Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks,

I found this cool little script on Usenet that encrypts Perl code. It works really well, as I tested it out on several scripts. My question... Is encrypted code such as this script produces portable, or are there any dependency issues?

Here is the script that does the encryption... 

#! /usr/bin/perl -w

# Copyright (c) 1998 Greg Bacon.  All Rights Reserved.
# This program is free software.  You may distribute it or modify
# it (perhaps both) under the terms of the Artistic License that
# comes with the Perl Kit.

use strict;
use integer;

foreach my $file (@ARGV) {
    unless (open FILE, $file) {
        warn "$0: failed open $file: $!\n";
        next;
    }

    my $key = int rand 256;

    my $out = <<EOTop;
#! /usr/bin/perl

my \$prog = '';

{
    my \$key  = $key;
    local \$/;

    \$prog = pack "c*",
             map { \$_ ^= \$key }
             unpack "c*", <DATA>;
}

eval \$prog;
__END__
EOTop

    while (<FILE>) {
        $out .= pack "c*",
                map { $_ ^= $key }
                unpack "c*", $_;
    }
    close FILE;

    unless (open FILE, ">$file") {
        warn "$0: failed open >$file: $!\n";
        next;
    }

    print FILE $out;
    close FILE;;
}

[download]

Replies are listed 'Best First'.
Re: encryption portability?
by thraxil (Prior) on Apr 17, 2002 at 14:54 UTC

    portable? yes.

    secure? no.

    when you run it on a program it changes it to something like:

    #! /usr/bin/perl

my $prog = '';

{
    my $key  = 6;
    local $/;

    $prog = pack "c*",
             map { $_ ^= $key }
             unpack "c*", <DATA>;
}

eval $prog;
__END__
# a bunch of packed data here

    [download]

    if you change the 'eval $prog' to 'print $prog', you get the original source code back.

    anders pearson

[reply]
[d/l]
Re: encryption portability?
by tachyon (Chancellor) on Apr 17, 2002 at 15:09 UTC

    Is encrypted code such as this script produces portable

    Yes in so much as you script is portable

    or are there any dependency issues?

    No you can RTFS

    Now the real question is does it offer any security from all but the most casual scriptkiddie.

    No

    How long would it take to decrypt a script XORed against 256 integer keys. A few seconds. A couple of minutes including writing the code. That would be if the script did not include the decoder with it! Change eval $prog to print $prog and it spews the source rather than runs.

    See Also

    source filters
    Acme::Bleach
    unbleach.pl
    A real challenge

    cheers

    tachyon

    s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

[reply]
[reply]
Re: encryption portability?
by kappa (Chaplain) on Apr 17, 2002 at 14:56 UTC
    Yes, as far as I understand, this script indeed produces portable results. It just bitwise-xors every character with a small random integer and writes it out together with a decoder. Beware not to use it for encryption of sensitive data!

    Update: The same results could be achieved using source filters. Look at Bleach for insights. This one is as evil as funny :) (And as useful for encryption as the one you found).

[reply]
(smitz)Re: encryption portability?
by smitz (Chaplain) on Apr 17, 2002 at 14:54 UTC
    I dont see any portability issues with a standard XOR 'encryption', but its not not much of an encryption.

    In this case you have the decryption algorythm distributed with your code, so even if I didn't recognise how you encrypted it, it wouldn't take much to run the included de-crypter with some modifications to see the original code.

    Interesting idea though...

    SMiTZ
[reply]
      How do decrypt this file? I could use the encryption (perlscript <myfile>) easily. It's indeed portable, but risky!
[reply]
        see thraxil's answer:
        .. change the 'eval $prog' to 'print $prog', you get the original source code back

        SMiTZ
[reply]

Back to Seekers of Perl Wisdom