Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Here is a commercial obfuscator

by Anonymous Monk
on Mar 14, 2003 at 13:01 UTC ( #243011=obfuscated: print w/ replies, xml ) Need Help??

Somebody was interested in commercial Perl source obfuscator - here is it: http://www.stunnix.com/prod/perl-obfus.shtml It's irreversable unlike stfuff from Acme:: namespace is, and is very reliable.

Comment on Here is a commercial obfuscator
Re: Here is a commercial obfuscator
by crenz (Priest) on Mar 14, 2003 at 13:15 UTC

    Just as a reminder -- this section is not about hiding code so others can't see it.

    This section is about posting code that makes use of clever mechanisms and "whose function is not immediately apparent to anyone" (Where should I post X?). You might have noticed that one of the goals people have when code is posted here is to immediately de-obfuscate it and analyze the way it works :). You might ask yourself why someone might want to do this...

    • It can be artful, and therefore appreciated as art.
    • It can teach about in-depth perl principles.
    • It is an intellectual exercise.
    • It helps you to show off how smart you are ;-).
    • Analyzing such code helps you to improve your code-reading skills.

    Code posted in this section definitely is not the thing you'd want to use in a commercial application, for various reasons.

      I'd like to agree.
      You're marketting that obfu diddly as if it was some kind of securing filter. Try encrypting the code instead, even though that's only temporary aswell. Ever read about why security through obscurity is broken?

      Obfu's are like perl golf. They are fun, and strictly such. Take a look at Best Nodes, and see Erudil's various contributions, for example. That's art, and that's witty. Other obfu's have ingenious ways of doing things so sideways you ghasp. That's what real obfu's are about. Obfuscating is showing off, not hiding what you did. Keep that in mind.

      Do you buy a clip art package for $879-1879 and show your friends what pretty drawings you made? No. Because you didn't make them.

      -nuffin
      zz zZ Z Z #!perl
Re: Here is a commercial obfuscator
by davorg (Chancellor) on Mar 14, 2003 at 13:21 UTC

    Sounds like it was written by someone who doesn't know very much about how Perl works. Here's the description of how it obfuscates.

    The obfuscation means:

    • replacing all symbol names it's possible to with the non-meaningfull ones, e.g. replacing @files with @zcadaa4fc81, while preserving synaxical and semantical correctness of the source code. Of course predefined symbols like @ARGV and symbols from the third-party or standard Perl modules the perl source code uses will be left the same so the obfuscated code will still work without requiring to obfuscate those third-party or standard Perl modules
    • substitution of numeric values with the arithmetic expressions using (random or constant for the same numeric value as requested by the options) decimial and hexadecimial numeric values that evaluate to the same value
    • using hexadecimial character codes for all characters in strings
    • replacing strings with interpolated variables with the concatenation of the appropriate components
    • adding extra parenthesis for the expressions
    • removing extra white spaces
    • jamming as much code on each line as possible

    Most of them sound like they can be undone trivally with perltidy and/or B::Deparse.

    --
    <http://www.dave.org.uk>

    "The first rule of Perl club is you do not talk about Perl club."
    -- Chip Salzenberg

Re: Here is a commercial obfuscator
by diotalevi (Canon) on Mar 14, 2003 at 13:25 UTC

    That is certainly not irreversible. The output from Stunnix Perl-Obfus is more perl code. Running the output from that program through B::Deparse and/or PerlTidy cleans it up nicely. All the symbols are still named oddly but that shouldn't be a challenge to any would-be source code reader.

    So yes, it makes the source painful to work with. Its a fallacy to assert that it is irreversable.

