http://qs321.pair.com?node_id=392495

solitary has asked for the wisdom of the Perl Monks concerning the following question:

I've been using perl for the last five years and this will be the first time I've had to ask for help. Credit to the creators becuase this language is very simple to start, but very powerful once you get on a roll. However, I have a big problem. One of the companies we rely on to get us information from a purchased advertising system (Idiots, Inc) wrote an export program to collect ad information so that we can import it to the web. We prefer to do this directly, but security concerns killed that. The files are then FTP'd to our server where we parse them. Over time this has required a few tweaks. One is that when the first of the month falls on a weds or thurs it interfered with one of our classified publication exports. Their solution? Build tables for the next three years so the system knows which days will get bungled and have a work around. The problem has become they used a compiled perl script, and they lost the source. This makes things really bad, becuase our timetables for minor changes are now months away. I really began to doubt their abilities when they said they compiled it so it would run faster. I have the .exe but can't seem to do much with it, as I'm not sure how to decompile or de-encode it. Any help would be happily accepted.

Replies are listed 'Best First'.
Re: Perl Decompile
by tachyon (Chancellor) on Sep 21, 2004 at 01:29 UTC

    In all probability it will have been made into a exe with either Indigo Star's Perl2exe or ActiveState's PerlApp. Contrary to what Aristotle said the original source code is not stored internally in verbatim form. It is encoded. Some monks cracked PerlApp in public at A real challenge and then AS changed the encoding. So the encoding algorithms have changed over time, and thus the decode depends not only on which program was used but also which version. There are similar published decrypts on Perl2exe if you Google for them.

    Of the free perl tools PAR does store the code verbatim but is unlikely to have been used based on timing and motivations. The B:: compiler backends basically don't work for anything past trivia so are very unlikely to have been used either.

    It is almost certainly possible to retrieve the original source code. It is also almost certainly not worth the time and effort.

    cheers

    tachyon

      the original source code is not stored internally in verbatim form. It is encoded.

      That is why I said “more or less”. :-) My point was that the actual Perl source is stored in the binary, whether it is encoded or not, while the internal representation differs greatly with B::C/B::CC.

      Makeshifts last the longest.

        Pray, tell me Aristotle why would a compiled binary save the source text (encoded or not)? It seems to me that it would just eat up space, unless they use the source text as input to an embedded Perl-system. But that would be cheating wouldn't it?

        CountZero

        "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

Re: Perl Decompile
by Aristotle (Chancellor) on Sep 20, 2004 at 20:59 UTC

    This greatly depends on what they compiled it with. Was it one of Perl's own compiler backends? If so, was it B::C or B::CC? Did they use something else like PerlApp or Perl2Exe?

    I believe the latter two embed the source in the executable more or less verbatim. These would be relatively easy to reverse.

    A B::C binary contains a prebuilt optree that is run using an embedded interpreter; this might be possible to salvage with some debugger wizardry and B::Deparse.

    If they used B::CC you're probably out of luck.

    Makeshifts last the longest.

Re: Perl Decompile
by Courage (Parson) on Sep 21, 2004 at 04:23 UTC
    As monks already noted, there are two possibilities:
    • they encoded source and stored it to binary
    • they compiled and stored compiled binary to executable binary
    I want to add such an information that in 1st case (which is most likely to what they did) you will get their source after decompiling;
    in second case you will get another source that will differ from original source: comment will be lost, variable names could be lost, and so on.

    You can drop it to me by vkonovalov at spb dot lucent dot com, and I will try advice further.

    This is not trivial task however.