StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow to properly deobfusacte a Perl script?
primarykey
Id
9342164
data
AcceptedAnswerId
9342353
AnswerCount
1
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2012-02-18T14:45:49.700
FavoriteCount
11
LastActivityDate
2016-01-16T18:48:50.337
LastEditDate
2016-01-16T18:48:50.337
LastEditorUserId
792066
OwnerUserId
50065
ParentId
0
PostTypeId
1
Score
54
ViewCount
1836
LastEditorDisplayName
text
Body
I'm trying to deobfuscate the following Perl code (<a href="http://www.cafepress.co.uk/+just_another_genome_hacker_white_t,5065189">source</a>): <pre><code>#!/usr/bin/perl (my$d=q[AA GTCAGTTCCT CGCTATGTA ACACACACCA TTTGTGAGT ATGTAACATA CTCGCTGGC TATGTCAGAC AGATTGATC GATCGATAGA ATGATAGATC GAACGAGTGA TAGATAGAGT GATAGATAGA GAGAGA GATAGAACGA TC GATAGAGAGA TAGATAGACA G ATCGAGAGAC AGATA GAACGACAGA TAGATAGAT TGAGTGATAG ACTGAGAGAT AGATAGATTG ATAGATAGAT AGATAGATAG ACTGATAGAT AGAGTGATAG ATAGAATGAG AGATAGACAG ACAGACAGAT AGATAGACAG AGAGACAGAT TGATAGATAG ATAGATAGAT TGATAGATAG AATGATAGAT AGATTGAGTG ACAGATCGAT AGAACCTTTCT CAGTAACAGT CTTTCTCGC TGGCTTGCTT TCTAA CAACCTTACT G ACTGCCTTTC TGAGATAGAT CGA TAGATAGATA GACAGAC AGATAGATAG ATAGAATGAC AGACAGAGAG ACAGAATGAT CGAGAGACAG ATAGATAGAT AGAATGATAG ACAGATAGAC AGATAGATAG ACAGACAGAT AGACAGACTG ATAGATAGAT AGATAGATAG AATGACAGAT CGATTGAATG ACAGATAGAT CGACAGATAG ATAGACAGAT AGAGTGATAG ATTGATCGAC TGATTGATAG ACTGATTGAT AGACAGATAG AGTGACAGAT CGACAGA TAGATAGATA GATA GATAGATAG ATAGACAGA G AGATAGATAG ACA GTCGCAAGTTC GCTCACA ])=~s/\s+//g;%a=map{chr $_=>$i++}65,84,67, 71;$p=join$;,keys%a;while($d=~/([$p]{4})/g ){next if$j++%96>=16;$c=0;for$d(0..3){$c+= $a{substr($1,$d,1)}*(4**$d)}$perl.=chr $c} eval $perl; </code></pre> When run, it prints out <code>Just another genome hacker.</code> After running the code trough <code>Deparse</code> and <code>perltidy</code> (<code>perl -MO=Deparse jagh.pl | perltidy</code>) the code looks like this: <pre><code>( my $d = "AA...GCTCACA\n" # snipped double helix part ) =~ s/\s+//g; (%a) = map( { chr $_, $i++; } 65, 84, 67, 71 ); $p = join( $;, keys %a ); while ( $d =~ /([$p]{4})/g ) { next if $j++ % 96 >= 16; $c = 0; foreach $d ( 0 .. 3 ) { $c += $a{ substr $1, $d, 1 } * 4**$d; } $perl .= chr $c; } </code></pre> Here's what I've been able to decipher on my own. <pre><code>( my $d = "AA...GCTCACA\n" # snipped double helix part ) =~ s/\s+//g; </code></pre> removes all whitespace in <code>$d</code> (the double helix). <pre><code>(%a) = map( { chr $_, $i++; } 65, 84, 67, 71 ); </code></pre> makes a hash with as keys <code>A</code>, <code>T</code>, <code>C</code> and <code>G</code> and as values <code>0</code>, <code>1</code>, <code>2</code> and <code>3</code>. I normally code in Python, so this translates to a dictionary <code>{'A': 0, 'B': 1, 'C': 2, 'D': 3}</code> in Python. <pre><code>$p = join( $;, keys %a ); </code></pre> joins the keys of the hash with <code>$;</code> the <a href="http://perldoc.perl.org/perlvar.html">subscript separator for multidimensional array emulation</a>. The documentation says that the default is "\034", the same as SUBSEP in awk, but when I do: <pre><code>my @ascii = unpack("C*", $p); print @ascii[1]; </code></pre> I get the value <code>28</code>? Also, it is not clear to me how this emulates a multidimensional array. Is <code>$p</code> now something like <code>[['A'], ['T'], ['C'], ['G']]</code> in Python? <pre><code> while ( $d =~ /([$p]{4})/g ) { </code></pre> As long as <code>$d</code> matches <code>([$p]{4})</code>, execute the code in the while block. but since I don't completely understand what structure <code>$p</code> is, i also have a hard time understanding what happens here. <pre><code>next if $j++ % 96 >= 16; </code></pre> Continue if the the <code>$j</code> modulo 96 is greater or equal to 16. <code>$j</code> increments with each pass of the while loop (?). <pre><code>$c = 0; foreach $d ( 0 .. 3 ) { $c += $a{ substr $1, $d, 1 } * 4**$d; } </code></pre> For <code>$d</code> in the range from <code>0</code> to <code>3</code> extract some substring, but at this point I'm completely lost. The last few lines concatenate everything and evaluates the result.
Tags
<perl><deobfuscation>
Title
How to properly deobfusacte a Perl script?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USBraiam
UserOwnerUserId
1. USBioGeek
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POHow to properly deobfusacte a Perl script?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POHow to properly deobfusacte a Perl script?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POHow to properly deobfusacte a Perl script?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.