Search code examples
powershellcdcundetected-chromedriver

Powershell Patching Chromedriver.exe file becomes unusable


So if i replace the cdc strings theres about 9 occurances of them in total with Notepad++ etc it works fine.

But for some reason my powershell code makes the file unusable. It replaces the strings but its not longer able to execute.

$PSDefaultParameterValues['*:Encoding'] = 'utf8';
$regexA = 'cdc_.{22}';
function Get-RandomCharacters($length, $characters) { 
$random = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length } 
$private:ofs="" ;
return [String]$characters[$random];
}
$random += Get-RandomCharacters -length 3 -characters 'abcdefghijklmnopqrstuvwxyz';
$random = 'cdc_' + $random;
$randomupper = Get-RandomCharacters -length 1 -characters 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomtwo = Get-RandomCharacters -length 12 -characters 'abcdefghijklmnopqrstuvwxyz';
$randomuppertwo = Get-RandomCharacters -length 2 -characters 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomthree = Get-RandomCharacters -length 4 -characters 'abcdefghijklmnopqrstuvwxyz';
$output = $random += $randomupper += $randomtwo += $randomuppertwo += $randomthree
Write-Output "New cdc string is : $output"
Get-ChildItem 'C:\Users\C0n\Desktop\chromedriver.exe' | ForEach-Object {
    $c = (Get-Content $_.FullName) -replace $regexA, $output -join "`r"
    $Utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $true
    [IO.File]::WriteAllText($_.FullName, $c, $Utf8NoBomEncoding)
}

Here is the cdc string inside the file cdc_adoQpoasnfa76pfcZLmcfl it gets replaced with a randomly generated string.


Solution

  • My solution read binary and convert to readable UTF8 text then write it back as binary again.

    $regexA = 'cdc_.{22}';
    $ThisFile = 'C:\Users\C0n\Desktop\chromedriver.exe'
    
    function Get-RandomCharacters($length, $characters) { 
        $random = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length } 
        $private:ofs="" ;
        return [String]$characters[$random];
    }
    
    $random += Get-RandomCharacters -length 3 -characters 'abcdefghijklmnopqrstuvwxyz';
    $random = 'cdc_' + $random;
    $randomupper = Get-RandomCharacters -length 1 -characters 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomtwo = Get-RandomCharacters -length 12 -characters 'abcdefghijklmnopqrstuvwxyz';
    $randomuppertwo = Get-RandomCharacters -length 2 -characters 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomthree = Get-RandomCharacters -length 4 -characters 'abcdefghijklmnopqrstuvwxyz';
    $output = $random += $randomupper += $randomtwo += $randomuppertwo += $randomthree
    Write-Output "New cdc string is : $output"
    
    Get-ChildItem $ThisFile | ForEach-Object {
        $c = (Get-Content $_.FullName -Raw)
        if ($c -match $regexA) {
            $existing_cdc = $matches[0]
            Write-Output "Existing cdc to be replaced: $existing_cdc"
        }
    }
    
    # To compensate for a difference between Windows PowerShell and PowerShell (Core) 7+
    # with respect to how byte processing is requested: -Encoding Byte vs. -AsByteStream
    $byteEncParam = 
      if ($IsCoreCLR) { @{ AsByteStream = $true } } 
      else            { @{ Encoding = 'Byte' } }
    
    # Read the file *as a byte array*.
    $data = Get-Content @byteEncParam -ReadCount 0  $ThisFile
    
    # Convert the array to a "hex string" in the form "nn-nn-nn-...",
    # where nn represents a two-digit hex representation of each byte,
    # e.g. '41-42' for 0x41, 0x42, which, if interpreted as a
    # single-byte encoding (ASCII), is 'AB'.
    $dataAsHexString = [BitConverter]::ToString($data)
    
    # Define the search and replace strings, and convert them into
    # "hex strings" too, using their UTF-8 byte representation.
    $search = $existing_cdc
    $replacement = $output
    $searchAsHexString = [BitConverter]::ToString([Text.Encoding]::UTF8.GetBytes($search))
    $replaceAsHexString = [BitConverter]::ToString([Text.Encoding]::UTF8.GetBytes($replacement))
    
    # Perform the replacement.
    $dataAsHexString = $dataAsHexString.Replace($searchAsHexString, $replaceAsHexString)
    
    # Convert he modified "hex string" back to a byte[] array.
    $modifiedData = [byte[]] ($dataAsHexString -split '-' -replace '^', '0x')
    
    # Save the byte array back to the file.
    Set-Content @byteEncParam $ThisFile -Value $modifiedData