -Format "yyyy-MM-dd_HH-mm-ss"
+    $VerboseOutput = "obfuscate$date_and_time.log"
+    Start-Transcript -Path $VerboseOutput
+}
+
+# this is EXTREMELY NEEDED because the Get-Command function is so utterly slow.
+$CommandTypeCache = @{}
+
+$functionNamesIgnore = @("CheckValidationResult")
+
+$built_in_aliases = @('foreach', 'where', 'clc', 'cli', 'clp', 'clv', 'cpi', 'cvpa', 'dbp', 'ebp', 'epal',
+    'epcsv', 'fl', 'ft', 'fw', 'gal', 'gbp', 'gc', 'gci', 'gcm', 'gdr', 'gcs', 'ghy', 'gi', 'gl', 'gm', 'gmo', 'gp',
+    'gpv', 'gps', 'group', 'gu', 'gv', 'iex', 'ihy', 'ii', 'ipmo', 'ipal', 'ipcsv', 'measure', 'mi', 'mp', 'nal',
+    'ndr', 'ni', 'nv', 'nmo', 'oh', 'rbp', 'rdr', 'ri', 'rni', 'rnp', 'rp', 'rmo', 'rv', 'gerr', 'rvpa', 'sal',
+    'sbp', 'select', 'si', 'sl', 'sp', 'saps', 'spps', 'sv', 'irm', 'iwr', 'ac', 'clear', 'compare', 'cpp', 'diff',
+    'gsv', 'sleep', 'sort', 'start', 'sasv', 'spsv', 'tee', 'write', 'cat', 'cp', 'ls', 'man', 'mount', 'mv', 'ps',
+    'rm', 'rmdir', 'cnsn', 'dnsn', 'ogv', 'shcm', 'cd', 'dir', 'echo', 'fc', 'kill', 'pwd', 'type', 'h', 'history',
+    'md', 'popd', 'pushd', 'r', 'cls', 'chdir', 'copy', 'del', 'erase', 'move', 'rd', 'ren', 'set', 'icm', 'clhy',
+    'gjb', 'rcjb', 'rjb', 'sajb', 'spjb', 'wjb', 'nsn', 'gsn', 'rsn', 'etsn', 'rcsn', 'exsn', 'sls')
+
+function ObfuscateCode($code) {
+    $code_copy = $code
+    $functionReplacementMap = @{}
+    $variableReplacementMap = @{}
+    $parameterReplacementMap = @{}
+    $stringReplacementMap = @{}
+    $numberReplacementMap = @{}
+
+    $comments = [System.Management.Automation.PSParser]::Tokenize($code_copy, [ref]$null) | Where-Object { $_.Type -eq "Comment" }
+    foreach ($comment in $comments) {
+        $code_copy = $code_copy.Replace($comment.Content, "")
+    }
+
+    # first pass - handle everything except barewords
+    $ast = [System.Management.Automation.Language.Parser]::ParseInput($code_copy, [ref]$null, [ref]$null)
+
+    # get all function definitions
+    $functionDefinitions = $ast.FindAll({ param([System.Management.Automation.Language.Ast] $Ast) 
+        $Ast -is [System.Management.Automation.Language.FunctionDefinitionAst] }, $true)
+
+    # get all command calls
+    $allCommandCalls = $ast.FindAll({ $args[0] -is [System.Management.Automation.Language.CommandAst] }, $true)
+
+    # get all variable expressions
+    $variableExpressions = $ast.FindAll({ $args[0] -is [System.Management.Automation.Language.VariableExpressionAst] }, $true)
+
+    $stringAsts = $ast.FindAll({ $args[0] -is [System.Management.Automation.Language.StringConstantExpressionAst] -and ($args[0].StringConstantType -eq "DoubleQuoted" -or $args[0].StringConstantType -eq "SingleQuoted") }, $true)
+
+    $numberAsts = $ast.FindAll({ $args[0] -is [System.Management.Automation.Language.ConstantExpressionAst] -and $args[0].StaticType.Name -eq "Int32" }, $true)
+
+    # Process function definitions and create replacement map
+    foreach ($func in $functionDefinitions) {
+        if (-not $functionReplacementMap.ContainsKey($func.Name)) {
+            $functionReplacementMap[$func.Name] = ObfuscateFunctionNames $func.Name
+        }
+
+        # handle parameters in function definition
+        if ($func.Parameters) {
+            foreach ($param in $func.Parameters) {
+                $paramName = $param.Name.VariablePath.UserPath
+                if (-not $parameterReplacementMap.ContainsKey($paramName)) {
+                    $newParamName = ObfuscateVariables $paramName $true
+                    $parameterReplacementMap[$paramName] = $newParamName.TrimStart('$')
+                    $variableReplacementMap[$paramName] = $newParamName
+                }
+            }
+        }
+        if ($func.Body.ParamBlock) {
+            foreach ($param in $func.Body.ParamBlock.Parameters) {
+                $paramName = $param.Name.VariablePath.UserPath
+                if (-not $parameterReplacementMap.ContainsKey($paramName)) {
+                    $newParamName = ObfuscateVariables $paramName $true
+                    $parameterReplacementMap[$paramName] = $newParamName.TrimStart('$')
+                    $variableReplacementMap[$paramName] = $newParamName
+                }
+            }
+        }
+    }
+
+    # process regular variables
+    foreach ($var in $variableExpressions) {
+        $varName = $var.VariablePath.UserPath