    require(File::Temp); my($z5da4d3837d, $zc11e41b4ef) = File::Temp::tempfile('UNLINK', 1); my $z9e5935eea4; if (@z6a703c020a) { my($z5a5fa8125d, $zcc158ad3e0) = File::Temp::tempfile('UNLINK', 1) +; print $z5a5fa8125d "=over 8\n\n"; die q[Can't print ] . $zcc158ad3e0 . ': ' . $! unless print $z5a5f +a8125d @z6a703c020a; print $z5a5fa8125d "=back\n"; die q[Can't close ] . $zcc158ad3e0 . ': ' . $! unless close *$z5a5 +fa8125d; @z8374cc586e = $zcc158ad3e0; $z9e5935eea4 = 1; } foreach $_ (@z8374cc586e) { my $z8348550157 = $_; my $zbea0aee021; if ($opt_t) { 'Pod::Text'->z8c2ed69c0e->z4afc07e0ef($z8348550157, $z5da4d383 +7d); } elsif (not $opt_u) { my $z1dfa4cd057 = catfile($z1387c3e117, $z9101bb5154) . (' --l +ax ' . $z8348550157 . ' | ' . $opt_n . ' -man'); $z1dfa4cd057 .= ' | col -x' if $^O =~ /hpux/; my $z7d70dd4ea9 = `$z1dfa4cd057`; $z7d70dd4ea9 = z3d52c17699($z7d70dd4ea9) if $z9e5935eea4; unless ($zbea0aee021 = $?) { die q[Can't print ] . $zc11e41b4ef . ': ' . $! unless prin +t $z5da4d3837d $z7d70dd4ea9; } } if ($opt_u or $zbea0aee021) { die q[Can't open ] . $z8348550157 . ': ' . $! unless open zf9d +3fbdfa8, '<', $z8348550157; my $z5f7e4d50b8 = 1; local $_; while (defined($_ = <zf9d3fbdfa8>)) { $z5f7e4d50b8 = $1 eq 'cut' if /^=(\w+)/; next if $z5f7e4d50b8; die q[Can't print ] . $zc11e41b4ef . ': ' . $! unless prin +t $z5da4d3837d $_; } die q[Can't close ] . $z8348550157 . ': ' . $! unless close zf +9d3fbdfa8; } }
      Yes, you can analyze what the code does in such a short pieces of code like this. But will you be able to study the 500kb of obfuscated perl source of some app written in Perl - e.g. spamassaassin? Definitely no - it will take a lot of time. Anyway this is a *real* solution compared to Acme::* stuff that was written mainly for fun.

        I think that if the primary benefit of this script is to rename all the meaningful symbols away then I can do that just as well using my text editor's replace-all function. I get that for free.


        Seeking Green geeks in Minnesota

        Uhm well they want 1879$ for that tool. Really funny I guess you won't need more than some hours to write something much more obfuscating.
        Just rename all vars back to something more readable like $var_1 etc, and it's pretty readable I think.
        Of course it makes it a bit more hard to study the code but it's definitly not even worth 100$.

        kodo (http://kodo.me.uk)

        But will you be able to study the 500kb of obfuscated perl source

        Now, I won't, and I wouldn't want to, either. To be frank, the projects I am working on usually have tight budgets and schedules. It would simply cost too much time to wait for some external company to make the necessary changes to their software to suit our needs. Therefore, I rather rely on open-source software (be it free or commercial) with known code quality to make sure I can meet my deadlines.

Re: Here is a commercial obfuscator
by mirod (Canon) on Mar 14, 2003 at 14:48 UTC

    Stunnix

    This post is a blatant add for a commercial product.

    If you want to advertize on this site, maybe buying banner adds would be a better way. At least it would prevent comments explaining why the obfuscator does not seem to obfuscate well enough to really cause problems to someone who really wants to reverse-engineer the obfuscated code.

    Oh well, at least this way anyone looking for Stunnix Perl-obfus using any good search engine will get a nice discussion about it. Especially as the product site does not seem to be indexed by any of the search engines I tried. Which, after consulting whois.org, might be due to the fact that it was created on 2003-03-10 (4 days ago). As my Deutsch is quite non-existent I can't really check whether the Stunnix Corp really appears in the telephone listings though.

    Overall I don't think I would trust either the product or the company.

      As my Deutsch is quite non-existent

      That wouldn't really matter, as long as your Dutch is up to par. ;-)

Re: Here is a commercial obfuscator
by diotalevi (Canon) on Mar 14, 2003 at 17:13 UTC

    It took half an hour to patch B::Deparse to mangle names. How long do you think it'd take to re-implement the rest of that expensive suite?

    --- /usr/libdata/perl5/i386-openbsd/5.6.1/B/Deparse.pm Thu Oct 3 2 +0:39:48 2002 +++ B/Obfuscate.pm Fri Mar 14 11:56:35 2003 @@ -6,7 +6,7 @@ # This is based on the module of the same name by Malcolm Beattie, # but essentially none of his code remains. -package B::Deparse; +package B::Obfuscate; use Carp 'cluck', 'croak'; use B qw(class main_root main_start main_cv svref_2object opnumber OPf_WANT OPf_WANT_VOID OPf_WANT_SCALAR OPf_WANT_LIST @@ -208,6 +208,13 @@ # \f - flush left (no indent) # \cK - kill following semicolon, if any +sub rot13 { + my $text = shift; + $text =~ tr/a-zA-Z/n-zA-Zm-z/; + + return $text; +} + sub null { my $op = shift; return class($op) eq "NULL"; @@ -376,7 +383,7 @@ sub compile { my(@args) = @_; return sub { - my $self = B::Deparse->new(@args); + my $self = B::Obfuscate->new(@args); $self->stash_subs("main"); $self->{'curcv'} = main_cv; $self->walk_sub(main_cv, main_start); @@ -784,7 +791,7 @@ if ($name =~ /^\^../) { $name = "{$name}"; # ${^WARNING_BITS} etc } - return $stash . $name; + return $stash . rot13($name); } # Notice how subs and formats are inserted between statements here @@ -1872,7 +1879,7 @@ sub padname { my $self = shift; my $targ = shift; - return $self->padname_sv($targ)->PVX; + return rot13($self->padname_sv($targ)->PVX); } sub padany {

