NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2003-08

Re: OT: Base64 encoding in obfuscated Perl

From: Andreas Meyer (anmeyeranup.de)
Date: Mon Sep 01 2003 - 01:19:30 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Liviu Daia <Liviu.Daiaimar.ro> schrieb:

> > Both methods produce the same results in my tests:
>
> They don't, please note the size difference:
>
> [...]
> > -rw-r--r-- 1 root root 336446 Aug 31 22:54 fi-big
> > -rw-r--r-- 1 root root 336447 Aug 31 22:55 fi-small
> > -rw-r--r-- 1 root root 127451154 Aug 31 23:01 mail-big
> > -rw-r--r-- 1 root root 127451155 Aug 31 22:58 mail-small
>
> Here's another experiment, which probably shows better what I'm
> talking about:
>
> [daiaeuler/~]> ls -l /var/log/wtmp
> -rw-r--r-- 1 root wheel 744576 Sep 1 02:25 /var/log/wtmp
> [daiaeuler/~]> perl -MMIME::Base64 -e 'print encode_base64 $b while (read STDIN, $b, 57)' </var/log/wtmp >wtmp-1
> [daiaeuler/~]> perl -MMIME::Base64 -pne '$/=\57; $_=encode_base64 $_' </var/log/wtmp >wtmp-2
> [daiaeuler/~]> ls -l wtmp-*
> -rw-r--r-- 1 daia ancompl 1005831 Sep 1 02:36 wtmp-1
> -rw-r--r-- 1 daia ancompl 1005836 Sep 1 02:36 wtmp-2
> [daiaeuler/~]> pcregrep -nv '\S{76}' wtmp-*
> wtmp-1:13063:Uj8DSQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> wtmp-2:330:AAAAAAAAAAAAAAAAAAAAAAAAAL0RTD+qmwo=
> wtmp-2:13064:AAAAAAAAAAAAAAAAAAAAAA==
> [daiaeuler/~]> sed -e '1,328d; 332,$d' <wtmp-2
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAL0RTD+qmwo=
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAPZgAAAAAAAAAAAAAAAAAA
> [daiaeuler/~]> perl -V | head -1
> Summary of my perl5 (revision 5.0 version 6 subversion 1) configuration:

-rw-r--r-- 1 root root 336446 Aug 31 22:54 fi-big
-rw-r--r-- 1 root root 336447 Aug 31 22:55 fi-small

delta:/home # pcregrep -nv '\S{76}' fi-big
4370:byBJUHY2IHJvdXRlcnMgcHJlc2VudAo=

delta:/home # sed -e '1,328d; 332,$d' < fi-big
dWwgIDggMTE6MTY6MDQgZGVsdGEga2VybmVsOiAgIGh0dHA6Ly93d3cuc2N5bGQuY29tL25ldHdv
cmsvdmlhLXJoaW5lLmh0bWwKSnVsICA4IDExOjE2OjA0IGRlbHRhIGtlcm5lbDogUENJOiBGb3Vu
ZCBJUlEgMTEgZm9yIGRldmljZSAwMDoxMS4wCkp1bCAgOCAxMToxNjowNCBkZWx0YSBrZXJuZWw6

delta:/home # pcregrep -nv '\S{76}' fi-small
5:Q0sgRklOIFVSR1A9MCAK
4371:cHJlc2VudAo=

delta:/home # sed -e '1,328d; 332,$d' < fi-small
MyAgTm92LTE3LTIwMDEgIFdyaXR0ZW4gYnkgRG9uYWxkIEJlY2tlcgpKdWwgIDggMTE6MTY6MDQg
ZGVsdGEga2VybmVsOiAgIGh0dHA6Ly93d3cuc2N5bGQuY29tL25ldHdvcmsvdmlhLXJoaW5lLmh0
bWwKSnVsICA4IDExOjE2OjA0IGRlbHRhIGtlcm5lbDogUENJOiBGb3VuZCBJUlEgMTEgZm9yIGRl

delta:/home # perl -V | head -1
Summary of my perl5 (revision 5.0 version 6 subversion 1) configuration:

I'm clueless.

--
Andreas Meyer | http://www.anup.de
| http://home.wtal.de/MeineHomepage

Key fingerprint = 91 F2 F8 DA 6F F0 5A FD C5 94 3A D5 1A DF AF C5

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]