Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Deobfuscator: the struggle for light!

by Sigmund (Pilgrim)
on Aug 22, 2001 at 17:36 UTC ( #106944=snippet: print w/ replies, xml ) Need Help??

Description: please look at comments for description. maybe this is not the right place where to post, but it would be indelicate to post it in obfuscation section, and, 'cos it works and it's "warning proof" and "strict proof" i decided to post here.
i would be glad to receive help from guys interested in developing such a tool, and so,
thanks in advance.
Sigmund




#!/usr/bin/perl -w
# This is the first attempt to write something useful to break all tho
+se
# wonderful pieces-of-art that obfuscated code represents. How do they
+ work?
# How can i read them more easily? Is this Reverse Engineering? I just
# started learning Perl and Obfuscation, and i wanted something to hel
+p when
# learning from others' scripts. ASCII-art-formatted scripts are reall
+y hard
# to read. this crumb of code helps a little, and I look for help to i
+mprove
# it. For instance, it should detect and properly format regular expre
+ssions
# which do not use regular "/" and hopefully better format loops!
# And finally, how may the "enlightenment" come from "obfuscation" ?
# Follow the light, and leave the Dark Side! ;-)
#
# (by the way, there's always something fascinating in darkness...
# i like obfu!!! ;-P )

use strict;
use vars '$output','$line';
$output = $ARGV[0].".deobfu";
open (INF, "< $ARGV[0]");
open (OUF, "> $output");
while (<INF>)
    {
    $line .= $_;
    $line =~ s/\#(^\!).*\n//g;
    } 
$line =~ s/ +/ /g;
$line =~ s/\t+/\t/g;
$line =~ s/\n//g;
$line =~ s/use /\nuse /g;
$line =~ s/(qq)([\W])(\w*)([\W])/\"$3\"/g;
$line =~ s/(q)([\W])(\w*)([\W])/\'$3\'/g;
$line =~ s/\;/\;\n/g;
$line =~ s/([\{||\}])/\n$1\n/g;

print OUF $line;
close (INF);
close (OUF);
Comment on Deobfuscator: the struggle for light!
Download Code
Re: Deobfuscator: the struggle for light!
by Cirollo (Friar) on Aug 22, 2001 at 22:03 UTC
    A nice effort. I think this has been tried before, but I don't know the node offhand. Maybe it was a discussion on scripts to make scripts more obfuscated instead of vice versa.

    But, remember that many obfu's depend on their whitespace, since you're blindly collapsing it down. For example, just try to run Camel Code after it's been sent through your script. Or, see what happens to Things are not what they seem like.. Test this on a few of BooK or Erudil's obfuscations and I bet they will break too.

    The best obfuscations abuse the more exotic features of the language, which makes them that much harder to deconstruct.

    Also, you might have better luck if you try to run scripts through B::Deparse, by running perl -MO=Deparse file.pl > file.pl.deobfu

Re: Deobfuscator: the struggle for light!
by bikeNomad (Priest) on Aug 22, 2001 at 23:18 UTC
    You might like to look at perltidy, which is smart enough not to mess with important whitespace.

Back to Snippets Section

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: snippet [id://106944]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (5)
As of 2014-08-01 04:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (256 votes), past polls