Perl2Exe 1.0 9/5.0 2/6.0 Code Obfuscation Weakness

ID EDB-ID:22272
Type exploitdb
Reporter Simon Cozens
Modified 2002-02-22T00:00:00


Perl2Exe 1.0 9/5.0 2/6.0 Code Obfuscation Weakness. Local exploits for multiple platform


Perl2Exe obfuscates Perl source code using a reversible algorithm when converting it to an executable format. This occurs when the "encrypt" option is selected. Those who use Perl2Exe with the expectation that the source code will be concealed from the end user may have a false sense of security as a result. 


$known_plain = `cat`;
$known_cipher_file = "sample";
$sizeline = `tail -c +811048 $known_cipher_file | strings | grep`;
@line = split /;/, $sizeline;
@size = split /\=/, $line[1];
$known_cipher = `tail -c +811048 $known_cipher_file | head -c $size[1]`;
$key = $known_cipher ^ $known_plain;

$unknown_cipher = `tail -c +811048 perl2exe | head -c $size[1]`;

$unknown_plain = $unknown_cipher ^ $key;
print $unknown_plain, "\n";