sslug-teknik team mailing list archive
-
sslug-teknik team
-
Mailing list archive
-
Message #95158
Re: Kryptere bash-scripts.
Jacob Bunk Nielsen wrote:
> Obfuscation er tæt på intet værd, hvis formålet er ikke at give sin kode
> væk.
>
>
Det kan ikke have været en særlig god obfuscator.
Hos komogvind.dk bruger vi Zelix KlassMaster til obfuscering og den gør
næsten koden umulig at læse:
import java.io.PrintStream;
public class HelloWorld
{
public HelloWorld(int i)
{
int j;
boolean flag;
flag = A;
super();
j = 1;
_L9:
if(j > i)
break; /* Loop/switch isn't completed */
System.out;
(new StringBuilder()).append(B[3]).append(j);
j;
1;
if(flag) goto _L2; else goto _L1
_L1:
JVM INSTR icmpne 54;
goto _L3 _L4
_L3:
B[5];
goto _L5
_L4:
j;
2;
_L2:
JVM INSTR icmpne 67;
goto _L6 _L7
_L6:
B[4];
goto _L5
_L7:
B[1];
_L5:
append();
B[2];
append();
toString();
println();
j++;
if(!flag)
continue; /* Loop/switch isn't completed */
z = !z;
break; /* Loop/switch isn't completed */
if(true) goto _L9; else goto _L8
_L8:
}
public static void main(String args[])
{
args;
if(A) goto _L2; else goto _L1
_L1:
JVM INSTR arraylength .length;
JVM INSTR ifne 16;
goto _L3 _L4
_L3:
10;
goto _L5
_L4:
args;
_L2:
0;
JVM INSTR aaload ;
Integer.parseInt();
_L5:
int i;
i;
new HelloWorld(i);
break MISSING_BLOCK_LABEL_47;
Exception exception;
exception;
System.err.println(B[0]);
}
public static boolean z;
public static boolean A;
private static String B[];
static
{
String as[];
as = new String[6];
as[0] =
"v%J,\036]%]m\fC3\037h\007K$\030xN_8Pz\007K/\037m\000\017#Qx\013H/M,\017\\j^~\tZ'Zb\032\001";
as[1] = "].";
as[2] = "\017>Va\013";
as[3] = "g/S`\001\017\035P~\002KjYc\034\017>WiN";
as[4] = "A.";
as[5] = "\\>";
B = as;
break MISSING_BLOCK_LABEL_171;
local;
toCharArray();
JVM INSTR dup ;
JVM INSTR arraylength .length;
JVM INSTR swap ;
int i = 0;
JVM INSTR swap ;
JVM INSTR dup_x1 ;
1;
JVM INSTR icmpgt 150;
goto _L1 _L2
_L1:
JVM INSTR dup ;
i;
_L4:
JVM INSTR dup2 ;
JVM INSTR caload ;
byte byte0;
switch(i % 5)
{
case 0: // '\0'
byte0 = 0x2f;
break;
case 1: // '\001'
byte0 = 74;
break;
case 2: // '\002'
byte0 = 63;
break;
case 3: // '\003'
byte0 = 12;
break;
default:
byte0 = 110;
break;
}
byte0;
JVM INSTR ixor ;
(char);
JVM INSTR castore ;
i++;
JVM INSTR swap ;
JVM INSTR dup_x1 ;
JVM INSTR ifne 150;
goto _L3 _L2
_L3:
JVM INSTR dup2 ;
JVM INSTR swap ;
goto _L4
_L2:
JVM INSTR swap ;
JVM INSTR dup_x1 ;
i;
JVM INSTR icmpgt 74;
goto _L5 _L1
_L5:
JVM INSTR new #77 <Class String>;
JVM INSTR dup_x1 ;
JVM INSTR swap ;
String();
intern();
JVM INSTR swap ;
JVM INSTR pop ;
JVM INSTR ret 0;
}
}
Her valgte jeg at beholde klassens navn. Den originale kode er her:
public class HelloWorld {
public HelloWorld(int count) {
for (int i = 1; i <= count; i++) {
System.out.println("Hello World for the " + i + (i == 1 ?
"st" : i == 2 ? "nd" : "rd") + " time");
}
}
public static void main(String args[]) {
try {
int num = args.length == 0 ? 10 : Integer.parseInt(args[0]);
new HelloWorld(num);
} catch (Exception e) {
System.err.println("You probably didn't provide an integer
as argument.");
}
}
}
...det bliver stort set umuligt at overskue større projekter, så
obfuscering gør en hel del for sikkerheden, men jeg har ikke set
obfuscerings programmer til bash.
References
