Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: using Safe.pm

by CountZero (Bishop)
on Jul 06, 2015 at 06:07 UTC ( [id://1133312]=note: print w/replies, xml ) Need Help??


in reply to using Safe.pm

Nothing to do with your question about Safe, but perhaps you can add another window to the "obfu decoder ring" with the output of B::Deparse which can assist in understanding obfuscated code.

CountZero

A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

My blog: Imperial Deltronics

Replies are listed 'Best First'.
Re^2: using Safe.pm
by Aldebaran (Curate) on Jul 07, 2015 at 07:13 UTC

    An interesting challenge. I've been fiddling with it for 48 hours and decided that altering the windows/widgets was beyond my skill level. Since the output goes to STDOUT, I opted to create an event that would do so. I sincerely hope the readmore tags work this time:

    Read more... (11 kB)

    When I depress ctrl-d, I get to the sub that prints "before eval" to STDOUT. My current problem is writing the appropriate eval statement, in other words, trying to imitate the command line from within a program. My best guess did not work:

    #!/usr/bin/perl
use Modern::Perl qw/2010/;
use Safe;
use File::Slurp;
 
my $compartment = Safe->new();
my $japh = read_file( 'obfu3.pl' ) ;
my $result = $compartment->reval($japh);
say "Result is $result";


eval ('perl -MO=Deparse obfu3.pl');

    [download]

    The top part works; the bottom doesn't. Looking for tips. Thank you.

[reply]
[d/l]
[select]
      You don't have to start an external Perl instance. B::Deparse works equally well from within your script:
      use B::Deparse;

my $deparse = B::Deparse->new();

my $body = $deparse->coderef2text(sub {
# your program here
});

print $body;

      [download]

      CountZero

      A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

      My blog: Imperial Deltronics
[reply]
[d/l]
[reply]

        Thanks for your response, I chased down those cpan modules and gave them a read. It's been suggested that I might not have my 'puter at eye level, and the answers might be right there on the screen, but I'm missing them usually for lack of comprehension. This is new territory for me, and the learning curve is steep. I do best with the modules that have examples and have worked up a few examples to show what is working and what isn't. I wrote the simplest of toy programs: toy1.pl, that only substitutes a phrase. It's safe and short. Let me list the latest of many incarnations of this script:

        #!/usr/bin/perl
use warnings;
use strict;
use feature 'say';
use File::Slurp;
use B::Deparse;

# first trial without safe
my $japh = read_file( 'toy1.pl' ) ;
say "japh is $japh";
eval($japh);
# second trial with safe and copy/paste
my $deparse = B::Deparse->new();
my $body = $deparse->coderef2text(sub {
my $name = 'Donald Trump';
$name =~ s/ / "in the sub" /;
say "name is $name";
});
say "second trial is $body";
# third trial combines two methods
my $deparse2 = B::Deparse->new();
my $body2 = $deparse2->coderef2text(sub {
my $japh2 = read_file( 'toy1.pl' ) ;
say "japh2 is $japh2";
eval($japh2);
});
say "third trial is $body2";
# 4th trial uses backticks
my $file = 'toy1.pl';
my $command = "perl -MO=Deparse $file";
say "command is $command";
my $output = `$command`;
say "4th trial is $output";
# 5th trial looks at original obfu
$file = 'obfu3.pl';
$command = "perl -MO=Deparse $file";
$output = `$command`;
say "5th trial is $output";

        [download]

