Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
The encryption is done through custom C executable and the execution of encrypted binary code can only be done through another C executable (dummy Perl interpreter) and it does in-memory execution like this.
perl_run(my_perl); eval_pv(buffer, TRUE);

Easily broken:

  1. start a debugger
  2. load the "encrypted" program from the debugger
  3. set a breakpoint at the call to eval_pv(), or at the first instruction of eval_pv()
  4. start the program
  5. instruct the debugger to show the contents of buffer
  6. copy contents of buffer to a text file
  7. kill the program
  8. exit the debugger

It was explained a thousand times or more, but once more for you:

Perl is designed to evaluate unencrypted source code, so at some point, you have to decrypt the encrypted code. Alternatively, you can feed perl a prepared parse tree, in unencrypted form. Again, you have to decrypt the encrypted tree before passing it to perl. B::Deparse can reconstruct perl source code from the tree, so you gain exactly nothing from using a tree.

Both ways, you have to decrypt the encrypted data, so your executable must contain the decryption algorithm and the required decryption key. Both can be exctracted from the executable to create an independant decryption tool. Or, as I explained above, one can simply stop the execution of the program at the point where the decrypted data is passed to perl API functions. That's usually much less work.

And there is NO WAY to prevent that.

See also:


Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

In reply to Re^3: Code hiding in Perl by afoken
in thread Code hiding in Perl by sumanta

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?

What's my password?
Create A New User
Domain Nodelet?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (6)
As of 2023-09-22 12:07 GMT
Find Nodes?
    Voting Booth?

    No recent polls found