Re: Malicious Code

Replies are listed 'Best First'.
Re^2: Malicious Code by bunnyman (Hermit) on Apr 26, 2005 at 21:15 UTC
The key is the y///. The code simplifies into this: $_ = '=]=>%-{<-\|}<&\|`{'; y/ -\/:-@[-`{-}/`-{~" -/; [download] The y operator is the same thing as the tr operator. The mapping looks like this: -/:-@[-` ---> `-{~ {-} ---> " - [download] That's the range of space through forward-slash, concatented with the range of colon through at-sign, and left-square-bracket through backquote, maps onto the range from ` to left-curly-bracket, plus the tilde character. If we check the ASCII character set, we can simplify this into: -/ ---> `-o :-@ ---> p-v [-` ---> w-{~ { ---> " \| ---> space } ---> - [download] So now, we can rewrite this as: $_ = '=]=>%-{<-\|}<&\|`{'; tr/!-\//a-o/; tr/:-@/p-v/; tr/[-^/w-z/; tr/`/~/; tr/{/"/; tr/\|/ /; tr/}/-/; print; [download] It's just a sneaky way to map punctuation characters into alphabet letters.	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^2: Malicious Code
by bunnyman (Hermit) on Apr 26, 2005 at 21:15 UTC

The key is the y///. The code simplifies into this:

$_ = '=]=>%-{<-|}<&|`{';
y/ -\/:-@[-`{-}/`-{~" -/;
[download]

The y operator is the same thing as the tr operator. The mapping looks like this:

 -/:-@[-`   --->    `-{~
      {-}   --->    " -
[download]

That's the range of space through forward-slash, concatented with the range of colon through at-sign, and left-square-bracket through backquote, maps onto the range from ` to left-curly-bracket, plus the tilde character. If we check the ASCII character set, we can simplify this into:

 -/       --->    `-o
:-@       --->    p-v
[-`       --->    w-{~
 {        --->    "
 |        --->    space
 }        --->    -
[download]

So now, we can rewrite this as:

$_ = '=]=>%-{<-|}<&|`{';
tr/!-\//a-o/;
 tr/:-@/p-v/;
 tr/[-^/w-z/;
 tr/`/~/;
 tr/{/"/;
 tr/|/ /;
 tr/}/-/;
print;
[download]

It's just a sneaky way to map punctuation characters into alphabet letters.

[reply]
[d/l]
[select]