Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Let's go to the movies

by teamster_jr (Curate)
on Apr 11, 2006 at 09:08 UTC ( #542489=obfuscated: print w/replies, xml ) Need Help??

Hello monks,
Here's my latest effort, it's pure perl, so should run anywhere.

It is parametised so it will take the number of boxes in the output as an argument in the form:
 # perl 19x20
(19x20 is the default)

This will produce a variable sized file (default is normally around 6Mb) called al.XXX (where XXX would reveal the surprise) in the directory from which it is run

$_=q^($w,$h +)=s plit/x/,shift||"19x20";$q=10+10*$w;$r=20+10*$h;@m=((31,(1 +5)x ($w-1))x$h,(31)x$w);$m[$c]|=16,!(@a=grep!($m[$c+$$_[0]]&16+$|*$$_[1]) +,[- 1,8],[1,1],[$w,4],[-$w,2])?$c=pop@p:${($i,$j)=@{$a[rand@a ]};$m[$c]&=~ (8/$j);push@p,$c;$m[$c+=$i]&=~$j;++$u-$h*$w+$h||map$_&=15,@m,splice(@ +p), $c=$|=1}until$|&$c+2>$w*$h;$C=$q-4*int$q/4;$A=($q+$C)*$r;$u=pack"x"x( +($q +$C)*$r);subZd{my($f,$g,$h,$i,$e)=@_;@a=sort{"000$a"<=>"000$b"}$h,$i| +|$h ;for($a[0]..$a[1]){$s=($r-$_)*($q+$C)+$f;vec($u,$_,8)=$e||2 for$s..$s ++$g -1}};subZt{$a=shift;$x=10*($a%$w);$y=10*(2+int$a/$w)};dZ9,$q-20,10;dZ +9,$ q-20,$r-10;dZ9,1,10,$r-10;dZ$q-11,1,10,$r-10;map{t$_;if($_%$w){$m[$_] +&2? d$x-1,11,$y:"";$m[$_]&8?d$x+9,1,$y-10,$y:"";}}0..-1+$w*$h;$F="LIST";o +pen (FH,">al.avi");binmodeZFH;selectZFH;printZpack"V*",/\d/?$_:unpack"V*" +,$_ Zfor"RIFF",(1256+($A+24)*($B=3+scalar@p)),"AVIZ$F",1216,"hdrlavih",56 +,50 0000,32,0,2064,$B,0,1,$A,$q,$r,(0)x4,$F,1140,"strlstrh",56,"vids",(0) +x4, 1,10,0,$B,$A,-1,(0)x3,"strf",1064,40,$q,$r,pack("vv",1,8),0,$A,(0)x4, +pac k(("C"x1024),(0xff)x3,0,128),$F,(4+($A+8)*$B),"movi";map{printZSTDOUT +"." ;t$z||1;$l=$x;$t=$y;t$_;$ri=$x;if($l>$x){$ri=$l;$l=$x}d$l+2,5+$ri-$l, +($t <$y?$t:$y)-7,($t<$y?$y:$t)-3,1;$z=$_;print"00db".pack("V",$A).$u}@p,( +-1+ $w*$h)x3;print"idx1".pack"V",16*$B;$o=4;for(1..$B){print"00db".pack"V +VV" ,16,$o,$A;$o+=$A+8}^;s#((?{$a.=$+})\s?(\S*)\s?)*#$a=~s/Z/ /g;$a#see
(that's supposed to be a clapboard btw!)

If there is enough interest i'll write a deobfuscation/explanation of what went into it,
I've written a clean version here.

In the meantime some of my references and some other notes are in the spoiler below:

I've tested the output in windows media player and mplayer (on windows and linux), however i couldn't get it working with winamp - i tried to fix it, but i'm not entirely sure it's not winamp.

  • the data is generated by a hacked up version of this
  • BMP file format
  • I used tachyon's post here to remind me a bit about packing and to explore bmp file headers
  • An excellent reference on the avi format can be found here

I hope you all enjoy it.
update: Add link to explanation.
Also use V not L (see this) to force correct endianness - this should now work on mac's
and fixed a bug where it didn't work for 5.8.8

Replies are listed 'Best First'.
Re: Let's go to the movies
by liverpole (Monsignor) on Apr 11, 2006 at 11:56 UTC
    An exremely clever idea! ++

    Let me take a crack at deobfuscation ...

