This page has several VBScript programs to Base64 encode hexadecimal strings, text strings, or files. There are also corresponding VBScript programs to decode Base64 strings or files into hexadecimal strings or text strings.

The MIME (Multipurpose Internet Mail Extensions) specification, defined in RFC 2045, 1421 and 1521, specifies a binary to text encoding scheme. It encodes any binary string using a 64 character alphabet of printable characters, plus the "=" character to indicate padding. The Base64 alphabet includes the upper case letters "A" through "Z", the lower case letters "a" through "z", the digits "0" through "9", and the characters "+" and "/" (plus the "=" character). This allows you to encode any binary string into a form that can be used in virtually any environment. It can also serve to obfuscate strings for the casual observer, although this is certainly not an encryption scheme in any sense.

The utility ldifde uses ldif files (usually with extension *.ldf) that can include Base64 encoded character strings. This allows you to assign binary values or strings with special characters in Active Directory. You can use the programs on this page to encode strings in foreign languages with non-standard characters. You signal to ldifde.exe that the value is Base64 encoded by using two colons (instead of one) to separate the attribute name and the value. For example, the ldif file could contain the following line:

Title:: IEFCCg0jPmFbIA==

The first program linked below accepts a sequence of hexadecimal bytes as a parameter and outputs the resulting Base64 encoding. You may need to use this if you can convert the string you want into the hexadecimal equivalent, but the text characters cannot be displayed. If you don't supply a hexadecimal string on the command line when you run the program, it will prompt for the string. This way you can copy and paste the hexadecimal string into the form displayed by the program.

HexToBase64.txt <<-- Click here to view or download the program

For example, to encode the hexadecimal sequence of ten bytes "2041420A0D233E5B20", you would use the following at a command prompt:

cscript //nologo HexToBase64.vbs 2041420A0D233E615B20

Note that each byte is represented by two hexadecimal characters. If desired you can delimit the bytes with "/", "\", "-", ",", or spaces. If you use spaces, enclose the entire value in quotes. The command above results in the following Base64 string:

IEFCCg0jPmFbIA==

The next program accepts any text string as a parameter and outputs the resulting Base64 encoding. Note that only normal display characters can be used. For example the carriage return, line feed sequence used above, "0A0D", could not be used. Again, if the text string is not passed to the program on the command line, the program will prompt for the string.

TextToBase64.txt <<-- Click here to view or download the program

For example, to encode the string "This is a test, only a test.", the command would be:

cscript //nologo TextToBase64.vbs "This is a test, only a test"

Note that the string must be enclosed in quotes if it contains spaces, or any characters that will be interpreted by the command processor (such as the ">" or "|" characters). The result in this case will be:

VGhpcyBpcyBhIHRlc3QsIG9ubHkgYSB0ZXN0

Next is a program that accepts a file as a parameter and encodes the contents. The file should be a text file. A second optional parameter indicates whether or not the file contains lines delimited by carriage returns (actually, carriage return, line feed characters). A value of "True" or "T" (the default) means the file is a text file that can be read one line at a time. A value of "False" or "F" means the file must be read all at once. If you provide no parameters on the command line, the program will prompt.

FileToBase64.txt <<-- Click here to view or download the program

For example, to encode the contents of the file Example.txt and redirect the output to another file called Encoded.txt, the command would be (assuming the files are in the same directory as the VBScript program):

cscript //nologo FileToBase64.vbs Example.txt F > Encoded.txt

Next is a program to encode passwords for use with the ldifde utility. The ldifde utility can be used to set passwords, but it requires that the password value be specially formatted. First, the password value must be enclosed in quotes. Second, it must be a unicode value. The next program accepts a password string, formats the value properly, then Base64 encodes it so it can be used to set passwords with ldifde. If the password is not supplied on the command line, the program will prompt for the password.

PwdToBase64.txt <<-- Click here to view or download the program

For example, to encode the password "xZy$132#q!", the command would be:

cscript //nologo PwdToBase64.vbs xZy$132#q!

This results in the following Base64 value:

IgB4AFoAeQAkADEAMwAyACMAcQAhACIA

Of course, it would help to redirect the output to a text file, so you can copy and paste the encoded string into an LDIF file. To use the value to set a password, the LDIF file would be similar to below:

dn: cn=Jim Smith,ou=West,dc=MyDomain,dc=com
changetype: modify
replace: unicodePwd
unicodePwd::IgB4AFoAeQAkADEAMwAyACMAcQAhACIA
-

Note the two colons separating the attribute name and the Base64 encoded value. Also note the "-" on the last line. If this LDIF file is saved as ChgPwd.ldf, then the command to set the password for user "cn=Jim Smith" would be as follows:

ldifde -i -f ChgPwd.ldf -t 636

Port 636 is for LDAP over SSL, which is required for password changes. This also requires that you configure SSL/TLS (secure sockets layer/transport layer security) encryption on the domain controller. Of course, the password must meet domain policy requirements, and you must have sufficient permissions.

Next is a series of programs to decode Base64 strings. The following program accepts the Base64 string as a parameter and outputs the decoded hexadecimal string. If you do not supply the parameter, the program prompts.

Base64ToHex.txt <<-- Click here to view or download the program

For example, to decode the Base64 string "IEFCCg0jPmFbIA==", the command would be:

cscript //nologo Base64ToHex.vbs IEFCCg0jPmFbIA==

Which would result in the hexadecimal string:

2041420A0D233E615B20

Note it is possible for the Base64 encoded string to begin with two slash characters, "//". If you provide this value at the command line, the command interpreter will interpret the string as an option and raise an error. In this case you must supply no value and let the program prompt for the Base64 encoded string.

The next program accepts a Base64 string as a parameter and outputs the decoded text string. If the decoded string includes non-display characters, the results could be unpredictable:

Base64ToText.txt <<-- Click here to view or download the program

For example, the following command:

cscript //nologo Base64ToText.vbs VGhpcyBpcyBhIHRlc3QsIG9ubHkgYSB0ZXN0

Results in the following text string:

This is a test, only a test

Again, if the Base64 string begins with "//", let the program prompt for the value. The next program accepts a Base64 encoded file and outputs the file contents decoded. A second optional parameter indicates if the Base64 file has extra carriage control characters (because it was encoded by the program FileToBase64.vbs using "False" as the second parameter). "True", or "T", the default, means the encoded file can be read a line at a time. "False", or "F", means the encoded file must be read all at once.

Base64FileToText.txt <<-- Click here to view or download the program

For example, to decode the file Encoded.txt created above, the command would be:

cscript //nologo Base64FileToText.vbs Encoded.txt F > Example.bak

The new file created, Example.bak, should be identical the the original file, Example.txt, used above, except that the file Example.bak will have an extra carriage return at the end because of the way redirection works.

The final program accepts a Base64 encoded password value and outputs the decoded string. This decodes the value created by the program PwdToBase64.vbs linked above. Again, if you do not supply the Base64 value, the program prompts. This program accounts for the special format required for password values.

Base64ToPwd.txt <<-- Click here to view or download the program