This page has several
VBScript programs to Base64 encode hexadecimal strings, text strings, or
files. There are also corresponding VBScript programs to decode Base64 strings
or files into hexadecimal
strings or text strings.
The MIME (Multipurpose Internet Mail Extensions) specification, defined in RFC 2045, 1421 and 1521, specifies a binary to text encoding scheme. It encodes any binary string using a 64 character alphabet of printable characters, plus the "=" character to indicate padding. The Base64 alphabet includes the upper case letters "A" through "Z", the lower case letters "a" through "z", the digits "0" through "9", and the characters "+" and "/" (plus the "=" character). This allows you to encode any binary string into a form that can be used in virtually any environment. It can also serve to obfuscate strings for the casual observer, although this is certainly not an encryption scheme in any sense.
The utility ldifde uses ldif files (usually with extension *.ldf) that can include Base64 encoded character strings. This allows you to assign binary values or strings with special characters in Active Directory. You can use the programs on this page to encode strings in foreign languages with non-standard characters. You signal to ldifde.exe that the value is Base64 encoded by using two colons (instead of one) to separate the attribute name and the value. For example, the ldif file could contain the following line:
The first program linked below accepts a sequence of hexadecimal bytes as a parameter and
outputs the resulting Base64 encoding. You may need to use this if you can
convert the string you want into the hexadecimal equivalent, but the
text characters cannot be displayed. If you don't supply a hexadecimal
string on the command line when you run the program, it will prompt for the
string. This way you can copy and paste the hexadecimal string into the form
displayed by the program.
HexToBase64.txt <<-- Click here to view or download the program
For example, to encode the hexadecimal sequence of ten bytes "2041420A0D233E5B20", you would use the following at a command prompt:
cscript //nologo HexToBase64.vbs 2041420A0D233E615B20
Note that each byte is represented by two hexadecimal characters. If desired you can delimit the bytes with "/", "\", "-", ",", or spaces. If you use spaces, enclose the entire value in quotes. The command above results in the following Base64 string:
The next program accepts any text string as a parameter and outputs the resulting
Base64 encoding. Note that only normal display characters can be used. For
example the carriage return, line feed sequence used above,
"0A0D", could not
be used. Again, if the text string is not passed to the program on the
command line, the program will prompt for the string.
TextToBase64.txt <<-- Click here to view or download the program
For example, to encode the string "This is a test, only a test.", the command would be:
cscript //nologo TextToBase64.vbs "This is a test, only a test"
Note that the string must be enclosed in quotes if it contains spaces, or any characters that will be interpreted by the command processor (such as the ">" or "|" characters). The result in this case will be:
Next is a program that accepts a file as a parameter and encodes the
contents. The file should be a text file. A
second optional parameter indicates whether or not the file contains lines delimited by carriage returns (actually, carriage
return, line feed characters). A value of "True" or "T" (the default) means
the file is a text file that can be read one line at a time. A value of
"False" or "F" means the file must be read all at once. If you provide no parameters on the command
line, the program will prompt.
FileToBase64.txt <<-- Click here to view or download the program
For example, to encode the contents of the file Example.txt and redirect the output to another file called Encoded.txt, the command would be (assuming the files are in the same directory as the VBScript program):
cscript //nologo FileToBase64.vbs Example.txt F > Encoded.txt
Next is a program to encode passwords for use with the ldifde utility. The
utility can be used to set passwords, but it requires that the password
value be specially formatted. First, the password
value must be enclosed in quotes. Second, it must be a unicode value. The
next program accepts a password string, formats the value properly, then
Base64 encodes it so it can be used to set passwords with ldifde. If the
password is not supplied on the command line, the program will prompt for
PwdToBase64.txt <<-- Click here to view or download the program
For example, to encode the password "xZy$132#q!", the command would be:
cscript //nologo PwdToBase64.vbs xZy$132#q!
This results in the following Base64 value:
Of course, it would help to redirect the output to a text file, so you can copy and paste the encoded string into an LDIF file. To use the value to set a password, the LDIF file would be similar to below:
dn: cn=Jim Smith,ou=West,dc=MyDomain,dc=com
Note the two colons separating the attribute name and the Base64 encoded value. Also note the "-" on the last line. If this LDIF file is saved as ChgPwd.ldf, then the command to set the password for user "cn=Jim Smith" would be as follows:
ldifde -i -f ChgPwd.ldf -t 636
Port 636 is for LDAP over SSL, which is required for password changes. This
also requires that you configure SSL/TLS (secure sockets layer/transport
layer security) encryption on the domain controller. Of
course, the password must meet domain policy requirements, and you must have
Next is a series of programs to decode Base64 strings. The following program accepts the Base64 string as a parameter and outputs the decoded hexadecimal string. If you do not supply the parameter, the program prompts.
Base64ToHex.txt <<-- Click here to view or download the program
For example, to decode the Base64 string "IEFCCg0jPmFbIA==", the command would be:
cscript //nologo Base64ToHex.vbs IEFCCg0jPmFbIA==
Which would result in the hexadecimal string:
Note it is possible for the Base64 encoded string to begin with two slash
characters, "//". If you provide this value at the command line, the command
interpreter will interpret the string as an option and raise an error. In
this case you must supply no value and let the program prompt for the Base64
The next program accepts a Base64 string as a parameter and outputs the decoded text string. If the decoded string includes non-display characters, the results could be unpredictable:
Base64ToText.txt <<-- Click here to view or download the program
For example, the following command:
cscript //nologo Base64ToText.vbs VGhpcyBpcyBhIHRlc3QsIG9ubHkgYSB0ZXN0
Results in the following text string:
This is a test, only a test
Again, if the Base64 string begins with "//",
let the program prompt for the value.
The next program accepts a Base64 encoded file and outputs the file contents decoded.
A second optional parameter indicates if the Base64 file has extra carriage
control characters (because it was encoded by the program FileToBase64.vbs
using "False" as the second parameter). "True", or "T", the default, means
the encoded file can be read a line at a time. "False", or "F", means the
encoded file must be read all at once.
Base64FileToText.txt <<-- Click here to view or download the program
For example, to decode the file Encoded.txt created above, the command would be:
cscript //nologo Base64FileToText.vbs Encoded.txt F > Example.bak
The new file created, Example.bak, should be identical the the original
file, Example.txt, used above, except that the file Example.bak will have an
extra carriage return at the end because of the way redirection works.
The final program accepts a Base64 encoded password value and outputs the decoded string. This decodes the value created by the program PwdToBase64.vbs linked above. Again, if you do not supply the Base64 value, the program prompts. This program accounts for the special format required for password values.
Base64ToPwd.txt <<-- Click here to view or download the program