Perl2Exe 1.0 9/5.0 2/6.0 Code Obfuscation Weakness

ID SSV:76081
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


Perl2Exe obfuscates Perl source code using a reversible algorithm when converting it to an executable format. This occurs when the "encrypt" option is selected. Those who use Perl2Exe with the expectation that the source code will be concealed from the end user may have a false sense of security as a result. 


$known_plain = `cat`;
$known_cipher_file = "sample";
$sizeline = `tail -c +811048 $known_cipher_file | strings | grep`;
@line = split /;/, $sizeline;
@size = split /\=/, $line[1];
$known_cipher = `tail -c +811048 $known_cipher_file | head -c $size[1]`;
$key = $known_cipher ^ $known_plain;

$unknown_cipher = `tail -c +811048 perl2exe | head -c $size[1]`;

$unknown_plain = $unknown_cipher ^ $key;
print $unknown_plain, "\n";