note Chady This is a really cool obfu. and it's the first time I attempt to crack an obfuscation. Please correct me where I'm wrong (spoilers in readmore) <readmore> First of all, this obfu uses a lot of quoting, and the <code>xor</code>s are there to seperate the statements, so if we hunt down the qw// q// qq// s/// we end up with something that looks like this. <code> 1 . not exp log srand; 2 . s// /x ; 3 . s/ /length uc ord and print chr ord for qw[join use sub tied]/ 4 . ; eval 5 . ; print qq| | 6 . ; int eval lc q|cos and print chr ord for 7 . qw[ abs ne open tied hex exp ref]| 8 . 9 . ; scalar srand print qq| | 10 . ; int eval lc qq|sqrt cos and print chr ord for 11 . qw[printf each return local]| 12 . or print qq| | 13 . and eval q|undef or oct xor time xor 14 . ref print chr int ord lc 15 . foreach qw[hex alarm chdir kill exec return]| 16 . gt sin sort split </code> Line 1 : decorative? Lines 2-4 : These lines evaluate the statement in line 3 - <code>length uc ord</code> returns a true values so that <code>and</code> gets to the print which prints out the first letter of the quoted words 'join use sub tied'. <code>ord</code> return the ord of the first letter, and then <code>chr</code> passes that letter to print. So these lines print 'just' Lines 6-7 : These lines use the same technique to print 'another' using a small variation. Lines 10-11 : print 'perl' Lines 13-15 : print 'hacker' in another variation The smart thing is the way the last part (lines 10-16) are compiled to be executed in that order; depending on the return values, these last lines evaluate to roughly <code>0 or 1 and 0 gt 0</code>, and having the statements inside <code>eval</code>s makes sure they are executed in order. </readmore> I hope I got it right? <hr>He who asks will be a fool for five minutes, but he who doesn't ask will remain a fool for life. <A HREF="/index.pl?node=Chady">Chady</A> | <a href="http://chady.net" target="Chady">http://chady.net/</a> 290607 290607