Perl programs "compiled" into EXEs with Perl2Exe can be decompiled and full, unadulterated source code extracted.
Vendor has been notifyed a year ago as Simon Cozens dissected perl2exe's version 5.x and posted his results here.
My research heavily depends on Simon Cozens work which can be found on http://ddtm.simon-cozens.org/~simon/perl2exe
Since version 5.x is already dissected i took a look on the 6.x Version.
This has been tested on the latest release
Perl2Exe V6.00 for Linux (Feb 20, 2003). Here we go:
The 6.0 Version stores a list of the included stuff at the end of the binary:
The _main.pl part is what we are looking for. As perl2exe still uses BogoCrypt, (known as XOR) this is gonna be simple to attack using 'known plaintext'.
We start with generating a plaintext file with the length of _main.pl, the content doesn't matter. Lets call that one sample.pl We compile this one using ./perl2exe sample.pl and get the binary 'sample'. We can XOR the plain and cyphertext to get the used key. Now it's time to start up our dirty little code:
$known_plain = `cat sample.pl`;
$known_cipher_file = "sample";
$sizeline = `tail -c +811048 $known_cipher_file | strings | grep
@line = split /;/, $sizeline;
@size = split /\=/, $line;
$known_cipher = `tail -c +811048 $known_cipher_file | head -c $size`;
$key = $known_cipher ^ $known_plain;
$unknown_cipher = `tail -c +811048 perl2exe | head -c $size`;
$unknown_plain = $unknown_cipher ^ $key;
print $unknown_plain, "\n";
The output should be redirected to a file, because there are still some binary bits in $unknown_plain.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.