+        if (-not $variableReplacementMap.ContainsKey($varName) -and -not $parameterReplacementMap.ContainsKey($varName)) {
+            $variableReplacementMap[$varName] = ObfuscateVariables $var.Extent.Text
+        }
+    }
+
+    $allReplacements = @()
+
+    # add function definitions with improved handling
+    foreach ($func in $functionDefinitions) {
+        if ($func.Name -in $functionNamesIgnore) { continue }
+
+        $functionKeyword = "function "
+        $fullStartOffset = $func.Extent.StartOffset
+        $nameStartOffset = $func.Extent.StartOffset
+
+        # find actual start of function name by checking for the keyword
+        if ($func.Extent.Text.TrimStart().StartsWith($functionKeyword)) {
+            $nameStartOffset = $fullStartOffset + $func.Extent.Text.IndexOf($functionKeyword) + $functionKeyword.Length
+        }
+
+        $allReplacements += @{
+            StartOffset = $nameStartOffset
+            Length = $func.Name.Length
+            OriginalName = $func.Name
+            Text = $func.Name
+            Type = "Function"
+            RequiresKeyword = $true  # new flag to indicate this needs special handling
+            FullStartOffset = $fullStartOffset
+        }
+    }
+
+    # add function calls and parameters with improved validation
+    foreach ($call in $allCommandCalls) {
+        $commandName = $call.CommandElements[0].Extent.Text
+
+        if ($commandName -in $functionNamesIgnore) { continue }
+
+        if ($functionReplacementMap.ContainsKey($commandName)) {
+            # verify the replacement exists and is valid
+            $newName = $functionReplacementMap[$commandName]
+            $allReplacements += @{
+                StartOffset = $call.CommandElements[0].Extent.StartOffset
+                Length = $commandName.Length
+                OriginalName = $commandName
+                Text = $commandName
+                Type = "Function"
+                RequiresKeyword = $false  # function calls don't need the keyword
+            }
+
+            # process parameters
+            for ($i = 1; $i -lt $call.CommandElements.Count; $i++) {
+                $element = $call.CommandElements[$i]
+                if ($element.Extent.Text.StartsWith('-')) {
+                    $paramName = $element.Extent.Text.TrimStart('-')
+                    if ($parameterReplacementMap.ContainsKey($paramName)) {
+                        $allReplacements += @{
+                            StartOffset = $element.Extent.StartOffset
+                            Length = $element.Extent.Text.Length
+                            OriginalName = $paramName
+                            Text = "-" + $paramName
+                            Type = "ParameterName"
+                        }
+                    }
+                }
+            }
+        }
+    }
+    
+    # add variables
+    foreach ($var in $variableExpressions) {
+        $varName = $var.VariablePath.UserPath
+        $parent = $var.Parent
+        $isParameterName = $false
+        while ($parent) {
+            if ($parent -is [System.Management.Automation.Language.CommandAst]) {
+                $isParameterName = $parent.CommandElements | Where-Object { $_.Extent.Text -eq "-$($var.Extent.Text)" }
+                if ($isParameterName) { break }
+            }
+            $parent = $parent.Parent
+        }
+        
+        if (-not $isParameterName) {
+            $allReplacements += @{
+                StartOffset = $var.Extent.StartOffset
+                Length = $var.Extent.Text.Length
+                OriginalName = $varName
+                Text = $var.Extent.Text
+                Type = "Variable"
+            }
+        }
+    }
+
+    # add strings
+    foreach ($string in $stringAsts) {
+        $stringText = $string.Extent.Text
+        
+        # handle empty strings
+        if ([string]::IsNullOrWhiteSpace($stringText) -or $stringText -eq '""' -or $stringText -eq "''") {
+            $allReplacements += @{
+                StartOffset = $string.Extent.StartOffset
+                Length = $string.Extent.Text.Length
+                OriginalName = $stringText
+                Text = $string.Extent.Text
+                Type = "EmptyString"
+                NewName = '[string]::Empty'
+            }
+            continue
+        }
+
+        # check to see if string only contains single or double quotes inside. (if example: "''" or "''''") if the string is empty then just keep going.