    Seeking Green geeks in Minnesota

      I obfuscated Real Synthetic Audio Downloader using that patch.

      require(LWP::UserAgent); ($| = 1); ($rnIrQvE = '/home/josh/rsa/'); ($rnIrRKG = '.wma'); ($rnIrsLCr = qr[http://.+?\.asx]); sub QROtT () { package constant; $FpnynE; } ($Hn, $ED, $EF); ($Hn = 'LWP::UserAgent'->new); (my $qBJAyBnqF = trG_qBJAyBnqF()); qBJAyBnq_svyrF($rnIrQvE, $qBJAyBnqF); sub trG_qBJAyBnqF { my(%qBJAyBnqF); (my(@wF_HEyF) = map((('http://synthetic.org/jscript/' . $_) . 'sho +wlist.js'), ('', 'previous-'))); JSURL: foreach my $wF_HEy (@wF_HEyF) { '???'; ($EF = $Hn->get($wF_HEy)); ($EF->is_success or next JSURL); (my(@nFK_HEyF) = ($EF->content =~ /$rnIrsLCr/g)); ASXURL: foreach my $nFK_HEy (@nFK_HEyF) { '???'; ($EF = $Hn->get($nFK_HEy)); (my $Jzn = $EF->content); ($Jzn =~ s/[\s\15\12]+//g); (($Jzn =~ /(\d+)-(\w+)/) or (warn(((q['] . $Jzn) . q[' did +n't match /(\\d+)-(\\w+)/])) and next)); (my($qnGr, $FCrrq) = ($1, $2)); if (((not $qBJAyBnqF{$qnGr}) or ($FCrrq eq 'isdn'))) { ($qBJAyBnqF{$qnGr} = $Jzn); '???'; } else { '???'; } } } return((\%qBJAyBnqF)); } sub qBJAyBnq_svyrF { (my($qvErpGBEL, $qBJAyBnq) = @_); foreach my $onFr_svyr (sort(keys(%$qBJAyBnq))) { (my $Jzn_HEy = $$qBJAyBnq{$onFr_svyr}); '???'; (my $svyr = (($qvErpGBEL . $onFr_svyr) . $rnIrRKG)); if (-e($svyr)) { '???'; next; } ($ED = 'HTTP::Request'->new('GET', $Jzn_HEy)); ($EF = $Hn->request($ED, $svyr)); '???'; print(($svyr . "\n")); } }
        > $Hn->request($ED, $svyr)); Here is a bug (one from a zillion) in your hack - the method name is not obfuscated here.

      I haven't looked at the source for B::Deparse, but I'm guessing it must add the whitespace on its own. Just remove those spots and you've got most of the rest.

      I hear an old statement about adding functionality by removing something.

      ----
      Reinvent a rounder wheel.

      Note: All code is untested, unless otherwise stated

      OK, write support for the rest part of features, and then test the result with a lot of real multi-module apps (ensuring the obfuscated version not only works, but exactly as original), fix bugs in B::Deparse and in your patch, and start testing again. Then write docs. That's where remaining 99+ hours will be spent. Good luck. As for recently registered domain name - so keep away from all startups and come back to them after 1 year of product life then. /Regards.

        That diotalevi was able to whip that patch up in 1/2 hour indicates that "obfuscation" by variable renaming is not useful at all. One could create a similar patch that renames those variables back. Eg I select a piece of code which contains an interesting algorithm (do you really think anyone would care to reverse engineer a whole software package?), and first replace the variables with var1...varN. Then, as I grasp the meaning, I replace the names one by one by something sensible. It's really not much effort. That is, if you have the time to do an easter-egg hunt for bugs/special features in other people's code.

        By the way, why are you still staying anonymous? You are expressing strong opinions, which is perfectly alright, but it would be easier to take you more seriously if one could associate a name with the posts.

        Also, in what way are you affiliated with stunnix.com?

Re: Here is a commercial obfuscator
by chromatic (Archbishop) on Mar 14, 2003 at 19:25 UTC

    I can't imagine wanting to read unobfuscated source code from anyone who'd want to use an obfuscator that badly.

