I don't seem to have the time these days to do really involved obfus like I used to, but I thought it would be fun to pass along some of the neat things I've learned while writing them. Tonight's tricks illustrate some oddities you can take advantage of when naming subs, so here's a short illustration:
Finally, sometimes messing with the sysbol table in this manner exposes even deeper mysteries to exploit...
Contemplate why the below causes an endless loop just by re-ordering two of the subs...
Note: May not behave the same on all perl versions. Please post your version/platform if the below does not recurse?
Well, I hope this has been interesting and possibly leads some others to investigate oddities in how the symbol table behaves. If there's interest, I may post a few other interesting tricks I picked up another time.
-- So prophesied the shakespearean monkeys, and so it shall be.
Take special note of the '::' function, it has an odd characteristic in that it doesn't get shown by Deparse in most perl versions (or any?). That makes it a great place to hide stuff that might become too obvious under Deparse. Now, a very simple Japh that demonstrates these all use toghther:# a little tricky print "\ntrick one\n"; sub ::0 { print "::0 called\n" } %42->(); # a little more tricky, think about implicit return values print "\ntrick two\n"; sub :: { print ":: called\n" } sub ::1{ print "::1 called\n" } ::->(); # and think about evaluation order print "\ntrick three\n"; sub _ {print "_ called\n"} _ _ -> (); # another trick that eliminates white space in sub declarations print "\ntrick four\n"; sub'x{print "x called\n"} x;
Of course, you have to go to greater lengths in the sub bodies than I did in the above for the output to be suprising to anyone, but I think the '1->(%1->())' line makes it suffuciently interesting to figure out.sub _ { print "perl "; ::->() } sub :: { print "hacker\n"} sub ::1 { _ print "another "} sub ::0 { print "just " } 1->(%1->());
Finally, sometimes messing with the sysbol table in this manner exposes even deeper mysteries to exploit...
Contemplate why the below causes an endless loop just by re-ordering two of the subs...
Note: May not behave the same on all perl versions. Please post your version/platform if the below does not recurse?
Try deparsing the two versions and observing the difference.sub :: { print "hacker\n"} sub _ { print "perl "; ::->() } sub ::1 { _ print "another "} sub ::0 { print "just " } 1->(%1->());
Well, I hope this has been interesting and possibly leads some others to investigate oddities in how the symbol table behaves. If there's interest, I may post a few other interesting tricks I picked up another time.
-- So prophesied the shakespearean monkeys, and so it shall be.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: old obfu tricks revealed
by Felonious (Chaplain) on Jun 18, 2005 at 04:02 UTC | |
Re: old obfu tricks revealed
by jdalbec (Deacon) on Jun 18, 2005 at 13:15 UTC |
Back to
Obfuscated Code