    Running perl -MO=Deparse doesn't produce anything particularly readable, so I saved it to a file, and put newlines after all the semicolons:
    % perl -MO=Deparse movies > movies1 % vi movies1 % cat movies1 $_ = qq[(\$w,\$h)=split/x/,shift||"19x20"; \$q=10+10*\$w; \$r=20+10*\$h; \@m=((31,(15\n )x(\$w-1))x\$h,(31)x\$w); \$m[\$c]|=16,!(\@a=grep!(\$m[\$c+\$\$_[0]]&16+\$|*\$\$_[1]),\n [- 1,8] +,[1,1],[\$w,4],[-\$w,2])?\$c=pop\@p:\${(\$i,\$j)=\@{\$a[rand\@a]}; \$m[\$c]&=~\n 8/\$j; push\@p,\$c; \$m[\$c+=\$i]&=~\$j; ++\$u-\$h*\$w+\$h||map\$_&=15,\@m,splice(\@p),\$c\n =\$|=1}until\$|&\$ +c+2>\$w*\$h; \$C=\$q-4*int\$q/4; \$A=(\$q+\$C)*\$r; \$u=pack"x"x((\$q+\$\n C)*\$r); subZd{my(\$f,\$g,\$h,\$i,\$e)=\@_; \@a=sort{"000\$a"<=>"000\$b"}\$h,\$i||\$h; f\n or(\$a[0]..\$a[1]){\$s=(\$r-\$_)*(\$q+\$C)+\$f; vec(\$u,\$_,8)=\$e||2for\$s..\$s+\$g-1}\n }; subZt{\$a=shift; \$x=10*(\$a%\$w); \$y=10*(2+int\$a/\$w)}; dZ9,\$q-20,10; dZ9,\$q-2\n 0,\$r-10; dZ9,1,10,\$r-10; dZ\$q-11,1,10,\$r-10; map{t\$_; if(\$_%\$w){\$m[\$_]&2?d\$x\n -1,11,\$y:""; \$m[\$_]&8?d\$x+9,1,\$y-10,\$y:""; }}0..-1+\$w*\$h; \$F="LIST"; open(FH\n ,">al.avi"); binmodeZFH; selectZFH; printZpack"L*",/\\d/?\$_:unpack"L*",\$_Zfo\n r"RIFF",(1256+(\$A+24)*(\ +$B=3+scalar\@p)),"AVIZ\$F",1216,"hdrlavih",56,50000\n 0,32,0,2064,\$B +,0,1,\$A,\$q,\$r,(0)x4,\$F,1140,"strlstrh",56,"vids",(0)x4,1,1\n 0,0, +\$B,\$A,-1,(0)x3,"strf",1064,40,\$q,\$r,pack("SS",1,8),0,\$A,(0)x4,pa +ck((\n "H"x1024),"f","f","f",0,"a"),\$F,(4+(\$A+8)*\$B),"movi"; map{printZSTDOUTZ++\n \$G,\$/; t\$z||1; \$l=\$x; \$t=\$y; t\$_; \$ri=\$x; if(\$l>\$x){\$ri=\$l; \$l=\$x}d\$l+2,5+\$ri-\$\n l,(\$t<\$y?\$t:\$y)-7,(\$t<\$y?\$y:\$t)-3,1 +; \$z=\$_; print"00db".pack("L",\$A).\$u}\@p\n ,(-1+\$w*\$h)x3; print"idx1".pack"L",16*\$B; \$o=4; for(1..\$B){print"00db".pack\n "LLL",16,\$o,\$A; \$o+=\$A+8}]; s[((?{$a.=$+})\s?(\S*)\s?)*][$a =~ s/Z/ /g; $a; ]see;
    I knew you were writing to an .avi file (I didn't know you could do that ... very slick!), so I found the open statement:  open(FH\n ,">al.avi");.  But on the very next 2 lines:  binmodeZFH; and selectZFH;.  So you clearly had to be doing some processing on the string before using it.

    Ah yes, there it is; near the end of the program is the regular expression substitution (with a double evaluation):