Re: Here is a commercial obfuscator
by petdance (Parson) on Mar 14, 2003 at 21:39 UTC
    I think it's pretty obvious that AnonyMonk IS Stunnix. It seems clear that Stunnix is one guy, cranking out some code.

    The real issue here isn't "could you do the same thing cheaper", but rather "how trivial is it to break?" Proof of concept doesn't take much (other than a few hours I don't have )

    xoxo,
    Andy

Re: Here is a commercial obfuscator
by mowgli (Friar) on Mar 15, 2003 at 10:00 UTC

    If it really was irreversible, then how would Perl be able to execute the obfuscated scripts? :)

    --
    mowgli

Re: Here is a commercial obfuscator
by benn (Priest) on Mar 20, 2003 at 11:45 UTC
    Come on Monks....he's given the full gen on the obfu methods - can't be more than a coupla hours to write UnStunnix.pm - that'd really p*** him off. :) Go for it diotalevi...
      Hey, how could you deobfuscate obfuscated symbol names? Just look at sample obfuscated code - all variable names are gone forever (you'll be unable to use dictionaries for reversing since you don't know the random seed).

      That's already been done - B::Deparse. The one thing I think it lacks is symbol re-renaming. I don't know about you but I find it difficult to keep track of all those oddly named z... symbols. So this morning I created B::Deobfuscate - Deobfuscates symbol names which goes as far as is sane for using better symbol names.

        Bravo. How much're you charging for it? I suggest round about $1,879 :)
Re: Here is a commercial obfuscator (no thanks)
by Aristotle (Chancellor) on Mar 22, 2003 at 13:59 UTC

    I have no idea how someone is able to get up in the morning and look at their own face in the mirror after they arrogated to themselves charging in excess of $1800 for a piece of a code that's intended to make it hard or impossible to read code written for a language developed by Larry and a cast of thousands with an effort of most likely in excess of a hundred man years, as well as contributed to by a huge community with an untold amount of effort, for free.

    Some people wouldn't know generosity if it bit them in the tender parts. The most you can achieve with this kind of thing is to bite the hand that fed you.

    Go away, leech.

    Makeshifts last the longest.

Re: Here is a commercial obfuscator
by antirice (Priest) on Jun 17, 2003 at 08:49 UTC

    While running around the monastery, I ran into this discussion. Gee willy, a fan-dangled perl auto-obfuscator eh? Hope whatever you obfuscate is running on a mighty powerful server. Have you tried benchmarking any of the code that is created by this thing?

    Maintainer: Hey! I can read that!

    Maintainer: Wtf?!?! So this is what hell looks like. Hmmm, I thought it'd be better somehow.

    Well, let's see how fast these little puppies run.

    Benchmark: timing 1000 iterations of norm, wtf... norm: 0 wallclock secs ( 0.01 usr + 0.00 sys = 0.01 CPU) @ 12 +8000.00/s(n=1000) wtf: 20 wallclock secs (20.44 usr + 0.01 sys = 20.45 CPU) @ 48 +.91/s (n=1000)

    Woah! norm is some blazing code. wtf seems to be...uh...wtf!?!?! 48.91/s to execute what was 4 lines of code. Can't wait to try this on those 500kb scripts and modules that you were talking about.

    I can see the reaction after the sales pitch:

    Me: So let me get this straight. Anyone who will ever want to read my code again, including myself, will have to spend an eternity trying to break this down. And my spanking fast code will become so slow that I can watch the opcodes go by. How much could such a little gem possibly cost?

    You: The low low price of $879 for developers! Some astronomical price for the enterprise edition! And hey, we may give you a t-shirt that says "$879 bought this t-shirt and a nifty program, but I only use one of them"!

    Me: Is there a sadomasochist or I-never-want-to-be-hired-again special?

    antirice    
    The first rule of Perl club is - use Perl
    The
    ith rule of Perl club is - follow rule i - 1 for i > 1

      To be fair, you are measuring "startup time" in this sample (and per your figures, it increased by 0.02 sec only). It doesn't matter for serious apps that run more than 3 seconds long (e.g. FastCGI scripts, GUI apps, etc). And if you are worried about startup time, it's possible (according to their documentation) to either disable encoding at all, or lower the number of encoding iterations applied (in your sample, it's 10; you can lower it to e.g. 3).
Re: Here is a commercial obfuscator
by adrianh (Chancellor) on Jul 03, 2003 at 22:57 UTC
      the patches are probably Stunnix's C/C++ obfuscator run over OO.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: obfuscated [id://243011]
Approved by broquaint
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (3)
As of 2014-08-30 05:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (291 votes), past polls