perlhaq5::Obfuscation
Obfuscating code and explanations on different methods.
Deparsing Obfuscated Code
You can use the Deparse module
through O, the interface to perl compiler
backends by doing:
perl -MO=Deparse file.pl or perl -MO=Deparse -e 'code'
For example:
perl -MO=Deparse -e 's;;ss;s;s;ss;;s'
-e syntax OK
s//ss/s;
s/ss//s;
s;;ss;s;s;ss;;s looks strange at first, but let's see what it really does.
We start from the beginning and see the 's'. 's' is the substitution function used with regular
expressions. The documentation says it's usage is s///, and reading perlre we find out that we can substitute
the delimiter / to many other characters. In the code example we're using ';' as a delimiter
and we know the function ends with a ';', also. Now with our eye we can see:
s;;ss;s; and replacing the delimiter with / we see
s//ss/s;. Then we can see after that there's s;ss;;s, and again replacing that we see s/ss//s.
Together you can see s;;ss;s;s;ss;;s
or s//ss/s;s/ss//s.
August 29, 2001 - I began writing this.
That would be me, Samy Kamkar. You can reach me at CommPort5@LucidX.com or on
IRC on SUIDnet in #suid with the IRC name 'CommPort5'.