Beefy Boxes and Bandwidth Generously Provided by pair Networks Cowboy Neal with Hat
We don't bite newbies here... much
 
PerlMonks  

Uncool Use Of Perl: perl2exe. decompile quick steps

by shmem (Canon)
on Jul 13, 2009 at 21:01 UTC ( #779752=CUFP: print w/ replies, xml ) Need Help??

Sigh... people are still using perl2exe to "secure",i.e. hide their code - despite warnings all over the place - and to "enforce the license".

I've seen that again, today. A co-worker asked me, "hey, inside that debian package there are some executables of which I don't know what the heck they are doing. They look like compiled perl. Can you have a look?" I did.

Please point anybody using perl2exe for "code hiding" or "license enforcement" to this node.

(yes, this is crude and could be refined...)

qwurx [shmem] ~/stuff > file foo foo: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamic +ally linked (uses shared libs), for GNU/Linux 2.0.0, stripped qwurx [shmem] ~/stuff > strings foo | grep perl2exe | head -2 ~/perl2exe/lib/ qwurx [shmem] ~/stuff > gdb foo GNU gdb (GDB) Fedora (6.8.50.20090302-32.fc11) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gp +l.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copy +ing" and "show warranty" for details. This GDB was configured as "i586-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... (gdb) break Perl_pp_entereval Breakpoint 1 at 0x8070931 (gdb) run Starting program: /home/shmem/stuff/foo [Thread debugging using libthread_db enabled] Breakpoint 1, 0x08070931 in Perl_pp_entereval () Missing separate debuginfos, use: debuginfo-install glibc-2.10.1-2.i68 +6 nss-softokn-freebl-3.12.3-4.fc11.i586 (gdb) dump memory bar 0x08070931 0x08200931 (gdb) quit The program is running. Quit anyway (and kill it)? (y or n) y lt-gm [shmem] ~/stuff >

That's all... fire up your editor with the file bar and search for #!perl.

1^@^@^@NAME=auto/POSIX/atol.al;SIZE=122;ENC=1^@#####1^@^@^@NAME=auto/ +POSIX/longjmp.al;SIZE=136;ENC=1^@-i1^@^@^@NAME=auto/POSIX/fprintf.al; +SIZE=139;ENC=1^@gu)^@^@^@NAME=Dumper.so;SIZE=30409;ENC=0^@(^@^@^@Áv^A +^@#!perl # keep perl2exe quiet, better not exclude things you need! #perl2exe_exclude Expect #perl2exe_exclude File::BSDGlob #perl2exe_exclude IO::String #perl2exe_exclude XML::DOM #perl2exe_exclude Log::Log4perl::Config::LDAPConfigurator #perl2exe_exclude Net::LDAP #perl2exe_exclude VMS::Stdio # this is fancy text in licence; 'use' in first column makes perl2exe +complain #perl2exe_exclude the #perl2exe_exclude these use strict; use warnings; use Carp::Heavy; use Cwd qw (getcwd abs_path); use Data::Dump qw(dump); use Fcntl; use File::Basename; ...

Now delete all above the first line, seek to the where the next binary stuff starts, delete from there to end.

=cut ^@^@1^@^@^@NAME=auto/POSIX/atan2.al;SIZE=145;ENC=1^@^@^@^@^@1^@^@^@NAM +E=auto/POSIX/remove.al;SIZE=146;ENC=1^@^@^@^@1^@^@^@NAME=auto/POSIX/e +xecl.al;SIZE=124;ENC=1^@^@^@^@^@1

Done, main script extracted. The rest is just as easy.

At the root of any file inclusion, any source text compilation, there's eval. And it's string eval. For eval to be able to eval something, that must be plain perl source code, even if it is a decompiling function of some sort for other chunks to transform. So there you have it. When Perl_pp_entereval is called, the source code is somewhere in memory as a string to be fed to the perl parser and lexer. And memory can be dumped and the dump examined.

It is utterly futile to use perl2exe for code hiding or license enforcement purposes.

I don't post this trivial piece to incite code stealing, but rather - to prevent developers from choosing the wrong proceedings based on failed principles. I have this to tell them:

A successful business is based on the mutual trust between you and your customer. A rightful license isn't a terrible EULA which denies you doing this or that, risking draconian measures doing otherwise, but a mutual trust seal which cannot be gained cheating one of the parties. Your best way to show trustfulness is integrity, which in my book reads as respecting the long term Open Source Effort of all those who created perl and their endeavour in letting others participate, which you counter concealing your source code from the eyes of your trustful customers.

Your better best way to show your integrity is transparency in your proceedings. And I, as a customer, would appraise being able to study the source of any product of yours which runs on my computer. If the result of those studies leads to approval, it will deepen our relationship as vendor and customer.

Lastly, to you, perl2exe. Much has been written that you don't claim to make source code inaccessible, that you don't claim you are able to enforce licenses and such - well I say: be honest. You can't because perl doesn't. Then say so. Otherwise, get off my lawn.

</rant>

update: Again, please don't get me wrong. I don't want to talk down this tool - it might be a wonderful packager, simplify your packaging tasks, allow for cross-compiling and anything else it claims: I don't know, I have never used it. But the sentence "You can ship the exe file without having to ship your perl source code" goes against the camel's hair, and it insinuates that you can hide the source.

Indigostar should state on their website "while you don't have to ship your source code in separate files, be aware that perl2exe is unsuitable to hide code, and it should not be used for that purpose."

Comment on Uncool Use Of Perl: perl2exe. decompile quick steps
Select or Download Code
Re: Uncool Use Of Perl: perl2exe. decompile quick steps
by falsedan (Initiate) on Jul 16, 2009 at 16:32 UTC
    Out of interest, what was the debian package you were examining?
    qwurx shmem ~/stuff > file foo foo: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamic +ally linked (uses shared libs), for GNU/Linux 2.0.0, stripped
    Linux 2.0.0 makes me think it's quite an old package, and created with a correspondingly ancient version of perl2exe. My company uses v8.80, which is not as trivial to extract the source from.

      It looks like perl2exe 8.40. I can see

      /home/indy/dev/p2x-8.40/stubsrc/NEWperl.c

      running strings(1) on the binary.

Re: Uncool Use Of Perl: perl2exe. decompile quick steps
by shyft (Initiate) on Jan 06, 2010 at 03:51 UTC
    The main use that I have for perl2exe is for use on systems that don't have a perl package installed and that I can't install one on. That being said, security is all about appearances. Security through obscurity /IS/ real security! it's just /NOT REAL GOOD/ security. It's like a knee high fence around a garden. Keeps rabbits out, but not donkeys or horses. -shyft

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: CUFP [id://779752]
Approved by marto
Front-paged by ww
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (14)
As of 2014-04-18 20:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (471 votes), past polls