chinman had a problem, he had compiled his source code using PerlApp from Active State then lost the source code. Thus at this node PerlApp decompile? he asked the wisdom of the monks to retrieve his perl code from the .exe source. OK so after establishing his ownership of the code a simple decompile gets you the perl source which as it turns out is encoded. Great AS are looking after security by encoding the embedded code. As it turns out this encoding is a simple XOR against the string 'Copyright © 2000 ActiveState Tool Corp.' as noted by c-era at A real challenge Amazing. It would have been trivial to XOR against a randomly generated (and long) string and then embed this string in some obscure location (or locations) of the exe generated by PerlApp so that each .exe has a unique key making the decompile orders of magnitude harder as you would have to actually disassemble it in detail to find the hidden key.

<BEGIN_RETORICAL_QUESTION>Why even bother if you are not going to make some sort of realistic effort to secure the source code?<END_RETORICAL_QUESTION> Is that to much to ask from a commercial application? It's no wonder merlyn says the security of these apps (usually perl2exe) stinks. It does. If anyone here has contact with AS perhaps you could suggest they might like to fix this security hole.

cheers

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print