+        if ($stringText -match "^['""]+$") {
+            $allReplacements += @{
+                StartOffset = $string.Extent.StartOffset
+                Length = $string.Extent.Text.Length
+                OriginalName = $stringText
+                Text = $string.Extent.Text
+                Type = "EmptyString"
+                NewName = '[string]::Empty'
+            }
+            continue
+        }
+
+        # handle normal strings
+        if ($string.Extent.Text.Length -lt 3) { continue }
+        if (-not $stringReplacementMap.ContainsKey($stringText)) {
+            $stringReplacementMap[$stringText] = ObfuscateString $stringText
+        }
+        
+        $allReplacements += @{
+            StartOffset = $string.Extent.StartOffset
+            Length = $string.Extent.Text.Length
+            OriginalName = $stringText
+            Text = $string.Extent.Text
+            Type = "String"
+        }
+    }
+    
+    # first pass replacements
+    $allReplacements = $allReplacements | Sort-Object { $_.StartOffset } -Descending
+    
+    foreach ($replacement in $allReplacements) {
+        $newName = switch ($replacement.Type) {
+            "Function" { $functionReplacementMap[$replacement.OriginalName] }
+            "ParameterName" { "-" + $parameterReplacementMap[$replacement.OriginalName] }
+            "Variable" { $variableReplacementMap[$replacement.OriginalName] }
+            "String" { $stringReplacementMap[$replacement.OriginalName] }
+            "EmptyString" { $replacement.NewName }
+        }
+        
+        Write-Host "First Pass - Replacing '$($replacement.Text)' at position $($replacement.StartOffset) with '$newName' (Type: $($replacement.Type))"
+        
+        $code_copy = Replace-TextAtPosition -SourceText $code_copy `
+                                        -StartPosition $replacement.StartOffset `
+                                        -Length $replacement.Length `
+                                        -ReplacementText $newName
+    }
+
+    $newAst = [System.Management.Automation.Language.Parser]::ParseInput($code_copy, [ref]$null, [ref]$null)
+    $barewordAsts = $newAst.FindAll({ ($args[0] -is [System.Management.Automation.Language.StringConstantExpressionAst] -and $args[0].StringConstantType -eq "BareWord") -or ($args[0] -is [System.Management.Automation.Language.TypeExpressionAst]) }, $true)
+    $bareword_Commands = $newAst.FindAll({ $args[0] -is [System.Management.Automation.Language.CommandAst] }, $true)
+    $numberAsts = $newAst.FindAll({ $args[0] -is [System.Management.Automation.Language.ConstantExpressionAst] -and $args[0].StaticType.Name -eq "Int32" }, $true)
+
+    $barewordReplacements = @()
+    $numberReplacements = @()
+    
+    foreach ($bareword in $barewordAsts) {
+        if ($bareword.Extent.Text.Length -lt 3) { continue }
+        if ($functionReplacementMap.ContainsKey($bareword.Extent.Text)) { continue }
+        
+        # check parent to see if this is a command
+        $isCommandFirst = $false
+        if ($bareword.Parent -is [System.Management.Automation.Language.CommandAst]) {
+            # check if its the first bareword (the actual command)
+            $commandElements = $bareword.Parent.CommandElements
+            $isCommandFirst = $commandElements[0].Extent.Text -eq $bareword.Extent.Text
+            
+            # if not then skip
+            if (-not $isCommandFirst) {
+                continue
+            }
+        }
+        
+        # get command type information
+        $commandInfo = Get-CommandType -CommandName $bareword.Extent.Text
+        
+        # generate a new random replacement for each instance
+        # pass the command info to ObfuscateCommandTypes
+        $newBarewordName = ObfuscateCommandTypes -CommandText $bareword.Extent.Text -CommandInfo $commandInfo -RealBearWord $isCommandFirst
+
+        $barewordReplacements += @{
+            StartOffset = $bareword.Extent.StartOffset
+            Length = $bareword.Extent.Text.Length
+            OriginalName = $bareword.Extent.Text
+            Text = $bareword.Extent.Text
+            NewName = $newBarewordName
+            Type = "Bareword"
+            CommandType = $commandInfo.Type
+            IsBuiltIn = $commandInfo.IsBuiltIn
+        }
+    }
+
+    # too many numbers lol
+    if ($global:pass_number -lt 2) {
+        foreach ($number in $numberAsts) {
+            $numberText = $number.Extent.Text
+            if ($numberReplacementMap.ContainsKey($numberText)) { continue }
+            
+            $newNumber = ObfuscateNumbers $numberText
+            $numberReplacements += @{
+                StartOffset = $number.Extent.StartOffset
+                Length = $number.Extent.Text.Length
+                OriginalName = $numberText
+                Text = $numberText
+                NewName = $newNumber
+                Type = "Number"
+            }
+        }
+    }
+
+
+    $allReplacements = @()
+
+    foreach ($replacement in $barewordReplacements) {
+        $allReplacements += $replacement
+    }
+
+    foreach ($replacement in $numberReplacements) {
+        $allReplacements += $replacement
+    }
+
+    $allReplacements = $allReplacements | Sort-Object { $_.StartOffset } -Descending
+
+
+    foreach ($replacement in $allReplacements) {
+        $newName = switch ($replacement.Type) {
+            "Bareword" { $replacement.NewName }
+            "Number" { $replacement.NewName }
+        }
+        
