首页
社区
课程
招聘
未解决 perl 脚本如何解密? 50.00雪花
发表于: 2019-5-24 11:56 7314

未解决 perl 脚本如何解密? 50.00雪花

2019-5-24 11:56
7314

#!/usr/bin/perl
#version 4.31 beta3
use Filter::Crypto::Decrypt;
@-(Ž>kŽ=áéWŒ²"ï)òF‡Üú‰þA`©¦j¿]0Eï”çÓy7u&®iÑwC¯òU“ñ¢KC{’…ÑaMÁÞÿgÇcÛ¨{Ù*yýö†”/+HîøöÞiÙ×ݛnEü4ÇÄᤥãaYÌ~m^ÿ²݌m.ñåwûiIš¤ÊÀOåUÍ7ÞÔ"¨¹,

使用这种加密可以反逆吗?如果可以的话提供脚本即可
use Filter::Crypto::Decrypt;

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

最后于 2019-5-24 12:09 被wx_hktianya@521.io编辑 ,原因:
收藏
免费 0
支持
分享
最新回复 (2)
雪    币: 51
活跃值: (24)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
钱多就可以
2019-5-27 15:14
0
雪    币: 6682
活跃值: (1156)
能力值: ( LV5,RANK:158 )
在线值:
发帖
回帖
粉丝
3

应该可以解密,参考这个链接https://github.com/steve-m-hay/Filter-Crypto

兼容性

v2.00以前老版本加密的脚本,无法用新版本的程序解密,老版本加密后是二进制数据,新版本加密后是16进制数据。楼主的应该就是老版本。

 

图片描述


 

一个hello world程序使用新版本加解密测试

 

图片描述


 

摘录一段blib/lib/Filter/Crypto.pm中的警告,请看高亮部分,如果加密后的代码可以在你机器上运行,你又有一定的调试技巧,就一定可以解密出源代码。

WARNING

Perl source code decryption filters work by intercepting the source stream (read
from the encrypted file) and modifying it (in this case, decrypting it) before
it reaches the Perl parser. Clearly, by the time the source reaches the parser
it must be decrypted, otherwise the script cannot be run. This means that at
some stage every part of the script must be held in memory in an unencrypted
state, so anyone with the appropriate debugging skills will be able to get it.

 

If perl was built with DEBUGGING then running the script with the perl's B<-Dp>
command-line option makes this much easier. Even without a DEBUGGING perl, the
script can still be run under the Perl debugger (perl's B<-d> command-line
option), whose C<l> command will list the (decrypted) source code that was fed
to the parser.

 

In fact, with the introduction of the Perl compiler backend modules it is now
easy to get at the decrypted source code without any debugging skills at all.
To quote L<B::Deparse>:

B::Deparse is a backend module for the Perl compiler that generates perl
source code, based on the internal compiled structure that perl itself
creates after parsing a program. The output of B::Deparse won't be exactly
the same as the original source, since perl doesn't keep track of comments
or whitespace, and there isn't a one-to-one correspondence between perl's
syntactical constructions and their compiled form, but it will often be
close.

 

To make debugging and deparsing more difficult, the source code decryption
filter implemented in this distribution contains checks to try to disallow the
following:

最后于 2019-5-28 16:02 被Explorerl编辑 ,原因:
2019-5-28 14:56
0
游客
登录 | 注册 方可回帖
返回
//