Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Decompile PerlApp

by Muzzii (Initiate)
on Jan 31, 2003 at 08:06 UTC ( #231542=perlquestion: print w/ replies, xml ) Need Help??
Muzzii has asked for the wisdom of the Perl Monks concerning the following question:

I like chinman in this old post ( A real challenge ) have found myself in the unfortunate position of having lost my source code to a perl app, but i have the perlapp i created with it. I was interested in all the decoding that was taken place here and tried to use this decoding to decode my perlapp but apparently there are differences in decoding alogrithm between each version of PerlApp. I was wondering if anyone could help me decode this so i can retrieve my original script. My name is contained in the app as the author of the script and i can provide that name for verification if someone decides to help me out here. Using PE Explorer i found the script in the executable and extracted it out to binary file. Is there anyone that may be able to help me out? Thanks in advance

Comment on Decompile PerlApp
Re: Decompile PerlApp
by diotalevi (Canon) on Jan 31, 2003 at 08:16 UTC

    You probably ought to post some more information like the version of PerlApp that was used. Perhaps also the encoded script. Make a judgement call on whether it's too big to post or not and be sure to encode it somehow. A normal hex-encoding might be nice I suppose. Or just a first K maybe.


    Seeking Green geeks in Minnesota

Re: Decompile PerlApp
by PodMaster (Abbot) on Jan 31, 2003 at 08:31 UTC
    Here is some food for thought, from http://aspn.activestate.com/ASPN/Perl/Reference/Products/PDK/License.html
    you may not modify, reverse engineer, decompile, decrypt, extract or otherwise disassemble the Software.
    update: I'm not a lawyer. It is food for thought. If you have a copy of the perlapp license, great, read it and post the relevant passage here, otherwise, i think it still applies.


    MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
    ** The Third rule of perl club is a statement of fact: pod is sexy.

      Note that "Software" there is defined as "ActiveState Perl Dev Kit, the License Key (as hereinafter defined) and other applicable software". I do not think that includes the output of the program -- though, arguably, it may be "other applicable software", esp as those are later explicitly covered under "works". In any case, there's an old Roman saying "where there are no police, there are no laws" (presumably, it sounds better in Latin). You're probably fine, on a legal basis.


      Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).

      The liscencing issue was covered in another post in regards to the previous link i posted and it was determined that the EULA or applicable federal laws did not apply to a person decompiling a perlapp program for the sole purpose of recovering a program legitamtly written by that person. I am not trying to pirate or steal anything here, i am merely wanting to recover my own intellectual property.

      The total encoded file would be to big to post here, but i would be happy to email any information to anyone who would help.

      Here is the first 100 lines of the encoded program:

