Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: Code hiding in Perl

by Anonymous Monk
on Jun 26, 2015 at 08:35 UTC ( [id://1132093]=note: print w/replies, xml ) Need Help??


in reply to Code hiding in Perl

You haven't shown any code or explained the details of your obfuscation scheme, and you say your code works, so what kind of feedback are you looking for? On the general approach you've already said a central point yourself:

it's almost impossible to completely secure the code from "too curious" eyes

Yes, knowledgeable people will still be able to get the source of the program, all obfuscation does is make it a little bit more difficult.

Replies are listed 'Best First'.
Re^2: Code hiding in Perl
by sumanta (Novice) on Jun 26, 2015 at 09:08 UTC

    The encryption is done through custom C executable and the execution of encrypted binary code can only be done through another C executable (dummy Perl interpreter) and it does in-memory execution like this.

    perl_run(my_perl); eval_pv(buffer, TRUE);
      The encryption is done through custom C executable and the execution of encrypted binary code can only be done through another C executable (dummy Perl interpreter) and it does in-memory execution like this.
      perl_run(my_perl); eval_pv(buffer, TRUE);

      Easily broken:

      1. start a debugger
      2. load the "encrypted" program from the debugger
      3. set a breakpoint at the call to eval_pv(), or at the first instruction of eval_pv()
      4. start the program
      5. instruct the debugger to show the contents of buffer
      6. copy contents of buffer to a text file
      7. kill the program
      8. exit the debugger

      It was explained a thousand times or more, but once more for you:

      Perl is designed to evaluate unencrypted source code, so at some point, you have to decrypt the encrypted code. Alternatively, you can feed perl a prepared parse tree, in unencrypted form. Again, you have to decrypt the encrypted tree before passing it to perl. B::Deparse can reconstruct perl source code from the tree, so you gain exactly nothing from using a tree.

      Both ways, you have to decrypt the encrypted data, so your executable must contain the decryption algorithm and the required decryption key. Both can be exctracted from the executable to create an independant decryption tool. Or, as I explained above, one can simply stop the execution of the program at the point where the decrypted data is passed to perl API functions. That's usually much less work.

      And there is NO WAY to prevent that.

      See also:

      Alexander

      --
      Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
        I have already explained that the purpose of this work is to make it harder for them to dig inside the logical portion of the code .. Now ofcourse I know it can't be hidden completely, there is always a way out for everything and if you go by that logic, nothing seems to be correct .. anyway , the process I adopted, you just can't debug that .. because it is disabled.

      See overload::eval. It replaces the ENTEREVAL opcode with its own. eval_pv parses the code and then executes the ENTEREVAL opcode before running the code within the eval.

      Also, if the program string exists as one large buffer in RAM, its easy to freeze the program as soon as it opens a file (for example) and then dump the memory.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1132093]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (5)
As of 2024-03-29 00:39 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found