Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Extract perl2exe code

by Anonymous Monk
on Nov 20, 2009 at 22:31 UTC ( #808538=perlquestion: print w/ replies, xml ) Need Help??
Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

About a year and a half ago I wrote a small script to download, decompress, run, and delete restricted files from our company intranet to employee's home computers. I compiled it with perl2exe, and threw it up on the company intranet for people to grab. Now we're finding out that the script doesn't work with Windows 7 and thus needs rewritten. The problem is that the source code seems to have gone missing. This isn't a HUGE problem per say as I've mostly rewritten it from scratch already, but there was a system call in it that contained the encryption key to unlock the files. I need to get that line back. Is there any way to decompile the script or grab the system call while it's running?

Comment on Extract perl2exe code
Re: Extract perl2exe code
by Anonymous Monk on Nov 21, 2009 at 00:50 UTC
    but there was a system call in it that contained the encryption key to unlock the files

    Get a new key!!!!

Re: Extract perl2exe code
by gmargo (Hermit) on Nov 21, 2009 at 06:02 UTC
Re: Extract perl2exe code
by spx2 (Chaplain) on Nov 21, 2009 at 07:16 UTC
    just get to the dead listing with something like IDA or Win32DASM, or even OllyDBG , I'm sure you can find any of these tools with a quick search. Make a search for the system call, you should be getting some results and just go through all of them and find out.
Re: Extract perl2exe code
by leocharre (Priest) on Nov 21, 2009 at 17:00 UTC

    I hope this teaches you a lesson. Hiding code.. tsk tsk.

    "..system should be secure because of its design, not because the design is unknown to an adversary.."

    Now, Kerckhoff is a cryptology guy- but all of this deals with security.

    Security.. people misunderstand what that means.. so much. Security is not just safety from malicious attackers.
    Security is protection from data loss- from bugs.
    It's double tripple checking output before you let if go- even though you *know* it's not necesssary to do so.

    I understand releasing this program this way- solved the problem at the time. But you know there's another way of doing it. There's always another way. Maybe the software could have been written completely free- and maybe via some mechanism- when it runs- it asks for some permission token or piece of data from a remote server- and then.. with that- proceeds to do what you need. Who knows.
    But, there are ways.

    Of course the obvious question everyone is asking- is why was the source not in version control? Maybe you're the first one who asked this question at this point.

    I hope you may be inspired to look at other ways of solving this problem in the future. If you're concerned with the authorities- you know.. the boss.. they just want the stuff to work- so they can worry about their own tasks.

Re: Extract perl2exe code
by CountZero (Bishop) on Nov 22, 2009 at 08:09 UTC
    Playing the devil's advocate, I can read your question as:
    I got this "compiled" Perl program in which some foolish programmer hardcoded the encryption key, thinking it would be safe from prying eyes. But we all know better, don't we, so please give me a tool to extract that encryption key, so I can go and steal all their date and warez.

    CountZero

    A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

      Excellent, excellent point.. I can't ++ enough. Even *more* reason not to rely on hiding how something works.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://808538]
Approved by ww
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (11)
As of 2014-08-21 16:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (136 votes), past polls