Re^2: Breaking a Filter::decrypt like source filter

Hello, Thx for your reply.

Of course I have the decrypter. And you are right, without it the scripts could not be run.

Only thing is, the decrypter is a source filter. So after the source is decrypted, it is somewhere located in memory and from there parsed, compiled, executed. I see no real chance to get a look on it (apart from searching in memory dumps like was proposed in this thread also).

Comment on Re^2: Breaking a Filter::decrypt like source filter

Replies are listed 'Best First'.
Re^3: Breaking a Filter::decrypt like source filter by ikegami (Patriarch) on Jan 24, 2007 at 21:04 UTC
It's trivial to patch Perl to display the source code it parses.	[reply]
Re^4: Breaking a Filter::decrypt like source filter by olego (Acolyte) on Jan 24, 2007 at 21:13 UTC
Now we're talking! I've been trying to build an own Perl executable in a way it will work with the filter (was easy after all, just had to add the filter as static extension, but remember, I virtually don't have any knowledge on C, building Perl from source etc) Now with this step taken, can you give me a hint where/how I can patch Perl to print out the decrypted source code?	[reply]
Re^5: Breaking a Filter::decrypt like source filter by ikegami (Patriarch) on Jan 24, 2007 at 22:57 UTC
No, I know very little about Perl's guts. Each of `do`, `require` and `eval` can compile and run code. I'd start with them. The code that handles these would be in a pp* file.	[reply] [d/l] [select]
Re^3: Breaking a Filter::decrypt like source filter (Filter::ExtractSource) by ikegami (Patriarch) on Jan 25, 2007 at 19:16 UTC
oo! I just came across Filter::ExtractSource. Check it out!	[reply]
Re^4: Breaking a Filter::decrypt like source filter (Filter::ExtractSource) by olego (Acolyte) on Jan 25, 2007 at 21:13 UTC
This is indeed a cool module and teaches me once again never to underestimate CPAN. For many a source filter trying to hide source code this might be the breaking point. Not so for the one I'm looking at, it croaks 'bad encryption format' -- in the Filter::decrypt of Paul Marquess there are magic numbers checked at certain locations in the encrypted source text to verify it has not been altered, and I think this is also the culprit for Filter::ExtractSource not working here.	[reply]