        The problem seems to be how to get deparse to work when the file to be deparsed is being selected after the program begins to run. Hence copying and pasting into a sub is not possible. I thought I was going to go with system() and Capture::Tiny until I ended up going with backticks in the 4th trial with good results. On the fifth trial I directed the backend of perl toward the obfu in the thread of the obfu decoder ring from the original post. It appears to be a bunch of junk under closer inspection:

        japh is #!/usr/bin/perl
use Modern::Perl qw/2010/;

my $name = 'Donald Trump';
$name =~ s/ / "Perl is great" /;
say "name is $name";
name is Donald "Perl is great" Trump
second trial ia {
    use warnings;
    use strict;
    use feature 'say';
    my $name = 'Donald Trump';
    $name =~ s/ / "in the sub" /;
    say "name is $name";
}
third trial is {
    use warnings;
    use strict;
    use feature 'say';
    my $japh2 = read_file('toy1.pl');
    say "japh2 is $japh2";
    eval $japh2;
}
command is perl -MO=Deparse toy1.pl
toy1.pl syntax OK
4th trial is use Modern::Perl ('2010');
use warnings;
use strict;
use feature 'say', 'state', 'switch';
my $name = 'Donald Trump';
$name =~ s/ / "Perl is great" /;
say "name is $name";

obfu3.pl syntax OK
5th trial is $= = $';
$. | $| unless $;
$_ = '*$(^@(%_+&~~;#~~/.~~;_);;.);;#);~~~~;_,.~~,.*+,./|~~;_);@-,.;.);
+~~,./@@-__
);;.);;#,.;.~~@-);;#);;;);~~,.*+,.;#);;;;#-(@-__);;.);;#,.;.~~@-););,.
+/.);~~,./|
,.*+,./|,.););;#;#-(@-__);;.);;#,.;.~~@-;;,.,.*+,./@,.;.;#__;#__;;,.,.
+*+,./|,.;;
;#-(@-__@-__,.;_);@-,.;.,./|~~();.;#;.;;;;;;;;;.;.~~;.~~~~/@~~@-~~~~;#
+/|;#/|~~~~
~~/@~~@-~~~~~~;_,.;;,.;.);,.~~;_,./|);;.,./@,./@~~~~~~*+;#-(@-__,.,.,.
+*+,./|,.;;
~~()~~@-);;#);;.,.~~~~@-);-(@-__@-*+);~~,..%,.;;,.*+);~~~~@-,.*+,.,.~~
+@-~~.%,.;;
~~@-,./.,./|,.;;~~@-~~.%););;#-(@-__@-*+);;.,./|,./@,.*+,./|,.-(~~@-,.
+*+,.,.~~@-
~~.%,.,.~~@-,./.,./|,.;;~~@-~~.%););;#-(@-__);.%~~/@~~@-~~~~~~;_,.(),.
+;_,..%,.;.
~~;_~~;;;#/|~~~~~~*+;#-(@-__);@-);~~,.*+,./|);;;~~@-~~~~;;__;;/.;.@-;;
+();./@,./|
~~~~;#-(@-__&$#%^';
$__ = ' ';
use arybase ();
$___ = '````' | "$[`$[" | '`%",';
$~ = ("$___$__-$[``$__" | "$___" | "$___$__-$[.%") . (q['`] | "'$[" | 
+q['#]) . '
/.*?&([^&]*)&.*/$' . ++$= . ('/``' | "/$[`" | q[/#']) . (";`/[\\`\\`$_
+_]//`;" |
";$[/[\\$[\\`$__]//`;" | ";#/[\\\$\\.$__]//'") . '@:=("@-","/.","~~","
+;#",";;","
;.",",.",");","()","*+","__","-(","/@",".%","/|",";_");@:{@:}=$%..$#:;
+' . ('`' |
 "$[" | '#') . '/(..)(..)/' . ('```' | "``$[" | '#("') . '(($:{$' . $=
+ . '}<<' .
 (++$= + $=) . ')|($:{$' . $= . '}))/' . ('```;' | "``$[;" | q[%'#;]) 
+. ("````'$
__" | "%$[``" | '%&!,') . ${$[;};
`$~$__>&$=`;

        [download]

        Since there isn't any output, my guess is that perl is clever enough to look at this program and say, "why define a bunch of screwy-looking variables, assign a bunch of junk, and do nothing, if there is no output? Let's not play at all." But if there were output, would perl assign values to all the odd-looking $ variables like $= , $. , $~ , $___ ?

        What symbols would I look for if there were something pernicious happening?

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1133312]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (4)
As of 2024-04-25 10:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found