+        Write-Host "Second Pass - Replacing '$($replacement.Text)' at position $($replacement.StartOffset) with '$newName' (Type: $($replacement.Type))"
+        
+        $code_copy = Replace-TextAtPosition -SourceText $code_copy `
+                                        -StartPosition $replacement.StartOffset `
+                                        -Length $replacement.Length `
+                                        -ReplacementText $newName
+    }
+    
+    return $code_copy
+}
+
+function Replace-TextAtPosition {
+    param(
+        [string]$SourceText,
+        [int]$StartPosition,
+        [int]$Length,
+        [string]$ReplacementText
+    )
+    
+    try {
+        $before = $SourceText.Substring(0, $StartPosition)
+        $after = $SourceText.Substring($StartPosition + $Length)
+        return $before + $ReplacementText + $after
+    }
+    catch {
+        Write-Host "Error in Replace-TextAtPosition:"
+        Write-Host "Source length: $($SourceText.Length)"
+        Write-Host "Start: $StartPosition"
+        Write-Host "Length: $Length"
+        Write-Host "Replacement: $ReplacementText"
+        throw $_
+    }
+}
+
+function Encrypt-Payload($string_payload) {
+    $placeholder_code = @"
+function Create-AesManagedObject(`$key, `$IV, `$mode) {`$aesManaged = New-Object "System.Security.Cryptography.AesManaged";if (`$mode="CBC") { `$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC }elseif (`$mode="CFB") {`$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CFB}elseif (`$mode="CTS") {`$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CTS}elseif (`$mode="ECB") {`$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::ECB}elseif (`$mode="OFB"){`$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::OFB};`$aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7;`$aesManaged.BlockSize = 128;`$aesManaged.KeySize = 256;if (`$IV) {if (`$IV.getType().Name -eq "String") {`$aesManaged.IV = [System.Convert]::FromBase64String(`$IV)}else {`$aesManaged.IV = `$IV}};if (`$key) {if (`$key.getType().Name -eq "String") {`$aesManaged.Key = [System.Convert]::FromBase64String(`$key)}else {`$aesManaged.Key = `$key}};return `$aesManaged};function Decrypt-String(`$key, `$encryptedStringWithIV) {`$bytes = [System.Convert]::FromBase64String(`$encryptedStringWithIV);`$IV = `$bytes[0..15];`$aesManaged = Create-AesManagedObject `$key `$IV;`$decryptor = `$aesManaged.CreateDecryptor();;`$unencryptedData = `$decryptor.TransformFinalBlock(`$bytes, 16, `$bytes.Length - 16);;`$aesManaged.Dispose();return [System.Text.Encoding]::UTF8.GetString(`$unencryptedData).Trim([char]0)};iex(Decrypt-String "YOUR_KEY_HERE" "YOUR_ENCRYPTED_STRING_HERE")
+"@
+    $key = Create-AesKey
+    $encryptedString = Encrypt-String $key $string_payload
+    $new_code1 = $placeholder_code -replace "YOUR_KEY_HERE", $key
+    $final_code = $new_code1 -replace "YOUR_ENCRYPTED_STRING_HERE", $encryptedString
+    return $final_code
+}
+
+function Get-CommandType {
+    param(
+        [string]$CommandName
+    )
+
+    # simple cache because Get-Command is slow ash
+    if ($CommandTypeCache.ContainsKey($CommandName)) {
+        return $CommandTypeCache[$CommandName]
+    }
+
+    $command = Get-Command -Name $CommandName -ErrorAction Ignore
+    
+    $result = if ($command) {
+        @{
+            IsBuiltIn = $true
+            Type = $command.CommandType
+            Name = $CommandName
+        }
+    } else {
+        @{
+            IsBuiltIn = $false
+            Type = "Unknown"
+            Name = $CommandName
+        }
+    }
+
+    # cache the result for future calls
+    $CommandTypeCache[$CommandName] = $result
+    return $result
+}
+
+function Main($payload) {
+    $obfuscatedCode = ObfuscateCode $payload
+    if ($times -ne 0) {
+        $totalSteps = ($times * 2) + 1
+        $currentStep = 0
+        while ($times -ne 1) {
+            $global:pass_number++
+            $times = $times - 1
+            $obfuscatedCode = Encrypt-Payload $obfuscatedCode 
+            $currentStep++
+            Write-Progress -Activity "Obfuscating Code" -Status "Encrypting Payload" -PercentComplete (($currentStep / $totalSteps) * 100)
+            $obfuscatedCode = ObfuscateCode $obfuscatedCode
+            $currentStep++
+            Write-Progress -Activity "Obfuscating Code" -Status "Obfuscating Code" -PercentComplete (($currentStep / $totalSteps) * 100)
+        }
+    }
+
+    Write-Progress -Activity "Obfuscating Code" -Status "Completed" -PercentComplete 100 -Completed
+    return $obfuscatedCode
+}
+
+function Get-FileLocation {
+    while ($true) {
+        $file_location = Read-Host "Enter the file location -> "
+        if ((Test-Path $file_location) -and $file_location -like "*.ps1") {
+            return $file_location
+        } else {
+            Write-Host "File not found or not a .ps1 file: $file_location"
+        }
+    }
+}
+
+$location_good = Get-FileLocation
+
+$stuff = Get-Content $location_good -Raw
+
+$obfuscatedCode = Main $stuff
+
+$out_file = $location_good -replace ".ps1", "_obf.ps1"
+$obfuscatedCode | Out-File $out_file -Force

Obfus/util/commands/commands.ps1

@@ -0,0 +1,168 @@
+$printables = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+$banned = "abefnrtvABEFNRTV"
+
+function ObfuscateCommandTypes {
+    param(
+        [string]$CommandText,
+        [hashtable]$CommandInfo,
+        [bool]$RealBearWord = $false
+    )
+
+    if ($RealBearWord) {
+        return DotObfuscateBareWord $CommandText
+    }
+
+    if ($CommandInfo.IsBuiltIn) {