      73,76,28,16,28,12,71,89,84,2, 253,69,94,94,85,68,99,46,14,25, 8,24,1,54,6,79,17,29,69,118, 101,76,79,3,96,76,81,83,13,96, 76,83,90,81,74,68,75,87,3,138, 3,17,19,19,19,3,98,64,87,74, 85,70,112,87,66,87,70,3,119,76, 76,79,3,96,76,81,83,13,96,76, 83,90,81,74,109,75,87,0,137,116, 90,89,67,16,102,40,15,17,73,23, 11,55,84,0,24,9,0,50,6,3, 9,83,99,11,23,6,75,47,0,0, 28,22,73,1,7,6,0,253,69,94, 94,85,68,0,97,67,87,74,124,70, 112,84,65,84,69,0,116,79,79,76, 0,0,0,31,29,79,45,11,21,11, 82,8,21,13,84,84,193,69,18,89, 94,68,69,45,15,17,10,2,16,50, 24,65,84,69,0,116,79,79,76,0, 96,76,120,83,13,99,79,80,89,82, 73,71,72,84,112,219,79,66,85,66, 68,89,97,12,18,73,36,10,49,17, 19,0,69,104,122,79,43,13,86,42, 28,82,57,103,99,79,80,89,82,73, 71,72,84,0,138,3,56,19,19,16, 0,97,67,84,73,86,69,115,84,65, 84,69,0,116,43,14,24,69,121,79, 56,5,64,38,79,66,78,94,73,85, 88,68,17,137,0,18,16,16,16,0, 97,67,84,73,86,69,115,84,66,87, 111,3,119,79,79,76,0,22,1,19, 5,90,43,0,2,16,8,12,3,72, 1,83,204,0,93,86,16,68,72,40, 16,84,10,25,1,54,84,8,7,69, 83,32,29,6,15,75,47,22,82,80, 14,99,76,83,115,81,74,71,72,84, 0,207,79,64,82,89,84,68,36,13, 84,30,31,17,59,27,20,0,69,84, 60,10,79,9,88,51,3,27,19,71, 55,79,0,28,0,4,14,27,7,73, 198,78,18,16,16,16,3,98,105,87, 74,86,69,115,84,65,84,69,79,50, 79,27,4,69,99,14,20,31,92,38, 79,29,28,28,29,14,7,26,0,192, 78,70,85,92,92,69,34,23,1,8, 26,69,115,84,65,84,69,0,116,79, 76,79,42,96,76,82,80,14,99,79, 80,89,82,73,71,72,84,0,137,0, 18,16,16,64,82,46,19,17,27,2, 28,115,27,22,26,0,82,122,79,79, 76,0,99,79,82,80,14,99,79,80, 89,82,73,71,75,87,42,138,3,18, 16,16,16,0,97,67,84,73,86,69, 115,32,4,24,11,69,32,79,44,3, 77,46,14,28,20,75,49,79,38,89, 64,71,87,70,71,0,137,0,18,16, 16,16,0,97,67,84,73,86,70,112, 126,66,87,70,3,119,76,76,79,3, 96,76,81,83,13,96,76,83,90,81, 74,68,75,87,3,138,3,17,19,19, 19,3,98,64,87,74,85,70,112,87, 66,87,70,3,119,76,76,79,3,96, 76,81,83,13,73,101,83,93,2,8, 21,9,25,83,242,16,111,16,13,16, 114,32,13,16,6,27,69,18,23,2, 17,22,83,116,57,14,30,73,34,13, 30,21,36,96,75,0,24,0,8,10, 27,47,17,244,0,15,16,89,94,73, 97,5,29,5,19,69,61,21,12,17, 111,3,112,31,14,30,65,46,28,41, 66,115,99,82,80,10,23,5,2,11, 0,69,205,0,80,89,68,93,65,49, 67,26,8,27,0,89,87,69,4,4, 82,53,2,28,55,19,30,79,79,80, 91,45,28,21,21,23,10,19,13,16, 0,203,73,70,93,81,64,0,47,2, 25,12,124,70,119,4,0,6,4,77, 39,52,91,49,0,126,79,2,2,65, 36,29,17,20,82,0,4,7,26,0, 199,65,95,85,58,19,4,49,2,6, 8,27,22,8,65,60,84,88,0,36, 29,0,11,82,34,2,82,19,91,48, 0,2,89,28,8,10,13,126,3,141, 80,83,66,81,93,83,26,85,41,73, 75,69,32,0,0,6,17,0,57,6, 1,5,77,42,21,23,20,14,37,3, 17,30,82,6,9,71,27,70,207,0, 3,31,0,58,3,101,19,21,27,23, 8,32,47,86,41,69,29,116,0,31, 24,73,44,1,1,80,93,38,12,4, 16,29,7,71,6,21,77,204,42,17, 20,64,81,82,32,14,7,50,78,56, 115,73,65,16,0,86,61,12,10,31, 0,48,10,17,4,71,44,1,80,23, 19,4,2,98,87,4,217,65,64,81, 93,67,123,120,62,84,84,86,55,50, 26,5,27,8,0,21,12,12,9,83, 48,79,36,17,92,42,14,18,21,23, 99,68,76,4,65,219,65,95,67,107, 1,16,28,67,73,73,36,4,61,16,

      Here is a 'control file that i made. The control file consists of:

      #!"#$%&'()*+,-./0123456789:;<=>?@ #ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_` #abcdefghijklmnopqrstuvwxyz{|}~ #!"#$%&'()*+,-./0123456789:;<=>?@ #ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_` #abcdefghijklmnopqrstuvwxyz{|}~ #!"#$%&'()*+,-./0123456789:;<=>?@ #ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_` #abcdefghijklmnopqrstuvwxyz{|}~ print "Show me the encoding!\n";

      I looked at this code before running it through PerlApp and it looks like this:

