Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Obfuscation is not Security 4 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • I wrote the initial set of code that Larry turned into the CRYPTSWITCH enabled encryption filter in early perl3. Carrying forward that ability for encrypting scripts was the initial purpose of the Filter module in perl5, although the ability to apply arbitrary filtering to the incoming code stream was designed into it and the Filter::Crypt module was one of the initial examples of how to use that ability.

    But, the company I was at was never foolish enough to believe that encrypting scripts made the code saf

    • I recall scaring the hell out of a programmer that was relying on Filter::decrypt. He'd thought it was full on encryption rather than just elaborate obfuscation and apparently the company had bought into that, too. I told him I could bust the obfuscation. He didn't believe me so he sent me a simple sample. IIRC my algorithm was something like...

      require the code
      walk the symbol table looking for globals and subroutines
      Data::Dumper the globals
      B::Deparse the subroutines

      The tricky part was the file-scoped lexical arrays used inside the subroutines. I couldn't quite get padwalker working to grab at them. Instead I just ran the program over and over again with the proper inputs to cause it to print out each element of the arrays.

      Then I sent the result back to the poor guy. I think it took less than an hour.

      It was an interesting exercise. I'd been saying for years prior that Filter::decrypt was defeatable by B::Deparse but had never actually performed an attack.
      • I haven't tried it, but what I figured the easiest method (even before B::Deparse came along) would be to write another filter and name it Filter::Decrypt. It would use the "real" Filter::Decrypt but tee the results before passing them on as its "filtered" output. It's the basic man-in-the-middle attack.
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.