raandree · December 16, 2021 11:55
diff --git a/EventTextLengthCompare.ps1 b/EventTextLengthCompare.ps1
 function GenerateRandomSalt
 {
    [byte[]]$data = New-Object byte[](32)

    $cp = [System.Security.Cryptography.RNGCryptoServiceProvider]::new()
    
    for ($i = 0; $i -lt 10; $i++)
    {            
        $cp.GetBytes($data)
    }
        
    $cp.Dispose()

    return $data
 }

 function Encrypt([string]$Data, [string]$Password)
 {
    [byte[]]$salt = GenerateRandomSalt
    [System.Security.Cryptography.RijndaelManaged]$aes = [System.Security.Cryptography.RijndaelManaged]::new()
    $aes.KeySize = 256
    $aes.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7
    $key = [System.Security.Cryptography.Rfc2898DeriveBytes]::new($password, $salt, 50000)
    $aes.Key = $key.GetBytes($aes.KeySize / 8)
    $aes.IV = $key.GetBytes($aes.BlockSize / 8)
    $aes.Mode = [System.Security.Cryptography.CipherMode]::CFB
    
    $memoryStream = [System.IO.MemoryStream]::new()
    $memoryStream.Write($salt, 0, $salt.Length)

    $bytes = [System.Text.Encoding]::Unicode.GetBytes($Data)

    $cs = [System.Security.Cryptography.CryptoStream]::new($memoryStream, $aes.CreateEncryptor(), [System.Security.Cryptography.CryptoStreamMode]::Write)

    $cs.Write($bytes, 0, $bytes.Count)
    $cs.Close()
    
    $memoryStream.GetBuffer()
    $memoryStream.Close()
 }

 $FormatEnumerationLimit = -1
 $e = Get-EventLog -LogName System -Newest 1

 $eventBytes = [System.Text.Encoding]::Unicode.GetBytes(($e | Format-List -Property * | Out-String))
 "EventText length $($eventBytes.Length)"

 $serializedEventBytes = [System.Text.Encoding]::Unicode.GetBytes([System.Management.Automation.PSSerializer]::Serialize($e, 4))
 "Serialized Event length $($serializedEventBytes.Length)"

 $base64EventBytes = [System.Text.Encoding]::Unicode.GetBytes([Convert]::ToBase64String($serializedEventBytes))
 "Base64 Event length $($base64EventBytes.Length)"

 $encryptedBase64Bytes = Encrypt -Data ([Convert]::ToBase64String($serializedEventBytes)) -Password 'ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a'
 "AES256 Encrypted Base64 Event length $($encryptedBase64Bytes.Length)"
	function GenerateRandomSalt
	{
	[byte[]]$data = New-Object byte[](32)

	$cp = [System.Security.Cryptography.RNGCryptoServiceProvider]::new()

	for ($i = 0; $i -lt 10; $i++)
	{
	$cp.GetBytes($data)
	}

	$cp.Dispose()

	return $data
	}

	function Encrypt([string]$Data, [string]$Password)
	{
	[byte[]]$salt = GenerateRandomSalt
	[System.Security.Cryptography.RijndaelManaged]$aes = [System.Security.Cryptography.RijndaelManaged]::new()
	$aes.KeySize = 256
	$aes.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7
	$key = [System.Security.Cryptography.Rfc2898DeriveBytes]::new($password, $salt, 50000)
	$aes.Key = $key.GetBytes($aes.KeySize / 8)
	$aes.IV = $key.GetBytes($aes.BlockSize / 8)
	$aes.Mode = [System.Security.Cryptography.CipherMode]::CFB

	$memoryStream = [System.IO.MemoryStream]::new()
	$memoryStream.Write($salt, 0, $salt.Length)

	$bytes = [System.Text.Encoding]::Unicode.GetBytes($Data)

	$cs = [System.Security.Cryptography.CryptoStream]::new($memoryStream, $aes.CreateEncryptor(), [System.Security.Cryptography.CryptoStreamMode]::Write)

	$cs.Write($bytes, 0, $bytes.Count)
	$cs.Close()

	$memoryStream.GetBuffer()
	$memoryStream.Close()
	}

	$FormatEnumerationLimit = -1
	$e = Get-EventLog -LogName System -Newest 1

	$eventBytes = [System.Text.Encoding]::Unicode.GetBytes(($e \| Format-List -Property * \| Out-String))
	"EventText length $($eventBytes.Length)"

	$serializedEventBytes = [System.Text.Encoding]::Unicode.GetBytes([System.Management.Automation.PSSerializer]::Serialize($e, 4))
	"Serialized Event length $($serializedEventBytes.Length)"

	$base64EventBytes = [System.Text.Encoding]::Unicode.GetBytes([Convert]::ToBase64String($serializedEventBytes))
	"Base64 Event length $($base64EventBytes.Length)"

	$encryptedBase64Bytes = Encrypt -Data ([Convert]::ToBase64String($serializedEventBytes)) -Password 'ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a'
	"AES256 Encrypted Base64 Event length $($encryptedBase64Bytes.Length)"