+        switch ($CommandInfo.Type) {
+            "Cmdlet" {
+                $verb, $noun = $CommandText -split '-'
+                if ($noun) {
+                    if ($verbose) {
+                        Write-Host $CommandText NOUN
+                    }
+                    return DotObfuscateBareWord $CommandText
+                }
+                if ($verbose) {
+                    Write-Host $CommandText VERB
+                }
+                return DotObfuscateBareWord $CommandText
+            }
+            "BuiltinAlias" {
+                return DotObfuscateBareWord $CommandText
+            }
+            "Function" {
+                if ($verbose) {
+                    Write-Host $CommandText FUNCTION
+                }
+                return DotObfuscateBareWord $CommandText
+            }
+            "Alias" {
+                return RandomUpercaseCharacters $CommandText
+            }
+            default {
+                return RandomUpercaseCharacters $CommandText
+            }
+        }
+    }
+    else {
+        if ($verbose) {
+            Write-Host $CommandText CUSTOM
+        }
+        return RandomUpercaseCharacters $CommandText
+    }
+}
+
+function Get-RandomString {
+    $length = Get-Random -Minimum 8 -Maximum 16
+    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+    return -join ((1..$length) | ForEach-Object { $chars[(Get-Random -Maximum $chars.Length)] })
+}
+
+function RandomUpercaseCharacters($string) {
+    $string = $string -split ""
+    for ($i = 0; $i -lt $string.Length; $i++) {
+        if ($i -gt 0 -and $string[$i - 1] -eq '`' -and $printables.Contains($string[$i])) {
+            continue
+        }
+
+        if ($printables.Contains($string[$i]) -and ($string[$i] -ne "")) {
+            $random = Get-Random -Minimum 0 -Maximum 2
+            if ($random -eq 0) {
+                $string[$i] = $string[$i].ToUpper()
+            }
+            else {
+                $string[$i] = $string[$i].ToLower()
+            }
+        }
+    }
+    return $string -join ''
+}
+
+function ObfuscateMethodsGood($string) {
+    $last = $false
+    $first = $true
+    $out_str = ""
+    if ($string.Contains("KDOT!?!_")) {
+        return $string
+    }
+    $string = $string -split ""
+    $string | ForEach-Object {
+        if (($first -eq $true) -and ($_ -ne "")) {
+            $out_str += $_
+            $first = $false
+        }
+        else {
+            if ($_ -ne "") {
+                $random = Get-Random -Minimum 0 -Maximum 3
+                if (($random -eq 0) -and ($last -eq $false)) {
+                    $out_str += "`'$_`'"
+                    $last = $true
+                }
+                elseif (($random -eq 1) -and ($last -eq $false) -and ($printables.Contains($_)) -and ($_ -ne "") -and (!($banned.Contains($_)))) {
+                    $out_str += "``$_"
+                    $last = $true
+                }
+                else {
+                    $out_str += $_
+                    $last = $false
+                }
+            }
+        }
+    }
+    return $out_str
+}
+
+function DotObfuscateBareWord($string) {
+    $split_str = $string -split ""
+    $map = @()
+    # get the char value for each char in the string
+    $split_str | ForEach-Object {
+        if ($_ -ne "") {
+            $map += [int][char]$_
+        }
+    }
+
+    $out_str = ".("
+
+    $map | ForEach-Object {
+        if ($global:pass_number -lt 2) {
+            $obfuscated = AddOrSubtractRandomEQ $_
+            $out_str += "[char]($obfuscated)+"
+        } else {
+            $out_str += "[char]($_)+"
+        }
+
+    }
+    $out_str = $out_str.Substring(0, $out_str.Length - 1)
+    $out_str += ")"
+    return $out_str
+}
+
+function AddOrSubtractRandomEQ($number_to_obf) {
+    #get 3 random numbers
+    $number1 = Get-Random -Minimum 1 -Maximum 10000
+    $number2 = Get-Random -Minimum 1 -Maximum 10000
+    $number3 = Get-Random -Minimum 1 -Maximum 10000
+
+    $signs = @('+', '-')
+
+    $num1_sign = Get-Random -Minimum 0 -Maximum 2
+    $num2_sign = Get-Random -Minimum 0 -Maximum 2
+    $num3_sign = Get-Random -Minimum 0 -Maximum 2
+
+    $sign1 = $signs[$num1_sign]
+    $sign2 = $signs[$num2_sign]
+    $sign3 = $signs[$num3_sign]
+
+    $opposite_sign1 = $signs[1 - $num1_sign]
+    $opposite_sign2 = $signs[1 - $num2_sign]
+    $opposite_sign3 = $signs[1 - $num3_sign]
+
+    $final_number = "$number_to_obf $sign1 $number1 $sign2 $number2 $sign3 $number3"
+    $out_final = Invoke-Expression $final_number
+
+    $new_problem = "$out_final $opposite_sign1 $number1 $opposite_sign2 $number2 $opposite_sign3 $number3"
+    return "($new_problem)"
+}
+
+#ObfuscateMethodsGood "KDOT_frslwSZslJ"

Obfus/util/commands/function_names.ps1

@@ -0,0 +1,16 @@
+# Define characters for function name generation
+$characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+function Create_Random_String {
+    $string = $characters[(Get-Random -Minimum 26 -Maximum $characters.Length)]
+
+    for ($i = 0; $i -lt 15; $i++) {
+        $string += $characters[(Get-Random -Minimum 0 -Maximum $characters.Length)]
+    }
+    return $string
+}
+
+function ObfuscateFunctionNames($name) {
+    $newName = Create_Random_String
+    return $newName
+}

Obfus/util/final/encodeOutput.ps1

@@ -0,0 +1,93 @@
+# Taken from https://gist.github.com/ctigeek/2a56648b923d198a6e60
+
+function Create-AesManagedObject($key, $IV, $mode) {
+    $aesManaged = New-Object "System.Security.Cryptography.AesManaged"