      35,33,34,35,36,37,38,39,40,41, 42,43,44,45,46,47,48,49,50,51, 52,53,54,55,56,57,58,59,60,61, 62,63,64,13,10,35,65,66,67,68, 69,70,71,72,73,74,75,76,77,78, 79,80,81,82,83,84,85,86,87,88, 89,90,91,92,93,94,95,96,13,10, 35,97,98,99,100,101,102,103,104,105, 106,107,108,109,110,111,112,113,114,115, 116,117,118,119,120,121,122,123,124,125, 126,13,10,35,33,34,35,36,37,38, 39,40,41,42,43,44,45,46,47,48, 49,50,51,52,53,54,55,56,57,58, 59,60,61,62,63,64,13,10,35,65, 66,67,68,69,70,71,72,73,74,75, 76,77,78,79,80,81,82,83,84,85, 86,87,88,89,90,91,92,93,94,95, 96,13,10,35,97,98,99,100,101,102, 103,104,105,106,107,108,109,110,111,112, 113,114,115,116,117,118,119,120,121,122, 123,124,125,126,13,10,35,33,34,35, 36,37,38,39,40,41,42,43,44,45, 46,47,48,49,50,51,52,53,54,55, 56,57,58,59,60,61,62,63,64,13, 10,35,65,66,67,68,69,70,71,72, 73,74,75,76,77,78,79,80,81,82, 83,84,85,86,87,88,89,90,91,92, 93,94,95,96,13,10,35,97,98,99, 100,101,102,103,104,105,106,107,108,109, 110,111,112,113,114,115,116,117,118,119, 120,121,122,123,124,125,126,13,10,112, 114,105,110,116,32,34,83,104,111,119, 32,109,101,32,116,104,101,32,101,110, 99,111,100,105,110,103,33,92,110,34, 59,13,10, Count 343

      Then i ran this 'control' file through perlapp and extracted the encoded script out of it and it looks like this:

      73,76,28,16,28,12,71,89,84,2, 202,79,92,68,66,95,76,111,6,12, 12,84,111,112,85,67,87,65,5,114, 72,71,69,10,104,67,95,94,1,115, 94,66,74,70,92,81,95,76,25,147, 27,14,13,14,15,96,75,64,53,43, 53,33,22,50,38,60,44,106,31,35, 34,34,111,19,62,32,35,122,22,57, 39,33,43,51,60,52,41,126,246,64, 56,19,81,82,67,37,6,18,14,30, 12,57,31,13,25,11,79,36,30,29, 31,84,54,25,5,8,87,57,20,12, 4,12,99,68,73,86,3,141,5,20, 23,24,25,10,106,79,89,71,89,85, 98,70,82,64,80,22,99,87,86,86, 27,127,82,76,79,110,73,76,49,59, 49,45,34,46,51,104,224,106,121,124, 125,126,111,17,50,38,58,34,48,5, 35,57,45,63,123,8,50,49,51,64, 73,76,19,18,77,39,10,22,30,26, 0,13,3,24,77,199,79,66,65,66, 67,84,52,21,3,17,15,31,40,8, 28,10,111,3,117,77,76,72,5,101, 72,90,89,4,104,67,93,87,93,89, 86,90,71,20,156,22,5,8,9,10, 27,125,94,74,86,54,111,112,53,35, 55,33,101,18,40,39,37,106,8,35, 63,62,97,19,62,34,42,38,60,49, 63,44,121,243,123,110,109,110,111,64, 75,64,21,11,21,1,54,18,6,28, 12,74,63,3,2,2,79,51,30,0, 3,90,54,25,7,1,11,19,28,20, 9,94,163,80,64,89,94,68,0,99, 48,28,6,1,69,62,17,65,0,13, 69,116,10,1,15,79,39,6,28,23, 15,31,1,82,66,120, Count 356

      As you can see there is a 343:356 ratio to this file. It does not seem to be merely a XOR operation against the string "Copyright 2000 ActiveState Tool Corp." witch is:

      67,111,112,121,114,105,103,104,116,32,169,32,50,48,48,48,32,65,99,116, +105,118,101,83,116,97,116,101,32,84,111,111,108,32,67,111,114,112,46

      This is about as much as i have now, i can also post a encode and unencoded snippit of another 'control' file that contains just a repeating string '#A'. If anyone can help, it would deeply appreciated.

      Many Thanks

      Muzzii

Re: Decompile PerlApp
by Anonymous Monk on Jan 31, 2003 at 13:51 UTC
    Maybe you should ask the PerlApp people to help you?

      Ok gang, NM on the post, i figured it all out. It is a XOR againt the ActiveState Copyright string.

      For future reference to others who may have this problem, my version of perlapp is 2.0, and i have discovered that the current version (5.0) does not use the simple XOR against the key string algorithm. 5.0 seems to be using a random key that is encoded into the code itself and it also stuffs the script with alot of other information that may obscure the script itself.

      Many thanks to those who helped out and special thanks to all those who participated in A real challenge.<\p>

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://231542]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (5)
As of 2014-09-15 02:48 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (145 votes), past polls