Yes, it's possible, and not very hard.
Sybase's SQL Anywhere product has a feature that allows the contents of functions, views, stored procedures, and triggers to be obfuscated in an allegedly one-way fashion. When an object is hidden with the SET HIDDEN clause, its contents are transformed into a mash of symbols. Even DBAs can't see the original text, and all the Sybase documentation says the plaintext is unrecoverable.
There is an undocumented feature in Sybase ASE that provides a command in diagnostic mode that can reverse the process. The problem is that SQL Anywhere does not have diagnostic mode or the dbcc command.
At first, I thought that the obfuscation process compiled the SQL into something lower-level, but no. The server program can reverse it, and does so when the object is called for.
Suppose you have a hidden procedure (or an encrypted stored procedure, as I've heard some call it) called SECRETPROC. To make the server load it into memory, you'll need to call it. Some installations of SQL Anywhere come with a tool labeled dbisql.exe that you can use as an interactive SQL environment. Invoke the procedure - it doesn't have to run; I would suggest calling it with a bogus number of arguments so that you don't accidentally run something bad. Then quickly open Task Manager, find the server process (called dbsrv11.exe for me because I'm using SQL Anywhere 11), right-click it, and choose Create dump file.
Once that finishes, open the resulting file in a hex editor (though Notepad might work too). I like XVI32 for such things. Search for the name of the procedure - e.g. SECRETPROC - with correct capitalization. There will be a few mentions of it (and the obfuscated version of it too), keep going until you see one that starts with create function and has a bunch of SQL code after it. Everything from that keyphrase to the next null byte is the stored procedures code.
If you're using XVI32, click on the beginning of the interesting part in the right pane and hold Shift while using the arrow keys to go to the end of the part you want. The text will turn red. You can then use Ctrl+C to copy the data, Ctrl+N to create a new file, Ctrl+V to paste the data, and File → Save to write it out to a new file.
I suppose SET HIDDEN isn't a security feature anymore.
No comments:
Post a Comment