Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Re: Re: Re: A real challenge

by tachyon (Chancellor)
on May 03, 2002 at 10:26 UTC ( #163756=note: print w/replies, xml ) Need Help??

in reply to Re: Re: A real challenge
in thread A real challenge

Glad it helped. You have got to love Google. The impossible delivered yesterday, miracles take a little longer.....




Replies are listed 'Best First'.
RE: A real challenge
by Anonymous Monk on Nov 26, 2002 at 19:51 UTC
    I hate to beat a dead horse, but I have had a similar problem. Through some fluke event one of the modules I was working on got saved over the master perl script for the program. Of course, I didn't notice this until after I tried to pull the code out of my source-safe database. Anyway, I have compiled it using PerlApp 4.1.2. I attempted to decompile it using the scripts provided in this node, but I was unsuccessfull. Obviously, I'm missing some key component. I tried varying the key string since I'm sure the copyright strings has changed since this query was first posted. I tried several different keystrings and all result in the keystring being repeated with some differences in some of the characters. Help would be most greatly appreciated. I will append the code that I'm using to try and decrypt the exe. The file being read is simply the PerlApp binary.
    #!/usr/bin/perl open(FILE, "Z:\\test\\ftp\\dlclient\\NEFTPClient-1.6.exe"); # Read every line in the file my $filestring; binmode(FILE); binmode(STDOUT); while (<FILE>) { $filestring .= $_; } close FILE; my @encoded = split //, $filestring; # Our decode string #my @decode = (67,111,112,121,114,105,103,104,116,32,169,32,50,48,48,5 +0,32,65,99,116,105,118,101,83,116,97,116,101,32,84,111,111,108,32,67, +111,114,112,46); #my $key = 'Copyright 2000 ActiveState Tool Corp.'; my $key = 'Copyright ActiveState Corp 2001-2002.'; #my $key = 'Copyright 2002 ActiveState Tool Corp.'; #my $key = 'Copyright (C) 2002 NewsEdge Corp'; #my $key = ' '; my @keystring = split //, $key; foreach my $num (@keystring) { push @decode, ord($num); } print "@decode\n\n@encodedstring\n"; # Our unecoded string my @unencoded; for my $char (@encoded){ # XOR the encoded string with the decode character push @unencoded, ($char ^ $decode[0]); # Rotate the decode string push @decode, shift @decode; } for my $char (@unencoded){ if ($char == 10){ # Print a newline if the charater is 10 print "\n"; } else { # Print out the unencoded string #print chr($char); print chr($char); } }

      Hell I wish I had never written this node. Step by step here is a how to:

      Get a copy of a disassembler. A nice basic GUI one with a 30 day free trial is PE explorer which is available here

      Disassmble the exe with PE explorer and explore it. You will see the key string in the first few hundred bytes (plain text), one char per line but this is not an assembler tute.... Using PE is rather like using windows explorer. Find the script component and save it to a file. You only save the script part you want to decrypt. This is one 'chunk' within the exe.

      Run the sample code located on this node on the saved file to decrypt the script. As noted the encryption is an XOR against a simple string.

      Jobs done

      Disassembling stuff may breech some laws somewhere so this is provided for information purposes only.....




        tachyon, A verr very very tiny assembler tute would not be all that bad I am afraid. I can not find any instructions that build the key.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://163756]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (7)
As of 2023-10-04 07:58 GMT
Find Nodes?
    Voting Booth?

    No recent polls found