I had previously figured out how to get at the unobfuscated text of an SQL Anywhere 11 stored procedure that was protected by SET HIDDEN, but that method requires a lot of manual clicking and is less than reliable when it comes to getting the full text of long procedures.
Today I had some spare time, so I worked at reversing the actual obfuscation process. I was successful, but publishing the algorithm here would be a legally dubious proposition even though I didn't steal any code from the SQL Anywhere server program. Mostly, I just put in lots of slightly different plaintexts to see how the obfuscated output differed. The final necessary epiphany came when I modified certain strings in one file to cause a clearer delineation of the sections of the obfuscated text.
I can say that the algorithm is pretty simple; my function is only 26 lines of VB.NET code. There is no tokenization of any kind, so every bit of the text that gets stored in sys.sysprocedure (e.g. comments but not extra semicolons) is recoverable. The process is lightning fast and not computationally intensive at all.
No comments:
Post a Comment