| View previous topic :: View next topic |
| Author |
Message |
micky
Voice
Joined: 13 Dec 2004
Posts: 11
|
 Posted: Wed Dec 29, 2004 3:43 pm Post subject: Encrypt |
 |
|
Some of you know how encrypt tcl? (http://mini.net/tcl/728)
Maybe some of you would be so kind and tell me how i can encrypt scripts or how to use obfuscation. |
|
| Back to top |
|
 |
^DooM^
Owner
Joined: 26 Aug 2003
Posts: 772
Location: IronForge
|
| Posted: Wed Dec 29, 2004 3:48 pm Post subject: |
|
|
why would you want to encrypt a script?
_________________
The lifecycle of a noob is complex. Fledgling noobs gestate inside biometric pods. Once a budding noob has matured thru gestation they climb out of their pod, sit down at a PC, ask a bunch of questions that are clearly in the FAQ, The Noob is born |
|
| Back to top |
|
|
demond
Revered One
Joined: 12 Jun 2004
Posts: 3073
Location: San Francisco, CA
|
| Posted: Wed Dec 29, 2004 3:53 pm Post subject: |
|
|
you can compile your script with TclPro, it will produce a .tbc file which has a little loader header in clear Tcl (which of course depends on external library - libtbcload) and the rest is compiled bytecode stuff, similar to that in Java .class files (needless to say, there are .tbc decompilers, I hear user wrote one  so your script will never be safe from cracking) |
|
| Back to top |
|
|
demond
Revered One
Joined: 12 Jun 2004
Posts: 3073
Location: San Francisco, CA
|
| Posted: Wed Dec 29, 2004 4:12 pm Post subject: |
|
|
| alternatively, if you need script encryption as a preventive measure against peeking at your files on the shell, you can store your scripts encrypted with a key (of course, you'll need to patch your bot to be able to load those scripts) |
|
| Back to top |
|
|
Ofloo
Owner
Joined: 13 May 2003
Posts: 953
Location: Belguim
|
| Posted: Wed Dec 29, 2004 4:13 pm Post subject: |
|
|
hmm i don't see the point using tcl as an ecrypter knowning that.. if you read the script that is gone encrypt it that it can be used to decrypt it ..
you will need to write a module to encrypt it .. when its compiled you can use a key or something which can't be read from the binary file.. when it is compiled .. well everything is possible if you know how but still its gone be a hard and for sur when you use hex chars .. to hide that code .. or encrypt the variables within the c code..
_________________
XplaiN but think of me as stupid |
|
| Back to top |
|
|
micky
Voice
Joined: 13 Dec 2004
Posts: 11
|
|
| Back to top |
|
|
demond
Revered One
Joined: 12 Jun 2004
Posts: 3073
Location: San Francisco, CA
|
| Posted: Wed Dec 29, 2004 4:48 pm Post subject: |
|
|
lame and primitive obfuscation scriptlet, presumably hiding even lamer script (hard-coded parsing of HTML, will stop working when they change the webpage) |
|
| Back to top |
|
|
Ofloo
Owner
Joined: 13 May 2003
Posts: 953
Location: Belguim
|
| Posted: Wed Dec 29, 2004 9:02 pm Post subject: |
|
|
i think i understand verry well what you wana do you wana encrypt the script so its only readable to the module..
you wana hide the script source ..
then if you wana do that you need a module not a script a module can decrypt or crypt a script you load the crypt into memory then decrypt it.. thats how u can do it .. and eval the code.. in the variable .. but making this work you should use a C module cause if you use a tcl script then there is no use crypting it .. you will be able to read how to decrypt it from the script cause the encrypter or decrypter still will be open source if you use a tcl script to crypt or decrypt it !!!!!
or do you mean a script that decrypts encrypted text that passes by in a channel ??
_________________
XplaiN but think of me as stupid |
|
| Back to top |
|
|
^DooM^
Owner
Joined: 26 Aug 2003
Posts: 772
Location: IronForge
|
| Posted: Wed Dec 29, 2004 9:48 pm Post subject: |
|
|
try saying that after a few pints Ofloo 
_________________
The lifecycle of a noob is complex. Fledgling noobs gestate inside biometric pods. Once a budding noob has matured thru gestation they climb out of their pod, sit down at a PC, ask a bunch of questions that are clearly in the FAQ, The Noob is born |
|
| Back to top |
|
|
user
Joined: 18 Mar 2003
Posts: 1452
Location: Norway
|
| Posted: Wed Jan 05, 2005 9:51 pm Post subject: Maybe a bit too late... :) |
|
|
this is a slightly modified version of my code from this post...
