Welcome to WebmasterWorld Guest from 54.221.9.209

Forum Moderators: coopster & jatar k & phranque

Message Too Old, No Replies

Has any used perl encryption tool ...

     
12:49 pm on Sep 29, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 9, 2003
posts:167
votes: 0


Has any one expiraince with the perl source code encryption tool named: Perlguardian from www.wcws.net/ or www.Perlguardian.com

Im thinking of buying it but it aint cheap and its time limmited ..

Do any know if the price is fair for this servie?
and has any used it or is using it?

all info is welcome ..

1:12 pm on Sept 29, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Aug 21, 2003
posts:203
votes: 4


I haven't used the application but would suggest that you take a look at some example output from the application before making a decision on whether this is the right tool for you to use.

I have yet to see a Perl obfuscation engine that I haven't been able to reverse engineer and this may very well be the one that beats me. The problem is you have no idea as you can not see any sample output.

I use a similar style system though not for anti piracy reasons as I truly believe there will always be someone who can reverse engineer ANY protection system.

I use the following to reduce support calls from customers who change code, therefore leading to it breaking.

I compile a Perl script to an executable binary file using PP.

Info at CPAN - [search.cpan.org...]

On top of that and prior to compiling the script to an executable file I do have a licencing check that looks at the $ENV and runs a check there.

You may wish to only allow the application to run on certain IP addresses

You may wish to only allow the application to run on certain domain names

You may wish to have the application call your licencing server once per run to ensure legitimate use? (think about using Sockets or LWP)

All of the above are possible ways of getting to where I "think" you want to be without spending large amounts of money.

I hope it helps :)

Jason Duke

2:04 pm on Sept 29, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 9, 2003
posts:167
votes: 0


here is a peace of there sample ..
it should be the simpel hello script encrypted

can you read this?

#!/usr/bin/perl

my $df = q~M"@D)=7-E($1I9V5S=#HZ340U.PH*"0DD;&EC96YS95]K97D@/2`B,SEE-64S
M83,V-S@V9&$T,&5B.#$P,C,Y8S0Q8F-D,34B.PH)"21U<V5R7VYA;64@("`]
M(")S;VAA:6(B.PH)"21E>'!I<GE?9&%T92`]("(P-R\P,R\R,#`S(CL*"0DD
M=7)L(#T@(FAT='`Z+R]W=W<N;7EO=VYE;6%I;"YI;F9O(CL*"@D)*"1T:6UE

2:07 pm on Sept 29, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 9, 2003
posts:167
votes: 0


it helps a lot thanks Jason ..

the above code used md5 or something...

4:00 pm on Sept 29, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Aug 21, 2003
posts:203
votes: 4


Hi StopSpam.

I am afraid the sample you posted doesn't run as is.

If you can post an example fully obfuscated script that runs then I can see if it is trivial or not to de obfuscate it.

Cheers

Jason

3:13 pm on Oct 2, 2003 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38048
votes: 12


there is also a module called "filter" that will get all but the most dedicated code monkeys.
11:19 pm on Oct 2, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:June 9, 2002
posts:41
votes: 0


Another free module:
Acme::Bleach

Please backup your script before using it, as I am afraid there is no easy way to decrypt after it's "bleached".

$ perldoc Acme::Bleach

use Acme::Bleach;
print "Hello world";

The first time you run a program under "use Acme::Bleach",
the module removes all the unsightly printable characters
from your source file. The code continues to work exactly
as it did before, but now it looks like this:

use Acme::Bleach;

2:47 pm on Oct 3, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Aug 21, 2003
posts:203
votes: 4


The only problem with Acme::Bleach is the script is suddenly non portable :)

It's a great and hugely funny Perl Module but no way usable to distribute intellectual property to 3rd parties

4:41 pm on Oct 3, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 26, 2003
posts:881
votes: 0


You can use the free version of perl2exe (works with 5.8.0) to create PE (windows) or ELF (*nix) binaries (i.e., for whichever one your server is running).

A person would have to hex-dump the binary to get the Perl script back if I'm not mistaken. It prints out a little 'made with' thing in the free version though. But if you use the paid version (it's only $10 or $15 if I recall), then no one would even know it was Perl because it doesn't have the nag thing.

You'd also have to make sure that your server allows for binary CGIs. Apache2 does by default and I think 1.3 does as well; just stick the binary in cgi-bin and (on windows) cut off the .exe extension and you're set.

That's the easiest, cheapest thing I can think of.

Jordan

5:41 pm on Oct 3, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Aug 21, 2003
posts:203
votes: 4


Jordan,

Perl2Exe has a GPL competitor in PP.

Link above and works (from my tests) better as well.

9:01 pm on Oct 3, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 26, 2003
posts:881
votes: 0


Thanks Jason, I missed the link before. Trying it out right now and looks good.

So far the binary sizes have been about the same (windows target), least for the couple files I've converted so far; but free and open is always more fun, and it has a nicer default icon to boot! ;)

There is one big problem so far though -- I can't seem to get it to work with Apache2...it dies with the error:

[Fri Oct 03 13:39:41 2003] [error] [client 127.0.0.1] C:\path\to\cgi-bin\binary: creation of /\par_priv.1800.tmp\perl58.dll failed - aborting with 2.

I am thinking it's the stupid windows directory backslashes causing the extract path to be interpreted as "/par_priv.1800.tmpperl58.dll" :(

Any idea if that the is problem or how to fix?

Jordan

7:31 am on Oct 4, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Aug 21, 2003
posts:203
votes: 4


Hi Monkeesage.

I'll be perfectly honest as I haven't tried the ouput binary on Apache 2 on Windows butit does sound like a blackslash problem.

Out of curiosity does the binary run at the command line?

Off topic(ish) is that using Perl2Exe will probably not give the security that is required as it is trivial to reverse engineer it using XOR