Re: Breaking a Filter::decrypt like source filter

The ease comes from necessarily having the decryptor at hand. You can't run the script without the decryptor, and with the decryptor, you can get the source back.

Update: Just to be clear, when people say the script can easily be decrypted, they mean it can easily be decrypted by someone who can run it. If proper encrpytion is used, is can be perfectly safe while attached to an email, etc.

Comment on Re: Breaking a Filter::decrypt like source filter

Replies are listed 'Best First'.
Re^2: Breaking a Filter::decrypt like source filter by olego (Acolyte) on Jan 24, 2007 at 20:59 UTC
Hello, Thx for your reply. Of course I have the decrypter. And you are right, without it the scripts could not be run. Only thing is, the decrypter is a source filter. So after the source is decrypted, it is somewhere located in memory and from there parsed, compiled, executed. I see no real chance to get a look on it (apart from searching in memory dumps like was proposed in this thread also).	[reply]
Re^3: Breaking a Filter::decrypt like source filter by ikegami (Patriarch) on Jan 24, 2007 at 21:04 UTC
It's trivial to patch Perl to display the source code it parses.	[reply]
Re^4: Breaking a Filter::decrypt like source filter by olego (Acolyte) on Jan 24, 2007 at 21:13 UTC
Now we're talking! I've been trying to build an own Perl executable in a way it will work with the filter (was easy after all, just had to add the filter as static extension, but remember, I virtually don't have any knowledge on C, building Perl from source etc) Now with this step taken, can you give me a hint where/how I can patch Perl to print out the decrypted source code?	[reply]
Re^5: Breaking a Filter::decrypt like source filter by ikegami (Patriarch) on Jan 24, 2007 at 22:57 UTC
Re^3: Breaking a Filter::decrypt like source filter (Filter::ExtractSource) by ikegami (Patriarch) on Jan 25, 2007 at 19:16 UTC
oo! I just came across Filter::ExtractSource. Check it out!	[reply]
Re^4: Breaking a Filter::decrypt like source filter (Filter::ExtractSource) by olego (Acolyte) on Jan 25, 2007 at 21:13 UTC
This is indeed a cool module and teaches me once again never to underestimate CPAN. For many a source filter trying to hide source code this might be the breaking point. Not so for the one I'm looking at, it croaks 'bad encryption format' -- in the Filter::decrypt of Paul Marquess there are magic numbers checked at certain locations in the encrypted source text to verify it has not been altered, and I think this is also the culprit for Filter::ExtractSource not working here.	[reply]