Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Tuesday September 19, 2006
11:24 PM

Perl source obfuscators are stupid

[ #31052 ]

I'm writing the chapter in Mastering Perl on cleaning up source code, so I figured I'd look at some code obfuscators. I'm sure other people will have stories to tell.

The most stupid obfuscators just get rid of whitespace. perltidy clears that right up.

The oddest one I found looked like it did a lot of stuff, but the last statement in the file was always

"eval($foo)"

. I changed the eval() to

print()

and there's the program. A slightly fancier one had several rounds of that. Still, I had the source in two minutes, and that's just doing it manually.

I'm thinking, just for the heck of it, creating some de-obfuscators just to put in the book.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • > I'm thinking, just for the heck of it, creating some de-obfuscators just to put in the book.

    perl -MO=Deparse obfuscated.pl

    • It's a bit more complicated than you think. Deparse can clean up simple-minded things, but the eval trick isn't something Deparse will figure out. It will still show a huge string, the operations on that huge string, and an eval().
      • Override CORE::GLOBAL::eval to print/save the code before running it?

      • The GOO;eval($code) pattern appeared to be really common in the stuff people showed me so I thought about making B::Deobfuscate optionally run the GOO and replace GOO;eval($code) with the $code.

        I just didn't get around to it.
  • I assume you've come across B::Deobfuscate [cpan.org]?

    It was caused by a rather entertaining thread on perlmonks a few years back :-)

    • Yes, I ran into that module. I just can't get it to install. :(
      • Really? Works for me (IIRC). Send me an RT ticket and I might make it work.
        • Mine installation failed the signature test. I think I'm just going to write a fake Test::Signature to always return ok.

          I could just delete the one that's already there, but something else keeps installing it.
          • Ah. perlmonks have told me there's other problems too but no one bothered to cc me on those either.
          • FYI, I removed all the SIGNATURE stuff and fixed a few other minor things. It's released as 0.15 now. It's still no more special than a B::Deparse with a renaming function.
            • I like renaming everything to flowers. :)
              • Thanks for noticing. 0.16 even lets you use the Flowers dictionary:

                    -MO=Deobfuscate,-DFlowers

                    B::Deobfuscate->new( -DFlowers )
  • ... then as far as I'm concerned Perl::Squish is a good start (because at least it removes comments/pod and compresses) but anything beyond that is dubious at best.

    The whole goal is information extraction, to remove anything that humans need for maintenance that the machine isn't going to need at run-time. But there's only so much of that you can do.

    I can see some PPI-based functionality coming down the line eventually to munge the names of lexical scalars, but beyond that I honestly can't think of much you
    • You can do more. Besides removing information a human needs, you can also do the following:

      • Dilute intent with redundant information

        In each scope, assign all variables from outer scopes that are used to new variables, so it becomes harder to track what is being modified where.

        If you can analyse the source code sufficiently well, you could even introduce global variables used in multiple places as the new location for values.

      • Reduce abstraction

        Inline constants, except for a few instances. Fold most c

      • > Funnily enough, these are all simple refactorings – which, ironically,
        > would be hard to implement for Perl because the language is impossible
        > to parse, whereas it would be easy to abuse the refactoring tools in
        > Eclipse to automatically obfuscate Java.

        Which is kind of what I meant by that being all we can do.

        It's not that it's impossible in the general case, it's just that WE (Perl) can't do them. Or at least, we can't do many.