perlquestion
zentara
Hi, I learned a great "fishing lesson today" from a post on the perl.beginners list. I had thought that the generic shell compiler <a href=http://www.datsi.fi.upm.es/~frosal>shc</a> would be useful for hiding scripts with passwords, etc. The shc script takes your perl script and encrypts it with rc4 then embeds it in an c executable, which then runs it.<p>
I was under the mistaken impression that you would need to dump the running c program's memory, to get at the script. I was shown how to use MO=Deparse to dump the perl script.The method follows:<p>
<code>
by Paul Johnson:
Patch O.pm
--- /usr/local/pkg/perl-5.8.0/lib/5.8.0/i686-linux/O.pm Tue Sep 10 21:35:11 2002
+++ ./O.pm Thu May 8 00:34:26 2003
@@ -6,6 +6,11 @@
use Carp;
sub import {
+ unless (-e "qaz")
+ {
+ system "touch qaz";
+ return;
+ }
my ($class, @options) = @_;
my ($quiet, $veryquiet) = (0, 0);
if ($options[0] eq '-q' || $options[0] eq '-qq') {
Stick it in your current directory. Set an env var:
export PERL5OPT=-I.\ -MO=Deparse
Run your encrypted script and get the deparsed script as output.
rm qaz to run it again.
</code>
I find this very cool. But my question is this. Short of removing the Deparse module, is there a way to write a script which will prevent it from being dumped by DeParse?