Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

RE: A real challenge

by Anonymous Monk
on Nov 26, 2002 at 19:51 UTC ( [id://215915]=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Re: A real challenge
in thread A real challenge

I hate to beat a dead horse, but I have had a similar problem. Through some fluke event one of the modules I was working on got saved over the master perl script for the program. Of course, I didn't notice this until after I tried to pull the code out of my source-safe database. Anyway, I have compiled it using PerlApp 4.1.2. I attempted to decompile it using the scripts provided in this node, but I was unsuccessfull. Obviously, I'm missing some key component. I tried varying the key string since I'm sure the copyright strings has changed since this query was first posted. I tried several different keystrings and all result in the keystring being repeated with some differences in some of the characters. Help would be most greatly appreciated. I will append the code that I'm using to try and decrypt the exe. The file being read is simply the PerlApp binary.
#!/usr/bin/perl open(FILE, "Z:\\test\\ftp\\dlclient\\NEFTPClient-1.6.exe"); # Read every line in the file my $filestring; binmode(FILE); binmode(STDOUT); while (<FILE>) { $filestring .= $_; } close FILE; my @encoded = split //, $filestring; # Our decode string #my @decode = (67,111,112,121,114,105,103,104,116,32,169,32,50,48,48,5 +0,32,65,99,116,105,118,101,83,116,97,116,101,32,84,111,111,108,32,67, +111,114,112,46); #my $key = 'Copyright © 2000 ActiveState Tool Corp.'; my $key = 'Copyright © ActiveState Corp 2001-2002.'; #my $key = 'Copyright © 2002 ActiveState Tool Corp.'; #my $key = 'Copyright (C) 2002 NewsEdge Corp'; #my $key = ' '; my @keystring = split //, $key; foreach my $num (@keystring) { push @decode, ord($num); } print "@decode\n\n@encodedstring\n"; # Our unecoded string my @unencoded; for my $char (@encoded){ # XOR the encoded string with the decode character push @unencoded, ($char ^ $decode[0]); # Rotate the decode string push @decode, shift @decode; } for my $char (@unencoded){ if ($char == 10){ # Print a newline if the charater is 10 print "\n"; } else { # Print out the unencoded string #print chr($char); print chr($char); } }

Replies are listed 'Best First'.
Re: RE: A real challenge
by tachyon (Chancellor) on Nov 27, 2002 at 01:30 UTC

    Hell I wish I had never written this node. Step by step here is a how to:

    Get a copy of a disassembler. A nice basic GUI one with a 30 day free trial is PE explorer which is available here

    Disassmble the exe with PE explorer and explore it. You will see the key string in the first few hundred bytes (plain text), one char per line but this is not an assembler tute.... Using PE is rather like using windows explorer. Find the script component and save it to a file. You only save the script part you want to decrypt. This is one 'chunk' within the exe.

    Run the sample code located on this node on the saved file to decrypt the script. As noted the encryption is an XOR against a simple string.

    Jobs done

    Disassembling stuff may breech some laws somewhere so this is provided for information purposes only.....

    cheers

    tachyon

    s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

      tachyon, A verr very very tiny assembler tute would not be all that bad I am afraid. I can not find any instructions that build the key.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://215915]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (4)
As of 2024-03-19 05:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found