perlmeditation
tachyon
<p>[chinman] had a problem, he had compiled his source code using PerlApp from Active State then lost the source code. Thus at this node [PerlApp decompile?]
he asked the wisdom of the monks to retrieve his perl code from the .exe source. OK so after establishing his ownership of the code
a simple decompile gets you the perl source which as it turns out is
encoded. Great AS are looking after security by encoding the embedded code. As it turns out this encoding is a simple XOR against
the string 'Copyright © 2000 ActiveState Tool Corp.' as noted by [c-era] at [A real challenge] Amazing. It would have been trivial to XOR
against a randomly generated (and long) string and then embed this string in
some obscure location (or locations) of the exe generated by PerlApp so that each .exe has a unique key making the
decompile orders of magnitude harder as you would have to
actually disassemble it in detail to find the hidden key.
<p><BEGIN_RETORICAL_QUESTION>Why even bother if you are not going to make some sort of realistic
effort to secure the source code?<END_RETORICAL_QUESTION>
Is that to much to ask from a commercial application?
It's no wonder [merlyn] says the security of these apps (usually perl2exe) stinks.
It does. If anyone here has contact with AS perhaps you could suggest they might like to fix this security hole.
<p>cheers
<p><font color="#0000ff">tachyon</font>
<p>s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print