+
+    if ($mode="CBC") { $aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC }
+    elseif ($mode="CFB") {$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CFB}
+    elseif ($mode="CTS") {$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CTS}
+    elseif ($mode="ECB") {$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::ECB}
+    elseif ($mode="OFB"){$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::OFB}
+
+
+    $aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7
+    $aesManaged.BlockSize = 128
+    $aesManaged.KeySize = 256
+    if ($IV) {
+        if ($IV.getType().Name -eq "String") {
+            $aesManaged.IV = [System.Convert]::FromBase64String($IV)
+        }
+        else {
+            $aesManaged.IV = $IV
+        }
+    }
+    if ($key) {
+        if ($key.getType().Name -eq "String") {
+            $aesManaged.Key = [System.Convert]::FromBase64String($key)
+        }
+        else {
+            $aesManaged.Key = $key
+        }
+    }
+    return $aesManaged
+}
+
+function Create-AesKey() {
+    $aesManaged = Create-AesManagedObject
+    $aesManaged.GenerateKey()
+    return [System.Convert]::ToBase64String($aesManaged.Key)
+}
+
+function Encrypt-String($key, $plaintext) {
+    $bytes = [System.Text.Encoding]::UTF8.GetBytes($plaintext)
+    $aesManaged = Create-AesManagedObject $key
+    $encryptor = $aesManaged.CreateEncryptor()
+    $encryptedData = $encryptor.TransformFinalBlock($bytes, 0, $bytes.Length)
+    [byte[]] $fullData = $aesManaged.IV + $encryptedData
+    return [System.Convert]::ToBase64String($fullData)
+}
+
+function Decrypt-String($key, $encryptedStringWithIV) {r
+    $bytes = [System.Convert]::FromBase64String($encryptedStringWithIV)
+    $IV = $bytes[0..15]
+    $aesManaged = Create-AesManagedObject $key $IV
+    $decryptor = $aesManaged.CreateDecryptor();
+    $unencryptedData = $decryptor.TransformFinalBlock($bytes, 16, $bytes.Length - 16)
+    $aesManaged.Dispose()
+    return [System.Text.Encoding]::UTF8.GetString($unencryptedData).Trim([char]0)
+}
+
+#$key = Create-AesKey
+#
+#
+#$plaintext =  "This is a test string"
+#$mode =  "OFB"
+#"== Powershell AES $mode Encyption=="
+#"`nKey: "+$key
+#
+#$encryptedString = Encrypt-String $key $plaintext
+#
+#$bytes = [System.Convert]::FromBase64String($encryptedString)
+#
+#$IV = $bytes[0..15]
+#"Salt: " +  [System.Convert]::ToHexString($IV)
+#"Salt: " +  [System.Convert]::ToBase64String($IV)
+#
+#$plain = Decrypt-String $key $encryptedString
+#
+#"`nEncrypted: "+$encryptedString 
+#
+#"Decrypted: "+$plain
+
+function Encrypt-Payload($string_payload) {
+    $placeholder_code = @"
+function Decrypt-String(`$key, `$encryptedStringWithIV) {`$bytes = [System.Convert]::FromBase64String(`$encryptedStringWithIV);`$IV = `$bytes[0..15];`$aesManaged = Create-AesManagedObject `$key `$IV;`$decryptor = `$aesManaged.CreateDecryptor();;`$unencryptedData = `$decryptor.TransformFinalBlock(`$bytes, 16, `$bytes.Length - 16);;`$aesManaged.Dispose();return [System.Text.Encoding]::UTF8.GetString(`$unencryptedData).Trim([char]0)};iex(Decrypt-String "YOUR_KEY_HERE" "YOUR_ENCRYPTED_STRING_HERE")
+"@
+    $key = Create-AesKey
+    $encryptedString = Encrypt-String $key $string_payload
+    $placeholder_code -replace "YOUR_KEY_HERE", $key
+    $placeholder_code -replace "YOUR_ENCRYPTED_STRING_HERE", $encryptedString
+    return $placeholder_code
+}
+
+$placeholder_code -replace "YOUR_KEY_HERE" | Out-Null

Obfus/util/numbers/obfuscate_numbers.ps1

@@ -0,0 +1,32 @@
+function ObfuscateNumbers($number) {
+    $number_to_obf = $number
+    $obf_number = AddOrSubtractRandomEQ $number_to_obf
+    return $obf_number
+}
+
+function AddOrSubtractRandomEQ($number_to_obf) {
+    #get 3 random numbers
+    $number1 = Get-Random -Minimum 1 -Maximum 10000
+    $number2 = Get-Random -Minimum 1 -Maximum 10000
+    $number3 = Get-Random -Minimum 1 -Maximum 10000
+
+    $signs = @('+', '-')
+
+    $num1_sign = Get-Random -Minimum 0 -Maximum 2
+    $num2_sign = Get-Random -Minimum 0 -Maximum 2
+    $num3_sign = Get-Random -Minimum 0 -Maximum 2
+
+    $sign1 = $signs[$num1_sign]
+    $sign2 = $signs[$num2_sign]
+    $sign3 = $signs[$num3_sign]
+
+    $opposite_sign1 = $signs[1 - $num1_sign]
+    $opposite_sign2 = $signs[1 - $num2_sign]
+    $opposite_sign3 = $signs[1 - $num3_sign]
+
+    $final_number = "$number_to_obf $sign1 $number1 $sign2 $number2 $sign3 $number3"
+    $out_final = Invoke-Expression $final_number
+
+    $new_problem = "$out_final $opposite_sign1 $number1 $opposite_sign2 $number2 $opposite_sign3 $number3"
+    return "($new_problem)"
+}

Obfus/util/strings/strings.ps1

@@ -0,0 +1,233 @@
+#TODO add env var obf
+$split_string_verbose = $false
+
+function ObfuscateString($string) {
+    $splitting = $true
+    if ($string.Length -lt 4) {
+        $splitting = $false
+    }
+    if ($string.StartsWith("'") -and $string.EndsWith("'")) {
+        $string = $string.Substring(1, $string.Length - 2)
+    }
+    if ($string.StartsWith('"') -and $string.EndsWith('"')) {
+        $string = $string.Substring(1, $string.Length - 2)
+    }
+    $string = $string -replace "`'", "`'`'"
+    if ($string -eq "") {
+        return "''"
+    }
+    $out_content = ""
+
+    if ($splitting -eq $false) {
+        $string_pieces = @($string)
+    } else {
+        try {
+            [string[]]$string_pieces = SplitStrings $string
+        }
+        catch {
+            Write-Host "Error splitting string: $string"
+            Read-Host "Press enter to exit..."
