Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: Here is a commercial obfuscator

by diotalevi (Canon)
on Mar 14, 2003 at 17:13 UTC ( #243120=note: print w/ replies, xml ) Need Help??


in reply to Here is a commercial obfuscator

It took half an hour to patch B::Deparse to mangle names. How long do you think it'd take to re-implement the rest of that expensive suite?

--- /usr/libdata/perl5/i386-openbsd/5.6.1/B/Deparse.pm Thu Oct 3 2 +0:39:48 2002 +++ B/Obfuscate.pm Fri Mar 14 11:56:35 2003 @@ -6,7 +6,7 @@ # This is based on the module of the same name by Malcolm Beattie, # but essentially none of his code remains. -package B::Deparse; +package B::Obfuscate; use Carp 'cluck', 'croak'; use B qw(class main_root main_start main_cv svref_2object opnumber OPf_WANT OPf_WANT_VOID OPf_WANT_SCALAR OPf_WANT_LIST @@ -208,6 +208,13 @@ # \f - flush left (no indent) # \cK - kill following semicolon, if any +sub rot13 { + my $text = shift; + $text =~ tr/a-zA-Z/n-zA-Zm-z/; + + return $text; +} + sub null { my $op = shift; return class($op) eq "NULL"; @@ -376,7 +383,7 @@ sub compile { my(@args) = @_; return sub { - my $self = B::Deparse->new(@args); + my $self = B::Obfuscate->new(@args); $self->stash_subs("main"); $self->{'curcv'} = main_cv; $self->walk_sub(main_cv, main_start); @@ -784,7 +791,7 @@ if ($name =~ /^\^../) { $name = "{$name}"; # ${^WARNING_BITS} etc } - return $stash . $name; + return $stash . rot13($name); } # Notice how subs and formats are inserted between statements here @@ -1872,7 +1879,7 @@ sub padname { my $self = shift; my $targ = shift; - return $self->padname_sv($targ)->PVX; + return rot13($self->padname_sv($targ)->PVX); } sub padany {

Seeking Green geeks in Minnesota


Comment on Re: Here is a commercial obfuscator
Download Code
Re: Re: Here is a commercial obfuscator
by diotalevi (Canon) on Mar 14, 2003 at 17:23 UTC

    I obfuscated Real Synthetic Audio Downloader using that patch.

    require(LWP::UserAgent); ($| = 1); ($rnIrQvE = '/home/josh/rsa/'); ($rnIrRKG = '.wma'); ($rnIrsLCr = qr[http://.+?\.asx]); sub QROtT () { package constant; $FpnynE; } ($Hn, $ED, $EF); ($Hn = 'LWP::UserAgent'->new); (my $qBJAyBnqF = trG_qBJAyBnqF()); qBJAyBnq_svyrF($rnIrQvE, $qBJAyBnqF); sub trG_qBJAyBnqF { my(%qBJAyBnqF); (my(@wF_HEyF) = map((('http://synthetic.org/jscript/' . $_) . 'sho +wlist.js'), ('', 'previous-'))); JSURL: foreach my $wF_HEy (@wF_HEyF) { '???'; ($EF = $Hn->get($wF_HEy)); ($EF->is_success or next JSURL); (my(@nFK_HEyF) = ($EF->content =~ /$rnIrsLCr/g)); ASXURL: foreach my $nFK_HEy (@nFK_HEyF) { '???'; ($EF = $Hn->get($nFK_HEy)); (my $Jzn = $EF->content); ($Jzn =~ s/[\s\15\12]+//g); (($Jzn =~ /(\d+)-(\w+)/) or (warn(((q['] . $Jzn) . q[' did +n't match /(\\d+)-(\\w+)/])) and next)); (my($qnGr, $FCrrq) = ($1, $2)); if (((not $qBJAyBnqF{$qnGr}) or ($FCrrq eq 'isdn'))) { ($qBJAyBnqF{$qnGr} = $Jzn); '???'; } else { '???'; } } } return((\%qBJAyBnqF)); } sub qBJAyBnq_svyrF { (my($qvErpGBEL, $qBJAyBnq) = @_); foreach my $onFr_svyr (sort(keys(%$qBJAyBnq))) { (my $Jzn_HEy = $$qBJAyBnq{$onFr_svyr}); '???'; (my $svyr = (($qvErpGBEL . $onFr_svyr) . $rnIrRKG)); if (-e($svyr)) { '???'; next; } ($ED = 'HTTP::Request'->new('GET', $Jzn_HEy)); ($EF = $Hn->request($ED, $svyr)); '???'; print(($svyr . "\n")); } }
      > $Hn->request($ED, $svyr)); Here is a bug (one from a zillion) in your hack - the method name is not obfuscated here.

        Well... since the method name belongs to the LWP package I can't very well go changing that unless I perform the same steps on LWP as well. Anyhow, the patch as written renames pad and stash accesses. It does introduce bugs where otherwise correct accesses to %ENV would now fail. If the obfuscator were actually correct it'd need to have special cases to avoid changing things that shouldn't be. I figure that's best implemented by adding support for a list of expressions that may not be altered. Anyhow, since I don't need an obfuscation filter I'm not going to alter B::Obfuscate to add that support. Changing string constants is somewhat problematic but not irresolvable given the framework provided by B::Deparse.

        I'll leave it to someone else to extend the new module.


        Seeking Green geeks in Minnesota

Re: Re: Here is a commercial obfuscator
by hardburn (Abbot) on Mar 14, 2003 at 17:25 UTC

    I haven't looked at the source for B::Deparse, but I'm guessing it must add the whitespace on its own. Just remove those spots and you've got most of the rest.

    I hear an old statement about adding functionality by removing something.

    ----
    Reinvent a rounder wheel.

    Note: All code is untested, unless otherwise stated

Re: Re: Here is a commercial obfuscator
by Anonymous Monk on Mar 14, 2003 at 17:53 UTC
    OK, write support for the rest part of features, and then test the result with a lot of real multi-module apps (ensuring the obfuscated version not only works, but exactly as original), fix bugs in B::Deparse and in your patch, and start testing again. Then write docs. That's where remaining 99+ hours will be spent. Good luck. As for recently registered domain name - so keep away from all startups and come back to them after 1 year of product life then. /Regards.

      That diotalevi was able to whip that patch up in 1/2 hour indicates that "obfuscation" by variable renaming is not useful at all. One could create a similar patch that renames those variables back. Eg I select a piece of code which contains an interesting algorithm (do you really think anyone would care to reverse engineer a whole software package?), and first replace the variables with var1...varN. Then, as I grasp the meaning, I replace the names one by one by something sensible. It's really not much effort. That is, if you have the time to do an easter-egg hunt for bugs/special features in other people's code.

      By the way, why are you still staying anonymous? You are expressing strong opinions, which is perfectly alright, but it would be easier to take you more seriously if one could associate a name with the posts.

      Also, in what way are you affiliated with stunnix.com?

        It seems you just can't imagine how many distinct variable and method names can be used in 500k app written in Perl. As for me - I'm a happy user and a fan of their product. I'll register soon.

        Keep in mind my example is a bit too simple - it needs a way to exempt some symbols including those provided by perl, desired configuration variables anything exported by modules. It should be 100% safe to stomp all over pad variables - I'm a little leery of the globals because other things may attempt to do strange and untoward things which would be broken by renaming it out of the way. So its not perfect but its flaws are well known and can be corrected with a minimum of effort.


        Seeking Green geeks in Minnesota

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://243120]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (10)
As of 2014-08-01 09:50 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Who would be the most fun to work for?















    Results (0 votes), past polls