Back to list
Perl2Exe EXEs Can Be Decompiled (update)
Feb 21 2003 12:09PM
Domainbox, Tim Abenath (ta domainbox de)
Perl programs "compiled" into EXEs with Perl2Exe can be decompiled and
full, unadulterated source code extracted.
Vendor has been notifyed a year ago as Simon Cozens dissected perl2exe's
and posted his results here.
My research heavily depends on Simon Cozens work which can be found on
Since version 5.x is already dissected i took a look on the 6.x Version.
This has been tested on the latest release
Perl2Exe V6.00 for Linux (Feb 20, 2003). Here we go:
The 6.0 Version stores a list of the included stuff at the end of the
The _main.pl part is what we are looking for. As perl2exe still uses
(known as XOR) this is gonna be simple to attack using 'known plaintext'.
We start with generating a plaintext file with the length of _main.pl, the
content doesn't matter. Lets call that one sample.pl
We compile this one using ./perl2exe sample.pl and get the binary 'sample'.
We can XOR the plain and
cyphertext to get the used key. Now it's time to start up our dirty little
$known_plain = `cat sample.pl`;
$known_cipher_file = "sample";
$sizeline = `tail -c +811048 $known_cipher_file | strings | grep
@line = split /;/, $sizeline;
@size = split /\=/, $line;
$known_cipher = `tail -c +811048 $known_cipher_file | head -c $size`;
$key = $known_cipher ^ $known_plain;
$unknown_cipher = `tail -c +811048 perl2exe | head -c $size`;
$unknown_plain = $unknown_cipher ^ $key;
print $unknown_plain, "\n";
The output should be redirected to a file, because there are still some
binary bits in $unknown_plain.
ta (at) domainbox (dot) de [email concealed]
[ reply ]
Re: Perl2Exe EXEs Can Be Decompiled (update)
Feb 22 2003 07:20AM
Kain (kain kain org)
Copyright 2010, SecurityFocus