Thursday, January 8, 2009

More Perl Security Through Obfuscation For Linux and Unix

Hey there,

Today's post is going to be a bit on the short side (like, under 5000 words ;) as I'm up to my neck in the work I do to feed my family :) This is also all in fun. I make no claims that anything I write in these types of posts should stand as a replacement for real security measures :)

As you may recall, we've done a number of posts, previous to this one, dealing with security through obfuscation. The basic premise of all of them being that, if you can make the risk of destroying your code, simply by changing it, just one more step closer to probable, no one will ever mess with your code... probably ;)

Today, we're going to be looking at a simple script that we'll feed through another simple script to generate our "stored code," and then one final script to process that code and execute it. Simple enough :)

First things first: The original script (This is the script we don't want people to mess with. It may seem to not do much and be rather harmless, but... it actually doesn't do much and is pretty harmless ;)

host # cat simple.pl
#!/usr/bin/perl

print "Goodbye Cruel World\n";
$counter = 1;
while ( $counter < 4 ) {
print "Goodbye ";
$counter++;
}
print "\n";
exit(0);


Now, since you've seen the code and the gravity of keeping it secure has just slammed on top of you like a Wile E. Coyote Acme Anvil, we'll convert our ".pl" (Perl) script into a ".bs" (bastioned source... better than what I had in mind originally ;) script ;). We'll do this by running it through another simple script that unpacks the code into Hex and then unpacks the Hex into Binary:

host # ./bs-in.pl simple.pl
host # cat simple.bs
0100110011001100010011001000110001001100011001101110110010101100111011001100110011101100010011000100110001100110011011000100110001101100100111000110110010100110010011000110011011101100000011000110110010101100111011000100110001101100110001100000110010000110000011001000011011101100000011001110110001001100011011001001110001101100101001101110110000101100010011000000110001001100010011000010110011101100011011000110011001101100011001100110110000101100011011000100110011101100100111000110110010101100010011000000110000101100110011001110110001001100111011001010110001101100101011000110110011000110010011000000110010101100111011000110110001100110111011000100110001101100110001100110110000101100101011001100011001101100101001100100110001001100110011000100011000001100100001100100110000101100011011001100110001101100011001101110110010101100011011001010011011101100001011000110110010101100111011000100110001001100000011001100110000100110010011000000110011001100100011001100110001000110000011001000011011101100111011000110110000011100011011001001110001101100110001100110110010101100010011000000110001001100000111000100110000001100010011000010110001101100110011000110110001100110111011001010110001101100101001101110110000101100011011001010110011101100010011000100110000001100110011001100011001001100000011001100110000101100010011000000110001001100100111000000110010011100111011000100011000001100100001100000110010011100111011000000110011101100010011000110110010011100011011001010011011101100001011000100110000001100010011000100110000101100111011000110110001100110011011000110011001101100001011000110110001001100111011001001110001101100101011000100110000001100010011000100110011001100010001100000110010000110000011001001110001001100001011000110110011001100011011000110011011101100101011000110110010100110111011000010110001101100101011001110110001001100010011000100011001001100010001101100110001000110000011001000011011101100001001100000110010000110111011000000110011101100010011000110110010011100011011001010011011101100001011000100110000001100010011000100110010101100110001100110110010100110010011000100110011001100010001100000110010000110011011001010110011101100000111000110110010011100111011000010110001001100000111001100110000001100010011001001110011001100010001100000110010000110


And you check that new ".bs" script into CVS separately from your "bs-in.pl" script (which you keep secured by packs of wild dogs ;), and destroy the original "simple.pl" script :)

Now, if you ever need to run your new-fangled script, you'll just process it through another script you've got set aside to parse your ".bs" scripts (permission and ownership protected, so folks can't see how easily you're making things difficult for them, of course) and you get the output you would have gotten if you just ran the regular "simple.pl" script:

host # ./bs-out.pl <simple.bs
Goodbye Cruel World
Goodbye Goodbye Goodbye


If you want, you can modify bs-out.pl to take command line arguments instead of STDIN, or both. You can also modify the execution line in "bs-out.pl" so it will run any executable script fairly simply. For today, this is as good as it gets ;)

Hope you enjoy hash-binary/binary-hash unpacking/packing your "Hello World" scripts (This one came out slightly different since Pink Floyd is playing in the background ;) Both scripts are tagged onto the end of this post.

Cheers,


Creative Commons License


This work is licensed under a
Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

#!/usr/bin/perl

#
# bs-in.pl - Usage: bs-in.pl "regular script or program in any language"
#
# 2009 - Mike Golvach - eggi@comcast.net
#
# Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License
#

local $/;
open(FILE, "<$ARGV[0]");
$simple = <FILE>;
close(FILE);
$simple1 = unpack "H*", $simple;
$simple2 = unpack "b*", $simple1;
$outputfilename = `echo $ARGV[0]|sed 's/\.pl\$/.bs/'`;
open(FILE2, ">>$outputfilename");
print FILE2 "$simple2";
close(FILE2);




Creative Commons License


This work is licensed under a
Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

#!/usr/bin/perl

#
# bs-out.pl - Usage: bs-out.pl <YourBSFile.bs
#
# 2009 - Mike Golvach - eggi@comcast.net
#
# Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License
#

local $/;
$simple = <STDIN>;
$simple1 = pack "b*", $simple;
$simple2 = pack "H*", $simple1;
system("/usr/bin/perl -e '$simple2';");


, Mike




Discover the ClickBank affiliate program that pays 100% commission!



Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.