How is this Perl Script encrypted?

[i6033162556-signup1]

http://www.c3scripts.com/amazon/release/ae-040531.zip

I am not trying to hack this demo script, but I want to encrypt my own
scripts and distrubate them on the internet.

http://www.c3scripts.com/amazon/docs6.html

 

[James Keasley]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.c3scripts.com/amazon/release/ae-040531.zip

I am not trying to hack this demo script, but I want to encrypt my own
scripts and distrubate them on the internet.

Don't even bother, that "encryption" took all of 7 keystrokes to break.

If you really want to, look at the perldocs for pack and unpack.

- --
James jamesk[at]homeric[dot]co[dot]uk

'I never met a piece of chocolate I didn't like.'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBUJuiqfSmHkD6LvoRAjnHAJ0ZbKQo+a8Mzo/tI6qSYyv3raJ/iwCgjgT1
v/QSkDHnmQgJUdTtoTSOQ7g=
=G2fe
-----END PGP SIGNATURE-----

 

[Malcolm Dew-Jones]

(e-mail address removed) wrote:
: http://www.c3scripts.com/amazon/release/ae-040531.zip

It isn't encrypted.

 

[i6033162556-signup1]

As you indicate you have written your own scripts, I suggest examining
the last line of code. It will tell you how to encode your own scripts
without ever needing to decode the script above.

HTH,
Tim Hammerquist

Yes, I did unpack them, but it is still not working. I changed the
final line to
$b=unpack("u",$s);
print $b;

I got the file, but still can not find how they use a key to verfy the
lisence of the script. Also, once I made some change to the file then
change it back, it does not work. It has some self destruction feature
that once the script is changed, it is not working.

 

[Tintin]

http://www.c3scripts.com/amazon/release/ae-040531.zip

I am not trying to hack this demo script, but I want to encrypt my own
scripts and distrubate them on the internet.

http://www.c3scripts.com/amazon/docs6.html

Have a look at the Acme modules, in particular Acme::Bleach is a popular
(and fun) one to use.

http://search.cpan.org/~dconway/Acme-Bleach-1.12/lib/Acme/Bleach.pm

 

[A. Sinan Unur]

(e-mail address removed) wrote in

....

Yes, I did unpack them, but it is still not working. I changed the
final line to
$b=unpack("u",$s);
print $b;

Ahem ...

print unpack("u",$s);

I got the file, but still can not find how they use a key to verfy the
lisence of the script. Also, once I made some change to the file then
change it back, it does not work. It has some self destruction feature
that once the script is changed, it is not working.

You might want to look at the key_isValid and key_isValid_simple
subroutines.

Your time working on this is wasted.

perldoc -q hide

Sinan.

 

[i6033162556-signup1]

You might want to look at the key_isValid and key_isValid_simple
subroutines.

Your time working on this is wasted.

I think I am not wasting time, as this code is 100% protected.
Unbreakable.
If you don't think so, make a change to the unpacked file and run it.
It gaves errors once the file is changed.
I looked at both key_isValid and key_isValid_simple. However, I did
not see any unicode or special charactors to prevent the file from
resave. How does he do that in the file? My theory is that there is a
character like "Copyright C" and text editors can not save it, so once
somebody trys to change the file and re save it. The whole script will
not work.


sub key_isValid
{
local($p, $i, $k) = @_;
$k = &key_format($k);
return (0, 0) if ($i eq "" || $k eq "");
return (1, 0) if ($k eq &key_make($p, $i));
local($t) = &clock_sub("%y%m%d", $^T);
local($d) = substr($k, 20, 4) . substr($k, 25, 2);
local($v) = $k eq &key_make_dated($p, $i, $d);
local($s) = sprintf("%s/%s/%s", substr($d, 0, 2), substr($d, 2, 2),
substr($d, 4, 2));
return ($v && $d > $t, $v ? $s : 0);
}
sub key_make
{
local($p, $i) = @_;
return &key_format(sprintf("%08x%08x", &crc32_calc($p . $i),
&crc32_calc($i x 3)));
}
sub key_make_dated
{
local($p, $i, $d) = @_;
return &key_format(sprintf("%08x%08x", &crc32_calc($p . $i . $d),
&crc32_calc(($i x 3) . $d)) . $d);
}
sub key_isValid_simple
{
local($p, $i, $k) = @_;
return &key_format($k) eq &key_format(sprintf("%08x",
&crc32_calc("$p:$i")));
}
sub key_format
{
local($s) = @_;
$s =~ s/o/0/ig;
$s =~ s/i/1/ig;
$s =~ s/s/5/ig;
$s =~ s/[^0-9a-f]//ig;
$s =~ s/(....)/$1\-/ig;
$s =~ s/\-$//;
return uc $s;
}