| Code: |
# turn a string into random (octal/hexadecimal/unicode) escapes
proc lamesc str {
set o ""
foreach c [split $str ""] {
if {[string is space $c]} {
append o $c
} {
append o [switch [expr {int(rand()*3)}] {
0 {format \\%o [scan $c %c]}
1 {format \\x%x [scan $c %c]}
2 {format \\u%x [scan $c %c]}
}]
}
}
set o
}
# obfuscate a piece of code
proc obfuscate code {
foreach c [split $code ""] {set tmp($c) ""}
set chrs [array names tmp]
set i [array size tmp]
set forward [set back [list]]
foreach c $chrs {
set r [expr {int(rand()*$i)}]
incr i -1
lappend forward $c [lindex $chrs $r]
set back [concat [list [lindex $chrs $r] $c] $back]
set chrs [lreplace $chrs $r $r]
}
switch [expr {int(rand()*3)}] {
0 {set cmd "if [expr {1+int(rand()*(1<<24))}]"}
1 {set cmd eval}
2 {set cmd "uplevel 0"}
}
set code "[lamesc $cmd] \[[lamesc "string map"] [list $back [string map $forward $code]]\]"
}
# obfuscate everything between #OBF and #/OBF in one file and dump the result to another file
proc OBF {infile {outfile {}} {A "#OBF\n"} {B "\n#/OBF\n"}} {
set i [set c 0]
set j [string len $A]
set k [string len $B]
set data [read [set f [open $infile]]][close $f]
if {$outfile=={}} {set f [open $infile w]} {set f [open $outfile w]}
while {
[set a [string first $A $data $i]]>-1
&&
[set b [string first $B $data $a]]>-1
} {
puts -nonewline $f [string range $data $i [expr {$a-1}]]
puts $f [obfuscate [string range $data [incr a $j] [expr {$b-1}]]]
set i [expr {$b+$k}]
incr c
}
puts -nonewline $f [string range $data $i end]
close $f
set c
}
# look for command line parameters and invoke OBF if there are any
if $argc {
if {[catch [concat OBF $argv] err]} {
puts $err
} else {
puts "$err part[expr {$err==1?"":"s"}] obfuscated."
}
exit
}
|
source the script and invoke the procs you want
...or save it to a file and do 'tclsh file input.tcl output.tcl' in your shell (will run the OBF proc on input.tcl and write the result to output.tcl)
Example:
| Code: | proc demobf args {
#OBF
return "Hello world"
#/OBF
} |
...was turned into the beautiful code below by OBF
| Code: | proc demobf args {
\x75\u70\154\u65\u76\145\u6c \60 [\163\x74\x72\151\u6e\147 \x6d\141\160 {o o r n e l d { } n H w w { } u t e H t {"} d u {"} l r { } { }} {dltH lr unteeo wole"u}]
} |
Using it to obfuscate only the body of a proc, like I did here, is not recommended.
_________________
Have you ever read "The Manual"? |
|
| Back to top |
|
|
mm
Halfop
Joined: 01 Jul 2004
Posts: 78
|
| Posted: Wed Jan 05, 2005 11:18 pm Post subject: |
|
|
Hi,
demond | Quote: | | alternatively, if you need script encryption as a preventive measure against peeking at your files on the shell, you can store your scripts encrypted with a key (of course, you'll need to patch your bot to be able to load those scripts) |
demond, where can i find a patch?
thanks
_________________
MM |
|
| Back to top |
|
|
demond
Revered One
Joined: 12 Jun 2004
Posts: 3073
Location: San Francisco, CA
|
| Posted: Wed Jan 05, 2005 11:58 pm Post subject: |
|
|
| mm wrote: | Hi,
demond | Quote: | | alternatively, if you need script encryption as a preventive measure against peeking at your files on the shell, you can store your scripts encrypted with a key (of course, you'll need to patch your bot to be able to load those scripts) |
demond, where can i find a patch?
thanks |
I don't believe you'll find such a patch available publicly; after all, the whole point of that is to conceal how the actual encryption (respectivelly decryption/loading) is done, in order to prevent potential crackers/takeover monkeys from patching your scripts (or at least to make their task harder; if they want your channel really bad and have some skills, they'd crack the bot binary anyway; besides, there are other methods for hacking ops from encrypted bot, such as connection hijacking, using ptrace() to attach to & control bot's process, etc.)
I once wrote similar patch for eggdrop 1.4, but it's not much of a use today anyway |
|
| Back to top |
|
|
metroid
Owner
Joined: 16 Jun 2004
Posts: 771
|
| Posted: Thu Jan 06, 2005 3:58 am Post subject: |
|
|
| User, how would you go about deobfuscating that script you obfuscate with your code so you can actually use it? :p |
|
| Back to top |
|
|
user
Joined: 18 Mar 2003
Posts: 1452
Location: Norway
|
| Posted: Thu Jan 06, 2005 4:30 am Post subject: |
|
|
just run it 
_________________
Have you ever read "The Manual"? |
|
| Back to top |
|
|
lsn
Voice
Joined: 19 Jul 2004
Posts: 25
|
| Posted: Fri Dec 23, 2005 8:21 am Post subject: |
|
|
I write that code into a file named tcl
I run the code: | Code: | | tclsh8.4 tcl x.tcl z.tcl |
I get this | Quote: | | 0 parts obfuscated. |
And the file z.tcl was identical with x.tcl, nothing has changed.. What goes wrong ? |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
