Comments for Stunnix Perl-Obfus
Re: Compleet bogus
# Entry Word: bogus
# Function: adjective
# Synonyms COUNTERFEIT, brummagem, fake, false,
# phony, pinchbeck, pseudo, sham, snide, spurious
# Related Word forged; imitation
# Contrasted Words bona fide, good
# Antonyms authentic, genuine, real
Like in "bogus security" or "bogus protection". Yes, it is
harder to read obfuscated code, but as long as it's perl it's easily reversed to a readable form.
Obfuscation as practiced within the perl community has nothing to do with protecting source code.
Re: How Lame Can You Get?
Classic :)
Re: How Lame Can You Get?
% Also, there is a problem of guessing
> that '$z5da4d3837d'
> was '$files' before obfuscation, and not
> '$slots' (or whatever).
Okay, so you cannot know that '$z5da4d3837d' corresponds with '$files' after obfuscation. But the code is not really hard to read and understand when you use distinguishable dictionary words, there is already a Perl module for that:
You are missing the point ...
Perl was never intended to be "un-readable". I can't think of a single line of Perl code I would ever want to "hide"/"obfuscate" from anybody.
If you want to code closed source commercial apps - use C.
Let's also consider some of the practical issues:
* Debugging. If something goes wrong, I must _hope_ it's not the mangled code. There is no easy way to know for sure. Personally I would not trust this at all.
* Version control. What meganism is there to tie the mangled code to an original source file? Also consider the line: "Unique! Means to make analysis of changes between different releases of the obfuscated product more difficult" ( source: www.stunnix.com/prod/p... ).
* Easy to reverse. This has been commented on already. I have experimented a bit and it took about 30 minutes to solve the puzzle ( given your own example ). The only thing I haven't done was to give the function names a more interesting name, but then again - it's easy to add.
* $879 !!! Are you serious? This is the best get-rich-quick-scheme I have ever seen. You can purchase commercial compilers for less then that.
In a nutshell then - I think you people should grow up. I hope somebody that did indeed make the mistake of purchasing this junk take you to court - There must be some kind of law against this obvious attempt to make people belief stuff that just isn't true.
To all prospective buyers out there - give this a miss.
Cheers
Re: Compleet bogus
> Check this (perlmonks) thread for an
> elaborate discussion.
If Perl-Obfus is bogus, then all obfuscators are bogus too. Or the therm "bogus" is inapropriate.
Compleet bogus
Check this (perlmonks) (www.perlmonks.org/inde...) thread for an elaborate discussion.
Re: How Lame Can You Get?
>
> %
> % % The deobfuscator for this tool is
> % 'perl
> % % -MO=Deparse'. It doesn't rename
> the
> % % variables to something meaningful
> and
> % it
> % % doesn't restore doublequoted
> strings,
> % % but apart from that it does a good
> % job
> % % on the example code given on the
> % site.
> % %
> % % (And BTW, the obfuscated code given
> % on
> % % their website does not run:
> % 'Undefined
> % % subroutine &main::zb463d7d1b4'.)
> %
> % The code won't run due to this error
> % because
> % the *PIECE* of original and
> obfuscated
> % files is present on the webpage, not
> % entire file.
> %
>
>
> Well, either way no one's going to be
> buying your assinine software through
> freshmeat now that they've demonstrate
> how reversible it is.
>
>
> sed 's/z5da4d3837d/a/g' stunnixsucks.pl
> | sed ....
That's essentially a feature of all obfuscators that do
not require shipment of modified interpreter with obfuscated code.
Also, there is a problem of guessing that '$z5da4d3837d'
was '$files' before obfuscation, and not '$slots' (or whatever).
Re: How Lame Can You Get?
>
> % The deobfuscator for this tool is
> 'perl
> % -MO=Deparse'. It doesn't rename the
> % variables to something meaningful and
> it
> % doesn't restore doublequoted strings,
> % but apart from that it does a good
> job
> % on the example code given on the
> site.
> %
> % (And BTW, the obfuscated code given
> on
> % their website does not run:
> 'Undefined
> % subroutine &main::zb463d7d1b4'.)
>
> The code won't run due to this error
> because
> the *PIECE* of original and obfuscated
> files is present on the webpage, not
> entire file.
>
Well, either way no one's going to be buying your assinine software through freshmeat now that they've demonstrate how reversible it is.
sed 's/z5da4d3837d/a/g' stunnixsucks.pl | sed ....
Re: How Lame Can You Get?
> The deobfuscator for this tool is 'perl
> -MO=Deparse'. It doesn't rename the
> variables to something meaningful and it
> doesn't restore doublequoted strings,
> but apart from that it does a good job
> on the example code given on the site.
>
> (And BTW, the obfuscated code given on
> their website does not run: 'Undefined
> subroutine &main::zb463d7d1b4'.)
The code won't run due to this error because
the *PIECE* of original and obfuscated files is present on the webpage, not entire file.
Re: How Lame Can You Get?
> And there is a demand for Perl obfuscator - it's obvious.
Hey pal, there's a demand for child porn. Go post a Other/Proprietary tarball here?
This kind of thing really doesn't have it's moral place here.
2 all: go to scoop and ask to remove it? (sorry stunnix)