Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Understanding other people's obfuscations in $^F**2-1 simple steps:

I can only assume the OP is asking about this one (note, this is not my work, but it is not properly attributed on wikipedia. Chances are high it originally appeared here!):

`$=`;$_=\%!;($_)=/(.)/;$==++$|;($.,$/,$,,$\,$",$;,$^,$#,$~,$*,$:,@%)=( $!=~/(.)(.).(.)(.)(.)(.)..(.)(.)(.)..(.)......(.)/,$"),$=++;$.++;$.++; $_++;$_++;($_,$\,$,)=($~.$"."$;$/$%[$?]$_$\$,$:$%[$?]",$"&$~,$#,);$,++ ;$,++;$^|=$";`$_$\$,$/$:$;$~$*$%[$?]$.$~$*${#}$%[$?]$;$\$"$^$~$*.>&$=`

Step 1: reformat the obfuscation (if possible).

`$=`; $_=\%!; ($_)=/(.)/; $==++$|; ($.,$/,$,,$\,$",$;,$^,$#,$~,$*,$:,@%)=( $!=~/(.)(.).(.)(.)(.)(.)..(.)(.)(.)..(.)......(.)/,$"),$=++; $.++; $.++; $_++; $_++; ($_,$\,$,)=($~.$"."$;$/$%[$?]$_$\$,$:$%[$?]",$"&$~,$#,); $,++; $,++; $^|=$"; `$_$\$,$/$:$;$~$*$%[$?]$.$~$*${#}$%[$?]$;$\$"$^$~$*.>&$=`

Or (or perhaps additionally), run the code through B::Deparse (  perl -MO=Deparse obfu.pl ):

`$=`; use Errno (); $_ = \%!; ($_) = /(.)/; $= = ++$|; ($., $/, $,, $\, $", $;, $^, $#, $~, $*, $:, @%) = ($! =~ /(.)(.).(.)( +.)(.)(.)..(.)(.)(.)..(.)......(.)/, $"), ++$=; ++$.; ++$.; ++$_; ++$_; ($_, $\, $,) = ($~ . $" . "$;$/$%[$?]$_$\$,$:$%[$?]", $" & $~, $#); ++$,; ++$,; $^ |= $"; `$_$\$,$/$:$;$~$*$%[$?]$.$~$*$#$%[$?]$;$\$"$^$~$*.>&$=`;

Step2: figure out what you can the old fashioned way. Be sure to have a copy of perldoc perlvar handy.

`60`; $_=\%!; print "\$_ is currently: $_\n"; ($_)=/(.)/; print "\$_ is currently: $_\n"; $= = ++$|; print "\$= is currently: $=\n"; print "\$! is currently: $!\n"; ( $., $/, $,, $\, $", $;, $^, $#, $~, $*, $:, @% ) = ( $!=~/(.)(.).(.)(.)(.)(.)..(.)(.)(.)..(.)......(.)/,$"),$=++; print "\$. is currently: $.\n"; print "\$/ is currently: $/\n"; print "\$, is currently: $.\n"; print "\$\\ is currently: $\\n"; print "\$\" is currently: $\"\n"; print "\$; is currently: $;\n"; print "\$^ is currently: $^\n"; print "\$# is currently: $#\n"; print "\$~ is currently: $~\n"; print "\$* is currently: $*\n"; print "\$: is currently: $:\n"; print "\@% is currently: ", join( ' ', @% ), "\n"; $.++; $.++; print "\$. is currently: $.\n"; $_++; $_++; print "\$_ is currently: $_\n"; ( $_, $\, $, ) = ( $~ . $" . "$;$/$%[$?]$_$\$,$:$%[$?]", $" & $~, $#, +); print "\$_ is currently: $_\n"; print "\$\\ is currently: $\\n"; print "\$, is currently: $.\n"; $,++; $,++; print "\$, is currently: $.\n"; $^|=$"; print "\$^ is currently: $^\n"; print "\$\" is currently: $\"\n"; print "$_$\$,$/$:$;$~$*$%[$?]$.$~$*${#}$%[$?]$;" . $\ . $" . "$^$~$*.> +&$="; `$_$\$,$/$:$;$~$*$%[$?]$.$~$*${#}$%[$?]$;$\$"$^$~$*.>&$=`

Outputs:

$_ is currently: HASH(0x18092a8) $_ is currently: H $= is currently: 1 $! is currently: No such file or directory $. is currently: N u$/ is currently: o u$, is currently: N u$\ is currently: u u$" is currently: c u$; is currently: h u$^ is currently: nu$# is currently: l u$~ is currently: e u$* is currently: r u$: is currently: t u@% is currently: s s u$. is currently: P u$_ is currently: J u$_ is currently: echo Just a$\ is currently: a a$, is currently: P a$, is currently: P a$^ is currently: na$" is currently: c aecho Just another Perl hacker.>&2aJust another Perl hacker.

Nevermind the start of the lines on or around where $\ is set. According to perlvar, that's the output record separator (after I printed the trailing "\n" in the "currently" lines, perl appends the output records separator, hence the funny line beginnings).

Step 3: Apply intuition. It should be fairly obvious in the above example that the original code is simply building a command to run via qx//; "echo Just another Perl hacker.>&2". If at this point there are still things you don't understand, maybe that's when you start asking around in the chatterbox :)

Oh, there are a few things here and there that perhaps aren't sufficiently self-explanatory, but learning is half the fun. Especially rewarding is the why when you stumble across that.



--chargrill
s**lil*; $*=join'',sort split q**; s;.*;grr; &&s+(.(.)).+$2$1+; $; = qq-$_-;s,.*,ahc,;$,.=chop for split q,,,reverse;print for($,,$;,$*,$/)

In reply to Re: Understanding Obfuscation by chargrill
in thread Understanding Obfuscation by overrider

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others examining the Monastery: (7)
As of 2024-03-29 08:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found