homepage Welcome to WebmasterWorld Guest from 23.20.149.27
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
Has any used perl encryption tool ...
StopSpam




msg:437919
 12:49 pm on Sep 29, 2003 (gmt 0)

Has any one expiraince with the perl source code encryption tool named: Perlguardian from www.wcws.net/ or www.Perlguardian.com

Im thinking of buying it but it aint cheap and its time limmited ..

Do any know if the price is fair for this servie?
and has any used it or is using it?

all info is welcome ..

 

JasonD




msg:437920
 1:12 pm on Sep 29, 2003 (gmt 0)

I haven't used the application but would suggest that you take a look at some example output from the application before making a decision on whether this is the right tool for you to use.

I have yet to see a Perl obfuscation engine that I haven't been able to reverse engineer and this may very well be the one that beats me. The problem is you have no idea as you can not see any sample output.

I use a similar style system though not for anti piracy reasons as I truly believe there will always be someone who can reverse engineer ANY protection system.

I use the following to reduce support calls from customers who change code, therefore leading to it breaking.

I compile a Perl script to an executable binary file using PP.

Info at CPAN - [search.cpan.org...]

On top of that and prior to compiling the script to an executable file I do have a licencing check that looks at the $ENV and runs a check there.

You may wish to only allow the application to run on certain IP addresses

You may wish to only allow the application to run on certain domain names

You may wish to have the application call your licencing server once per run to ensure legitimate use? (think about using Sockets or LWP)

All of the above are possible ways of getting to where I "think" you want to be without spending large amounts of money.

I hope it helps :)

Jason Duke

StopSpam




msg:437921
 2:04 pm on Sep 29, 2003 (gmt 0)

here is a peace of there sample ..
it should be the simpel hello script encrypted

can you read this?

#!/usr/bin/perl

my $df = q~M"@D)=7-E($1I9V5S=#HZ340U.PH*"0DD;&EC96YS95]K97D@/2`B,SEE-64S
M83,V-S@V9&$T,&5B.#$P,C,Y8S0Q8F-D,34B.PH)"21U<V5R7VYA;64@("`]
M(")S;VAA:6(B.PH)"21E>'!I<GE?9&%T92`]("(P-R\P,R\R,#`S(CL*"0DD
M=7)L(#T@(FAT='`Z+R]W=W<N;7EO=VYE;6%I;"YI;F9O(CL*"@D)*"1T:6UE

StopSpam




msg:437922
 2:07 pm on Sep 29, 2003 (gmt 0)

it helps a lot thanks Jason ..

the above code used md5 or something...

JasonD




msg:437923
 4:00 pm on Sep 29, 2003 (gmt 0)

Hi StopSpam.

I am afraid the sample you posted doesn't run as is.

If you can post an example fully obfuscated script that runs then I can see if it is trivial or not to de obfuscate it.

Cheers

Jason

Brett_Tabke




msg:437924
 3:13 pm on Oct 2, 2003 (gmt 0)

there is also a module called "filter" that will get all but the most dedicated code monkeys.

chaitan




msg:437925
 11:19 pm on Oct 2, 2003 (gmt 0)

Another free module:
Acme::Bleach

Please backup your script before using it, as I am afraid there is no easy way to decrypt after it's "bleached".

$ perldoc Acme::Bleach

use Acme::Bleach;
print "Hello world";

The first time you run a program under "use Acme::Bleach",
the module removes all the unsightly printable characters
from your source file. The code continues to work exactly
as it did before, but now it looks like this:

use Acme::Bleach;

JasonD




msg:437926
 2:47 pm on Oct 3, 2003 (gmt 0)

The only problem with Acme::Bleach is the script is suddenly non portable :)

It's a great and hugely funny Perl Module but no way usable to distribute intellectual property to 3rd parties

MonkeeSage




msg:437927
 4:41 pm on Oct 3, 2003 (gmt 0)

You can use the free version of perl2exe (works with 5.8.0) to create PE (windows) or ELF (*nix) binaries (i.e., for whichever one your server is running).

A person would have to hex-dump the binary to get the Perl script back if I'm not mistaken. It prints out a little 'made with' thing in the free version though. But if you use the paid version (it's only $10 or $15 if I recall), then no one would even know it was Perl because it doesn't have the nag thing.

You'd also have to make sure that your server allows for binary CGIs. Apache2 does by default and I think 1.3 does as well; just stick the binary in cgi-bin and (on windows) cut off the .exe extension and you're set.

That's the easiest, cheapest thing I can think of.

Jordan

JasonD




msg:437928
 5:41 pm on Oct 3, 2003 (gmt 0)

Jordan,

Perl2Exe has a GPL competitor in PP.

Link above and works (from my tests) better as well.

MonkeeSage




msg:437929
 9:01 pm on Oct 3, 2003 (gmt 0)

Thanks Jason, I missed the link before. Trying it out right now and looks good.

So far the binary sizes have been about the same (windows target), least for the couple files I've converted so far; but free and open is always more fun, and it has a nicer default icon to boot! ;)

There is one big problem so far though -- I can't seem to get it to work with Apache2...it dies with the error:

[Fri Oct 03 13:39:41 2003] [error] [client 127.0.0.1] C:\path\to\cgi-bin\binary: creation of /\par_priv.1800.tmp\perl58.dll failed - aborting with 2.

I am thinking it's the stupid windows directory backslashes causing the extract path to be interpreted as "/par_priv.1800.tmpperl58.dll" :(

Any idea if that the is problem or how to fix?

Jordan

JasonD




msg:437930
 7:31 am on Oct 4, 2003 (gmt 0)

Hi Monkeesage.

I'll be perfectly honest as I haven't tried the ouput binary on Apache 2 on Windows butit does sound like a blackslash problem.

Out of curiosity does the binary run at the command line?

Off topic(ish) is that using Perl2Exe will probably not give the security that is required as it is trivial to reverse engineer it using XOR

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved