Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re: Re: A real challenge

by ebmace (Initiate)
on May 03, 2002 at 07:47 UTC ( [id://163729]=note: print w/replies, xml ) Need Help??


in reply to Re: A real challenge
in thread A real challenge

Wow! I had the same problem as chinman. I had developed a fairly involved script for my investment club and used PerlApp to send the package out to all the members. My computer crashed and I lost my code, but using your technique and a member's copy of the .exe I was able to restore my original script this evening!

BTW, I hadn't heard of this forum until Google brought me here looking for a solution to this problem. I'll be back.

Thanks to all of you!!

Replies are listed 'Best First'.
Re: Re: Re: A real challenge
by tachyon (Chancellor) on May 03, 2002 at 10:26 UTC

    Glad it helped. You have got to love Google. The impossible delivered yesterday, miracles take a little longer.....

    cheers

    tachyon

    s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

      I hate to beat a dead horse, but I have had a similar problem. Through some fluke event one of the modules I was working on got saved over the master perl script for the program. Of course, I didn't notice this until after I tried to pull the code out of my source-safe database. Anyway, I have compiled it using PerlApp 4.1.2. I attempted to decompile it using the scripts provided in this node, but I was unsuccessfull. Obviously, I'm missing some key component. I tried varying the key string since I'm sure the copyright strings has changed since this query was first posted. I tried several different keystrings and all result in the keystring being repeated with some differences in some of the characters. Help would be most greatly appreciated. I will append the code that I'm using to try and decrypt the exe. The file being read is simply the PerlApp binary.
      #!/usr/bin/perl open(FILE, "Z:\\test\\ftp\\dlclient\\NEFTPClient-1.6.exe"); # Read every line in the file my $filestring; binmode(FILE); binmode(STDOUT); while (<FILE>) { $filestring .= $_; } close FILE; my @encoded = split //, $filestring; # Our decode string #my @decode = (67,111,112,121,114,105,103,104,116,32,169,32,50,48,48,5 +0,32,65,99,116,105,118,101,83,116,97,116,101,32,84,111,111,108,32,67, +111,114,112,46); #my $key = 'Copyright © 2000 ActiveState Tool Corp.'; my $key = 'Copyright © ActiveState Corp 2001-2002.'; #my $key = 'Copyright © 2002 ActiveState Tool Corp.'; #my $key = 'Copyright (C) 2002 NewsEdge Corp'; #my $key = ' '; my @keystring = split //, $key; foreach my $num (@keystring) { push @decode, ord($num); } print "@decode\n\n@encodedstring\n"; # Our unecoded string my @unencoded; for my $char (@encoded){ # XOR the encoded string with the decode character push @unencoded, ($char ^ $decode[0]); # Rotate the decode string push @decode, shift @decode; } for my $char (@unencoded){ if ($char == 10){ # Print a newline if the charater is 10 print "\n"; } else { # Print out the unencoded string #print chr($char); print chr($char); } }

        Hell I wish I had never written this node. Step by step here is a how to:

        Get a copy of a disassembler. A nice basic GUI one with a 30 day free trial is PE explorer which is available here

        Disassmble the exe with PE explorer and explore it. You will see the key string in the first few hundred bytes (plain text), one char per line but this is not an assembler tute.... Using PE is rather like using windows explorer. Find the script component and save it to a file. You only save the script part you want to decrypt. This is one 'chunk' within the exe.

        Run the sample code located on this node on the saved file to decrypt the script. As noted the encryption is an XOR against a simple string.

        Jobs done

        Disassembling stuff may breech some laws somewhere so this is provided for information purposes only.....

        cheers

        tachyon

        s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://163729]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (4)
As of 2024-03-28 14:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found