Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
decrypt(3)	      User Contributed Perl Documentation	    decrypt(3)

       Filter::decrypt - template for a	decrypt	source filter

	   use Filter::decrypt ;

       This is a sample	decrypting source filter.

       Although	this is	a fully	functional source filter and it	does implement
       a very simple decrypt algorithm,	it is not intended to be used as it is
       supplied. Consider it to	be a template which you	can combine with a
       proper decryption algorithm to develop your own decryption filter.

       It is important to note that a decryption filter	can never provide
       complete	security against attack. At some point the parser within Perl
       needs to	be able	to scan	the original decrypted source. That means that
       at some stage fragments of the source will exist	in a memory buffer.

       Also, with the introduction of the Perl Compiler	backend	modules, and
       the B::Deparse module in	particular, using a Source Filter to hide
       source code is becoming an increasingly futile exercise.

       The best	you can	hope to	achieve	by decrypting your Perl	source using a
       source filter is	to make	it unavailable to the casual user.

       Given that proviso, there are a number of things	you can	do to make
       life more difficult for the prospective cracker.

       1.   Strip the Perl binary to remove all	symbols.

       2.   Build the decrypt extension	using static linking. If the extension
	    is provided	as a dynamic module, there is nothing to stop someone
	    from linking it at run time	with a modified	Perl binary.

       3.   Do not build Perl with "-DDEBUGGING". If you do then your source
	    can	be retrieved with the "-DP" command line option.

	    The	sample filter contains logic to	detect the "DEBUGGING" option.

       4.   Do not build Perl with C debugging support enabled.

       5.   Do not implement the decryption filter as a	sub-process (like the
	    cpp	source filter).	It is possible to peek into the	pipe that
	    connects to	the sub-process.

       6.   Check that the Perl	Compiler isn't being used.

	    There is code in the BOOT: section of decrypt.xs that shows	how to
	    detect the presence	of the Compiler. Make sure you include it in
	    your module.

	    Assuming you haven't taken any steps to spot when the compiler is
	    in use and you have	an encrypted Perl script called	"",
	    you	can get	access the source code inside it using the perl
	    Compiler backend, like this

		perl -MO=Deparse

	    Note that even if you have included	the BOOT: test,	it is still
	    possible to	use the	Deparse	module to get the source code for
	    individual subroutines.

       7.   Do not use the decrypt filter as-is. The algorithm used in this
	    filter has been purposefully left simple.

       If you feel that	the source filtering mechanism is not secure enough
       you could try using the unexec/undump method. See the Perl FAQ for
       further details.

       Paul Marquess

       19th December 1995

perl v5.32.1			  2020-08-05			    decrypt(3)


Want to link to this manual page? Use this URL:

home | help