in reply to Encrypted Perl?

What you've said kinda got me thinking about a script i saw once in my early days of programming. I had a bit of a hack and came up with this. Its pretty rough, and is only really proof of concept quality code.

The process is:

  1. create your perl script
  2. encrypt it
  3. stick it into a header
The script 
print "Hello World!\n";
print "This is an example of encrypting a perl\n";
print " script and not having the source directly viewable\n";

[download]

The encryption "engine":

#!/usr/bin/perl -w

use strict;
use Crypt::CBC;
use Data::Dumper;

local*FH;
open(FH, 'hello.pl');
my $plaintext;

while (<FH>) {
    $plaintext .= $_;
}
close FH;

my $cipher = new Crypt::CBC('hey jude!');
my $ciphertext = $cipher->encrypt_hex($plaintext);

for (my$i=0;$i<length($ciphertext);$i++) {
    print "\n" if ($i%30 == 0);
    print substr($ciphertext, $i,1);
}

[download]

And now the header:

#!/usr/bin/perl -w

use strict;
use Crypt::CBC;
use Data::Dumper;

my $ciphertext;
while (<DATA>) {
    chomp;
    $ciphertext .= $_;
}

my $cipher = new Crypt::CBC('hey jude!');
my $plaintext = $cipher->decrypt_hex($ciphertext);

print "Plaintext\n";
print "---------\n";
print "$plaintext\n\n";

print "Eval:\n";
print "-----\n";
eval $plaintext;

__DATA__
52616e646f6d4956b1de8bd854dc4f
7137bd168ab1271410ce41442407f1
aa99ff61f79b89ba7ecfca35f283f7
cd5623b70aca91aedaef5a6bb1a7f5
343e40d1973d41720dab8105623d86
d0ed903db80073d57f8148ad799647
b947ae386b327dc61488d6e16392c6
9d623d1ac1f7fd0c767f182225ce6b
66a05c247903a2321e8a737bb3da4a
fb5cf611dacbed89347997ab2db220
b1df993e95e7e0729405d84261bad4

[download]

The result: 

[coolness@ryszard encrypt]# ./header.pl 
Plaintext
---------
print "Hello World!\n";
print "This is an example of encrypting a perl\n";
print " script and not having the source directly viewable\n"

Eval:
-----
Hello World!
This is an example of encrypting a perl
 script and not having the source directly viewable

[download]

Out of interest i ran it thru deparse and found: 

[coolness@ryszard encrypt]# perl -MO=Deparse header.pl 
BEGIN { $^W = 1; }
use Crypt::CBC;
use Data::Dumper;
use strict 'refs';
my $ciphertext;
while (defined($_ = <DATA>)) {
    chomp $_;
    $ciphertext .= $_;
}
my $cipher = 'Crypt::CBC'->new('hey jude!');
my $plaintext = $cipher->decrypt_hex($ciphertext);
print "Plaintext\n";
print "---------\n";
print "$plaintext\n\n";
print "Eval:\n";
print "-----\n";
eval $plaintext;
__DATA__
52616e646f6d4956b1de8bd854dc4f
7137bd168ab1271410ce41442407f1
aa99ff61f79b89ba7ecfca35f283f7
cd5623b70aca91aedaef5a6bb1a7f5
343e40d1973d41720dab8105623d86
d0ed903db80073d57f8148ad799647
b947ae386b327dc61488d6e16392c6
9d623d1ac1f7fd0c767f182225ce6b
66a05c247903a2321e8a737bb3da4a
fb5cf611dacbed89347997ab2db220
b1df993e95e7e0729405d84261bad4
header.pl syntax OK

[download]

One thing i noticed while developing the above code was the last few characters of the source perl script seem to be gobbled up, resulting in the eval failing.. unfort, i dont have the time right now to fix it...

HTH

Update: and then there is always Filter::CBC - props to beatnik

Replies are listed 'Best First'.
Re: Re: Encrypted Perl?
by batkins (Chaplain) on Feb 06, 2003 at 20:40 UTC
    Yes, but this kind of encryption is hardly secure. You'll notice that the key to decrypt the code is included in the engine. A potential code-stealer has simply to find the key in the engine, apply it to your code, and he's in.

    In the end, encryption of applications just isn't possible, because the key must somehow accompany the application. Yet an encrypted application isn't truly encrypted if it contains its own key...

[reply]
      yup, no argument about that.
[reply]

In Section Seekers of Perl Wisdom