http://qs1969.pair.com?node_id=290623


in reply to Fun With Reserved Keywords

This is a really cool obfu. and it's the first time I attempt to crack an obfuscation. Please correct me where I'm wrong

(spoilers in readmore)

First of all, this obfu uses a lot of quoting, and the xors are there to seperate the statements, so if we hunt down the qw// q// qq// s/// we end up with something that looks like this.

1 . not exp log srand; 2 . s// /x ; 3 . s/ /length uc ord and print chr ord for qw[join use sub tied]/ 4 . ; eval 5 . ; print qq| | 6 . ; int eval lc q|cos and print chr ord for 7 . qw[ abs ne open tied hex exp ref]| 8 . 9 . ; scalar srand print qq| | 10 . ; int eval lc qq|sqrt cos and print chr ord for 11 . qw[printf each return local]| 12 . or print qq| | 13 . and eval q|undef or oct xor time xor 14 . ref print chr int ord lc 15 . foreach qw[hex alarm chdir kill exec return]| 16 . gt sin sort split

Line 1 : decorative?

Lines 2-4 : These lines evaluate the statement in line 3 - length uc ord returns a true values so that and gets to the print which prints out the first letter of the quoted words 'join use sub tied'. ord return the ord of the first letter, and then chr passes that letter to print. So these lines print 'just'

Lines 6-7 : These lines use the same technique to print 'another' using a small variation.

Lines 10-11 : print 'perl'

Lines 13-15 : print 'hacker' in another variation

The smart thing is the way the last part (lines 10-16) are compiled to be executed in that order; depending on the return values, these last lines evaluate to roughly 0 or 1 and 0 gt 0, and having the statements inside evals makes sure they are executed in order.

I hope I got it right?


He who asks will be a fool for five minutes, but he who doesn't ask will remain a fool for life.

Chady | http://chady.net/