Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

decompile perlapp 4.1

by sorenb (Novice)
on Sep 28, 2004 at 12:22 UTC ( #394546=perlquestion: print w/ replies, xml ) Need Help??
sorenb has asked for the wisdom of the Perl Monks concerning the following question:

I have read some interresting discussions here about decompiling perlapp exe's. I'm a poor guy that lost the harddisk with the latest source for two extremly important scripts and only got the exe files left. If I can't get the source out from those exe files I only have one options left and that is to pay a billion for a data recovery from the broken harddisk. The problem seems to be that ActiveState does not use the same encryptation in 4.1 as they did in earlier versions, cause I get only garbage when trying to decompile using the tips from the articles I found here. I am not quite sure either if I get the source out of the exe file the right way. I use PE Explorer, select the resources and save the resource as file, is that the correct way ? Then I try to unencrypt using the algoritmn descripbed (XOR with the copyright string). But I end up getting loads of garbage :( Soren

Comment on decompile perlapp 4.1
Re: decompile perlapp 4.1
by tachyon (Chancellor) on Sep 28, 2004 at 12:52 UTC

    If your hard disk will still spin then try Spinrite from grc.com as it may well be able to rescue the data.

    I got sick of taking requests for decompiles but what the hell. Email me the scripts and a description of exactly what the code is/does/looks like (enought to show you wrote it) and I will have a look. Also send the compiled version of a known plaintext. A suitable script to compile would be generated by:

    perl -e "print 'print qq(', ' ' x 100000, ');'" > known_plaintext.pl

    If you have a webserver put the compiled known_plaintext.pl up on it and advertise the link here so anyone can have a crack ;-) as it were.

    cheers

    tachyon

Re: decompile perlapp 4.1
by Anonymous Monk on Sep 28, 2004 at 13:32 UTC
    What did activestate say when you contacted them?
Re: decompile perlapp 4.1
by Anonymous Monk on Sep 28, 2004 at 13:34 UTC
    Hi Sorenb (Do we work in the same place?? try me in /n)

    Anyway I hope this URL help. If not contact me. http://www.net-security.org/vuln.php?id=2464

    Thanks and Regards

    Samanchi
Re: decompile perlapp 4.1
by Anonymous Monk on Sep 28, 2004 at 13:35 UTC
    Where's your backup?
      They were too important to be put on multiple hard drives or archived on a disc regularly. Didn't you hear him? He said "extremely important." I always keep extremely important stuff in just one place so I can never forget where I put it.

      --
      [ e d @ h a l l e y . c c ]

Re: decompile perlapp 4.1
by Excors (Acolyte) on Sep 28, 2004 at 16:54 UTC
    This works on standard compressed exes from PerlApp 5.3.0, although it's extremely slow (~20KByte/sec) and not hugely helpful (since it doesn't bother reading the filenames), and may not work on PerlApp 4.1; but it does usually work for me, and is marginally better than nothing.
    use strict; use warnings; use Compress::Zlib; ++$|; open IN, 'test.exe' or die $!; binmode IN; read IN, my $data, 1e8; my $piecenum=0; my $progress = progress(length $data); my $piecedata; for (0..length($data)-1) { $progress->($_); $piecedata = uncompress("\x78\x9c" . substr $data, $_); if (defined $piecedata) { print "\nFound piece at $_\n"; open OUT, sprintf('>piece_%03d.txt', $piecenum++) or die $!; b +inmode OUT; print OUT $piecedata ^ chr(0xAA) x length $piecedata; } } sub progress { my $max = $_[0]; my $last = 0; return sub { print $last = int(100*$_[0]/$max), "%... " if $last ! += int(100*$_[0]/$max) }; }
      Thanks a million times Excors. You have just made me a very happy man! It works perfectly and slow or fast is not a problem for me, I would gladly wait a month to get the code back. ActiveState would not help me at all, so I'm glad you were there to save my life :) And... I will never work on local perl copies anymore, that's for sure! Best regards Soren
      made it a bit faster. You need Tie::CharArray, but it is worth the speedup.
      use strict; use warnings; use Tie::CharArray; use Compress::Zlib; ++$|; my $filename = $ARGV[0] || die "usage: need a filename"; if ( ! -f "$filename" ) { print STDERR "couldn't open: $filename\n"; exit(-1); } open IN, $filename or die $!; binmode IN; read IN, my $stringdata, 1e8; tie my @data, 'Tie::CharArray', $stringdata; my $piecenum=0; my $progress = progress(length $stringdata); my $piecedata; for (0..length($stringdata)-1) { $progress->($_); shift(@data); $data[0] = "\x78"; $data[1] = "\x9c"; ( $piecedata = uncompress($stringdata)) || next; print "\nFound piece at $_\n"; open OUT, sprintf('>piece_%03d.txt', $piecenum++) or die $!; binmo +de OUT; print OUT $piecedata ^ chr(0xAA) x length $piecedata; } sub progress { my $max = $_[0]; my $last = 0; return sub { print $last = int(100*$_[0]/$max), "%... " if $last ! += int(100*$_[0]/$max) }; }
      You are just wonderful!

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://394546]
Approved by Grygonos
Front-paged by tachyon
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (13)
As of 2014-10-31 15:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (219 votes), past polls