 

[Brian McCauley]

I think I am not wasting time,

In that case, I've got this design for a perpetual motion machine. All I
need is a bit of capital to develop it. Are you interested in investing?

If you don't think so, make a change to the unpacked file and run it.
It gaves errors once the file is changed.

Unless, of course, you remove the check.

I looked at both key_isValid and key_isValid_simple. However, I did
not see any unicode or special charactors to prevent the file from
resave. How does he do that in the file? My theory is that there is a
character like "Copyright C" and text editors can not save it, so once
somebody trys to change the file and re save it.

Errr.. so get a better editor.

The whole script will not work.

But the script, less the protection mechanism, will.

 

[A. Sinan Unur]

(e-mail address removed) wrote in

[ Don't snip attributions ]

I think I am not wasting time, as this code is 100% protected.
Unbreakable.

That is more a statement about your abilities than the strength of the
protection scheme.

If you don't think so, make a change to the unpacked file and run it.
It gaves errors once the file is changed.

Does it still give errors if you replace the two subs with:

sub key_isValid { return 1; }

sub key_isValid_simple { return 1; }

Or if you remove the calls to those subs?

How does he do that in the file? My theory is

You don't need a theory. The code is there for you read.

that there is a character like "Copyright C" and text editors
can not save it, so once somebody trys to change the file and
re save it. The whole script will not work.

Sigh.

 

[Keith Keller]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think I am not wasting time, as this code is 100% protected.
Unbreakable.

Yeah, unbreakable like a Kryptonite lock! ;-O

- --keith

- --
(e-mail address removed)-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBUgHyhVcNCxZ5ID8RAvchAJ9g4r60T/v/0F5uRh0Urx/5JmvdwgCeJtof
aBUFVMFFDtLtGoQjYviYIns=
=fuJQ
-----END PGP SIGNATURE-----

 

[i6033162556-signup1]

(e-mail address removed) wrote in

[ Don't snip attributions ]

I think I am not wasting time, as this code is 100% protected.
Unbreakable.

That is more a statement about your abilities than the strength of the
protection scheme.

If you don't think so, make a change to the unpacked file and run it.
It gaves errors once the file is changed.

Does it still give errors if you replace the two subs with:

sub key_isValid { return 1; }

sub key_isValid_simple { return 1; }

YES, SIR. I did all. Not working.
Have you tried it yourself, or just guessing here?
Even if I add ONE space, then delete that SPACE.
Or simply do nothing, but resave the file again. It stopped working.
Its technology is sooo advanced.

 

[A. Sinan Unur]

(e-mail address removed) wrote in

(e-mail address removed) wrote in

[ Don't snip attributions ]

Your time working on this is wasted.

I think I am not wasting time, as this code is 100% protected.
Unbreakable.

That is more a statement about your abilities than the strength of
the protection scheme.

If you don't think so, make a change to the unpacked file and run
it. It gaves errors once the file is changed.

Does it still give errors if you replace the two subs with:

sub key_isValid { return 1; }

sub key_isValid_simple { return 1; }

YES, SIR. I did all. Not working.

Then you are doing something else wrong.

Have you tried it yourself, or just guessing here?

Was just guessing before ... Tried it after seeing you respond so
insistently.

Even if I add ONE space, then delete that SPACE.
Or simply do nothing, but resave the file again. It stopped working.
Its technology is sooo advanced.

Only when confronted with primitive minds.

Again, the time you spend on this is wasted.

Sinan.

 

[Patrice Auffret]

On 23 Sep 2004 12:32:29 GMT

Then you are doing something else wrong.

[..]

Maybe the sub crc32_all() is checking against a valid CRC32 in
order to see if the source has been altered.

So maybe trying to also change this one.