+            exit 1
+        }
+    }
+
+    for ($i = 0; $i -lt $string_pieces.Count; $i++) {
+        $small_string = $string_pieces[$i]
+        $obfuscationFunctions = @(
+            #"ObfuscateStringReverse",
+            "ObfuscateBase64String",
+            #"ObfuscateReplaceString",
+            "ObfuscateHexString",
+            "ObfuscateByteArrayString",
+            "ObfuscateMixedString"
+        )
+        $random = Get-Random -Minimum 0 -Maximum $obfuscationFunctions.Length
+        $obfuscationFunction = $obfuscationFunctions[$random]
+        $out_content2 = & $obfuscationFunction $small_string
+        
+        if ($i -lt ($string_pieces.Count - 1)) {
+            $out_content += "$out_content2 + "
+        } else {
+            $out_content += $out_content2
+        }
+    }
+
+    return "($out_content)"
+}
+
+function ObfuscateStringReverse($string) {
+    #WORKING
+    $split_string = $string -split ""
+    [array]::Reverse($split_string)
+    $reversed_string = $split_string -join ''
+    $command = "('$reversed_string'[-1..-$($reversed_string.Length)] -join '')"
+    return $command
+}
+
+function ObfuscateBase64String($string) {
+    #WORKING
+    $bytes = [System.Text.Encoding]::UTF8.GetBytes($string)
+    $encoded = [System.Convert]::ToBase64String($bytes)
+    $command = "[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('$encoded'))"
+    return $command
+}
+
+function ObfuscateByteArrayString($string) {
+    #WORKING
+    $bytes = [System.Text.Encoding]::UTF8.GetBytes($string)
+    $good_bytes = "(" + ($bytes -join ', ') + ")"
+    $command = "[System.Text.Encoding]::UTF8.GetString($good_bytes)"
+    return $command
+}
+
+function ObfuscateHexString($string) {
+    if ([string]::IsNullOrEmpty($string)) {
+        return "''"
+    }
+
+    $bytes = [System.Text.Encoding]::UTF8.GetBytes($string)
+    $hexString = $bytes | ForEach-Object { "0x{0:x2}" -f $_ }
+    $hexString = "($($hexString -join ', '))"
+    $command = "[System.Text.Encoding]::UTF8.GetString($hexString)"
+    return $command
+}
+
+function ObfuscateMixedString($string) {
+    $bytes = [System.Text.Encoding]::UTF8.GetBytes($string)
+    $hexArray = $bytes | ForEach-Object { "0x{0:x2}" -f $_ }
+
+    if ($bytes.Length -eq 1) {
+        $byteArrayString = $bytes[0]
+    } else {
+        $mixedArray = for ($i = 0; $i -lt $bytes.Length; $i++) {
+            if ((Get-Random -Minimum 0 -Maximum 2) -eq 0) {
+                $bytes[$i]
+            } else {
+                $hexArray[$i]
+            }
+        }
+        $byteArrayString = "(" + ($mixedArray -join ', ') + ")"
+    }
+
+    $command = "[System.Text.Encoding]::UTF8.GetString($byteArrayString)"
+    return $command
+}
+
+function SplitStrings {
+    param (
+        [string]$string
+    )
+
+    $string_length = $string.Length
+    if ($string_length -lt 2) {
+        return @($string)
+    }
+
+    # array to store chunks
+    $result = @()
+    $i = 0
+
+    while ($i -lt $string_length) {
+        if ($string_length -lt 10) {
+            $chunk_length = Get-Random -Minimum 2 -Maximum 5
+        } elseif ($string_length -lt 50) {
+            $chunk_length = Get-Random -Minimum 15 -Maximum 25
+        } elseif ($string_length -lt 100) {
+            $chunk_length = Get-Random -Minimum 24 -Maximum 50
+        } elseif ($string_length -lt 200) {
+            $chunk_length = Get-Random -Minimum 50 -Maximum 100
+        } elseif ($string_length -lt 500) {
+            $chunk_length = Get-Random -Minimum 75 -Maximum 200
+        } elseif ($string_length -lt 1000) {
+            $chunk_length = Get-Random -Minimum 100 -Maximum 300
+        } else {
+            $chunk_length = Get-Random -Minimum 200 -Maximum 500
+        }
+
+        # make sure we got the remaining string length
+        $length = [Math]::Min($chunk_length, $string_length - $i)
+
+        # add it to the chunk array
+        $result += $string.Substring($i, $length)
+        
+        # move the index forward of how far we've gone.