    s[((?{$a.=$+})\s?(\S*)\s?)*][$a =~ s/Z/ /g; $a; ]see;
    So the next step is to drop one of the evaluations, and print the string *before* it would have been executed.  This can even be done on the original program with some Unix pipes, and two calls to sed.  (One call converts the double-evaluation to a single evaluation, and prints the string representing the innermost program instead of executing it.  The second call simply changes semicolons to newlines to make the program readable):
    % perl -MO=Deparse movies | sed s/see/se\;print/ | perl | sed s/\;/\;\ +\n/g ($w,$h)=split/x/,shift||"19x20"; $q=10+10*$w; $r=20+10*$h; @m=((31,(15)x($w-1))x$h,(31)x$w); $m[$c]|=16,!(@a=grep!($m[$c+$$_[0]]&16+$|*$$_[1]),[-1,8],[1,1],[$w,4], +[-$w,2])?$c=pop@p:${($i,$j)=@{$a[rand@a]}; $m[$c]&=~8/$j; push@p,$c; $m[$c+=$i]&=~$j; ++$u-$h*$w+$h||map$_&=15,@m,splice(@p),$c=$|=1}until$|&$c+2>$w*$h; $C=$q-4*int$q/4; $A=($q+$C)*$r; $u=pack"x"x(($q+$C)*$r); sub d{my($f,$g,$h,$i,$e)=@_; @a=sort{"000$a"<=>"000$b"}$h,$i||$h; for($a[0]..$a[1]){$s=($r-$_)*($q+$C)+$f; vec($u,$_,8)=$e||2for$s..$s+$g-1}}; sub t{$a=shift; $x=10*($a%$w); $y=10*(2+int$a/$w)}; d 9,$q-20,10; d 9,$q-20,$r-10; d 9,1,10,$r-10; d $q-11,1,10,$r-10; map{t$_; if($_%$w){$m[$_]&2?d$x-1,11,$y:""; $m[$_]&8?d$x+9,1,$y-10,$y:""; }}0..-1+$w*$h; $F="LIST"; open(FH,">al.avi"); binmode FH; select FH; print pack"L*",/\d/?$_:unpack"L*",$_ for"RIFF",(1256+($A+24)*($B=3+sca +lar@p)),"AVI $F",1216,"hdrlavih",56,500000,32,0,2064,$B,0,1,$A,$q,$r, +(0)x4,$F,1140,"strlstrh",56,"vids",(0)x4,1,10,0,$B,$A,-1,(0)x3,"strf" +,1064,40,$q,$r,pack("SS",1,8),0,$A,(0)x4,pack(("H"x1024),"f","f","f", +0,"a"),$F,(4+($A+8)*$B),"movi"; map{print STDOUT ++$G,$/; t$z||1; $l=$x; $t=$y; t$_; $ri=$x; if($l>$x){$ri=$l; $l=$x}d$l+2,5+$ri-$l,($t<$y?$t:$y)-7,($t<$y?$y:$t)-3,1; $z=$_; print"00db".pack("L",$A).$u}@p,(-1+$w*$h)x3; print"idx1".pack"L",16*$B; $o=4; for(1..$B){print"00db".pack"LLL",16,$o,$A; $o+=$A+8}
    at which point the functionality of the program becomes decipherable.

    I'm particularly impressed with the way you write directly to the .avi file.  I'm going to definitely study how to do that, so I can make use of it in my own code!

Re: Let's go to the movies
by marto (Cardinal) on Apr 11, 2006 at 10:08 UTC

    This is the best obfu I have seen in quite a while. Great work!


Re: Let's go to the movies
by eric256 (Parson) on Apr 11, 2006 at 16:49 UTC

    This rocks. Can you *please* walk through how it works?

    Eric Hodges
Re: Let's go to the movies
by CountZero (Bishop) on Apr 11, 2006 at 21:53 UTC
    Amazeing! ++ well deserved!


    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

Re: Let's go to the movies
by mikeock (Hermit) on Apr 11, 2006 at 19:12 UTC
    That rocks!
Re: Let's go to the movies
by Akhasha (Scribe) on Apr 15, 2006 at 13:40 UTC
    Runs out of memory on Perl v5.8.6 built for cygwin-thread-multi-64int, before printing anything to the console. No problems in debian stable though.
    Awesome obfu!
Re: Let's go to the movies
by parv (Vicar) on Apr 12, 2006 at 20:16 UTC
    Can anybody tell me how much is the datasize requirement? As soon as the perl process's datasize exceeds the set datasize limit, the process dies (as expected). I had tried w/ limit set to 512 MB (a few mega bytes larger than user-available amount of 491 MB RAM). (Perl is 5.8.7, built w/ debugging & i386-freebsd-64int, running on FreeBSD/i386 6-STABLE.)
Re: Let's go to the movies
by wulvrine (Friar) on May 02, 2006 at 15:02 UTC
    Thats pretty darn cool! nice job!

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: obfuscated [id://542489]
Approved by Corion
Front-paged by liverpole
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (4)
As of 2022-08-07 15:50 GMT
Find Nodes?
    Voting Booth?

    No recent polls found