Welcome to WebmasterWorld Guest from 184.73.126.70

Forum Moderators: coopster & jatar k & phranque

Message Too Old, No Replies

# Has any used perl encryption tool ...

#### StopSpam

12:49 pm on Sep 29, 2003 (gmt 0)

Has any one expiraince with the perl source code encryption tool named: Perlguardian from www.wcws.net/ or www.Perlguardian.com

Im thinking of buying it but it aint cheap and its time limmited ..

Do any know if the price is fair for this servie?
and has any used it or is using it?

all info is welcome ..

#### JasonD

1:12 pm on Sep 29, 2003 (gmt 0)

I haven't used the application but would suggest that you take a look at some example output from the application before making a decision on whether this is the right tool for you to use.

I have yet to see a Perl obfuscation engine that I haven't been able to reverse engineer and this may very well be the one that beats me. The problem is you have no idea as you can not see any sample output.

I use a similar style system though not for anti piracy reasons as I truly believe there will always be someone who can reverse engineer ANY protection system.

I use the following to reduce support calls from customers who change code, therefore leading to it breaking.

I compile a Perl script to an executable binary file using PP.

Info at CPAN - [search.cpan.org...]

On top of that and prior to compiling the script to an executable file I do have a licencing check that looks at the $ENV and runs a check there. You may wish to only allow the application to run on certain IP addresses You may wish to only allow the application to run on certain domain names You may wish to have the application call your licencing server once per run to ensure legitimate use? (think about using Sockets or LWP) All of the above are possible ways of getting to where I "think" you want to be without spending large amounts of money. I hope it helps :) Jason Duke #### StopSpam 2:04 pm on Sep 29, 2003 (gmt 0) here is a peace of there sample .. it should be the simpel hello script encrypted can you read this? #!/usr/bin/perl my$df = q~M"@D)=7-E($1I9V5S=#HZ340U.PH*"0DD;&EC96YS95]K97D@/2B,SEE-64S M83,V-S@V9&$T,&5B.#$P,C,Y8S0Q8F-D,34B.PH)"21U<V5R7VYA;64@("] M(")S;VAA:6(B.PH)"21E>'!I<GE?9&%T92]("(P-R\P,R\R,#S(CL*"0DD M=7)L(#T@(FAT='`Z+R]W=W<N;7EO=VYE;6%I;"YI;F9O(CL*"@D)*"1T:6UE #### StopSpam 2:07 pm on Sep 29, 2003 (gmt 0) it helps a lot thanks Jason .. the above code used md5 or something... #### JasonD 4:00 pm on Sep 29, 2003 (gmt 0) Hi StopSpam. I am afraid the sample you posted doesn't run as is. If you can post an example fully obfuscated script that runs then I can see if it is trivial or not to de obfuscate it. Cheers Jason #### Brett_Tabke 3:13 pm on Oct 2, 2003 (gmt 0) there is also a module called "filter" that will get all but the most dedicated code monkeys. #### chaitan 11:19 pm on Oct 2, 2003 (gmt 0) Another free module: Acme::Bleach Please backup your script before using it, as I am afraid there is no easy way to decrypt after it's "bleached".$ perldoc Acme::Bleach

use Acme::Bleach;
print "Hello world";

The first time you run a program under "use Acme::Bleach",
the module removes all the unsightly printable characters
from your source file. The code continues to work exactly
as it did before, but now it looks like this:

use Acme::Bleach;

#### JasonD

2:47 pm on Oct 3, 2003 (gmt 0)

The only problem with Acme::Bleach is the script is suddenly non portable :)

It's a great and hugely funny Perl Module but no way usable to distribute intellectual property to 3rd parties

#### MonkeeSage

4:41 pm on Oct 3, 2003 (gmt 0)

You can use the free version of perl2exe (works with 5.8.0) to create PE (windows) or ELF (*nix) binaries (i.e., for whichever one your server is running).

A person would have to hex-dump the binary to get the Perl script back if I'm not mistaken. It prints out a little 'made with' thing in the free version though. But if you use the paid version (it's only $10 or$15 if I recall), then no one would even know it was Perl because it doesn't have the nag thing.

You'd also have to make sure that your server allows for binary CGIs. Apache2 does by default and I think 1.3 does as well; just stick the binary in cgi-bin and (on windows) cut off the .exe extension and you're set.

That's the easiest, cheapest thing I can think of.

Jordan

#### JasonD

5:41 pm on Oct 3, 2003 (gmt 0)

Jordan,

Perl2Exe has a GPL competitor in PP.

Link above and works (from my tests) better as well.

#### MonkeeSage

9:01 pm on Oct 3, 2003 (gmt 0)

Thanks Jason, I missed the link before. Trying it out right now and looks good.

So far the binary sizes have been about the same (windows target), least for the couple files I've converted so far; but free and open is always more fun, and it has a nicer default icon to boot! ;)

There is one big problem so far though -- I can't seem to get it to work with Apache2...it dies with the error:

[Fri Oct 03 13:39:41 2003] [error] [client 127.0.0.1] C:\path\to\cgi-bin\binary: creation of /\par_priv.1800.tmp\perl58.dll failed - aborting with 2.

I am thinking it's the stupid windows directory backslashes causing the extract path to be interpreted as "/par_priv.1800.tmpperl58.dll" :(

Any idea if that the is problem or how to fix?

Jordan

#### JasonD

7:31 am on Oct 4, 2003 (gmt 0)

Hi Monkeesage.

I'll be perfectly honest as I haven't tried the ouput binary on Apache 2 on Windows butit does sound like a blackslash problem.

Out of curiosity does the binary run at the command line?

Off topic(ish) is that using Perl2Exe will probably not give the security that is required as it is trivial to reverse engineer it using XOR