+        $i += $length
+
+        if ($split_string_verbose) {
+            Write-Host "Chunk: $($result[-1])"
+        }
+    }
+
+    #pretty print the chunks
+    if ($split_string_verbose) {
+        Write-Host "Chunks: $($result -join ', ')"
+    }
+
+    return $result
+}
+
+function ObfuscateReplaceString($string) {
+    #BROKEN
+    $split_str = SplitStrings $string
+    $replaces_amount = $split_str.Length
+
+    $set_dict = @{}
+
+    for ($i = 0; $i -lt $replaces_amount; $i++) {
+        $set_dict[$i] = $split_str[$i]
+    }
+
+    $shuffled_key_locations = @()
+    for ($i = 0; $i -lt $replaces_amount; $i++) {
+        $shuffled_key_locations += $i
+    }
+
+    #this is the order we will put the keys in the string.
+    $shuffled_keys = $shuffled_key_locations | Sort-Object {Get-Random}
+
+    $format_string = ""
+    $arguments = @()
+
+    #make the output look like "{1}{0}{2}" -f "b", "a", "c"
+    for ($i = 0; $i -lt $shuffled_keys.Length; $i++) {
+        $format_string += "{$($shuffled_keys[$i])}"
+        $arguments += $set_dict[$i]
+    }
+
+    $format_string = '"' + $format_string + '"'
+    $arguments = '"' + ($arguments -join '", "') + '"'
+
+    $command = "($format_string -f $arguments)"
+
+    Write-Host "Obfuscated: $command"
+    Write-Host $shuffled_key_locations
+    Write-Host $shuffled_keys
+    Write-Host $format_string
+    Write-Host $arguments
+
+    return $command
+}
+
+function make_random_string($length) {
+    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+    return -join ((1..$length) | ForEach-Object { $chars[(Get-Random -Maximum $chars.Length)] })
+}
+
+## Test the obfuscation
+#for ($i = 0; $i -lt 1000; $i++) {
+#    $length = Get-Random -Minimum 1 -Maximum 10
+#    $string = make_random_string $length
+#    $obfuscated_string = ObfuscateReplaceString $string
+#    $deobfuscated_string = Invoke-Expression $obfuscated_string
+#    
+#    if ($string -ne $deobfuscated_string) {
+#        Write-Host "-------------------------------------"
+#        Write-Host "$string"
+#        Write-Host "$deobfuscated_string"
+#        Write-Host "Failed to deobfuscate string: $string"
+#        Write-Host "Obfuscated: $obfuscated_string"
+#        Write-Host "Deobfuscated: $deobfuscated_string"
+#        Write-Host "Press Enter to continue..."
+#        Read-Host
+#    }
+#}

Obfus/util/variables/variables.ps1

@@ -0,0 +1,79 @@
+$bad_vars2 = @('$_', '$ignore', '$PSScriptRoot', '$global', '$MyInvocation', '$local', '`$', '$args', '$ErrorActionPreference', '$ProgressPreference', '$PROFILE')
+$good_chars = "cdghijklmopqsuwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+function ObfuscateVariables($variable_good, $parameter) {
+    $lower_var = $variable_good.ToLower()
+    switch ($lower_var) {
+        '$true' { return ObfuscateTrue }
+        '$false' { return ObfuscateFalse }
+        '$null' { return ObfuscateNull }
+    }
+
+    foreach ($bad_var in $bad_vars2) {
+        if ($lower_var -contains $bad_var) {
+            return $variable_good
+        }
+    }
+    $var = MakeRandomVariableName 10
+    $new_var_final = RandomChangeVar $var $parameter
+    Write-Host "Obfuscating variable: $variable_good to $new_var_final"
+    return $new_var_final
+}
+
+function MakeRandomVariableName($length) {
+    $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    $name = "`$KDOT"
+    for ($i = 0; $i -lt $length; $i++) {
+        $name += $chars[(Get-Random -Minimum 0 -Maximum $chars.Length)]
+    }
+    return $name
+}
+
+function RandomChangeVar($variable, $parameter) {
+    # if the variable is in good_chars, do random capitalization and randomly add a ` in front.
+    $ticks = Get-Random -Minimum 0 -Maximum 2
+    if ($parameter -eq $true) {
+        $ticks = 999
+    }
+    $variable = $variable -split ""
+    for ($i = 0; $i -lt $variable.Length; $i++) {
+        if ($i -gt 0 -and $variable[$i - 1] -eq '`' -and $good_chars.Contains($variable[$i])) {
+            continue
+        }
+
+        if ($good_chars.Contains($variable[$i]) -and ($variable[$i] -ne "")) {
+            $random = Get-Random -Minimum 0 -Maximum 2
+            $random2 = Get-Random -Minimum 0 -Maximum 2
+            if ($random -eq 0) {
+                $variable[$i] = $variable[$i].ToUpper()
+            } else {
+                $variable[$i] = $variable[$i].ToLower()
+            }
+
+            if (($random2 -eq 0) -and ($ticks -eq 0)) {
+                $variable[$i] = "``" + $variable[$i]
+            }
+        }
+    }
+    $variable = $variable -join ''
+    if ($ticks -eq 0) {
+        #insert a { at the beginning after the first character and a } at the end
+        $variable = $variable.Insert(1, "{")
+        $variable += "}"
+    }
+    return $variable
+}
+
+function ObfuscateTrue {
+    return '$true'
+}
+
+function ObfuscateFalse {
+    return '$false'
+}
+
+function ObfuscateNull {
+    return '$null'
+}
+
+#ObfuscateVariables '$this_is_a_test'