Re: OT: Base64 encoding in obfuscated Perl

From: Andreas Meyer (no email)
Date: Mon Sep 01 2003 - 02:19:30 EDT

Next message: cRuX: "Re: problem "email lost", part 2"
Previous message: Noel Jones: "Re: Mime_header_checks and header_checks"
Next in thread: Liviu Daia: "Re: OT: Base64 encoding in obfuscated Perl"
Maybe reply: Liviu Daia: "Re: OT: Base64 encoding in obfuscated Perl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Liviu Daia <> schrieb:

> > Both methods produce the same results in my tests:
>
> They don't, please note the size difference:
>
> [...]
> > -rw-r--r-- 1 root root 336446 Aug 31 22:54 fi-big
> > -rw-r--r-- 1 root root 336447 Aug 31 22:55 fi-small
> > -rw-r--r-- 1 root root 127451154 Aug 31 23:01 mail-big
> > -rw-r--r-- 1 root root 127451155 Aug 31 22:58 mail-small
>
> Here's another experiment, which probably shows better what I'm
> talking about:
>
> [daia at euler/~]> ls -l /var/log/wtmp
> -rw-r--r-- 1 root wheel 744576 Sep 1 02:25 /var/log/wtmp
> [daia at euler/~]> perl -MMIME::Base64 -e 'print encode_base64 $b while (read STDIN, $b, 57)' </var/log/wtmp >wtmp-1
> [daia at euler/~]> perl -MMIME::Base64 -pne '$/=\57; $_=encode_base64 $_' </var/log/wtmp >wtmp-2
> [daia at euler/~]> ls -l wtmp-*
> -rw-r--r-- 1 daia ancompl 1005831 Sep 1 02:36 wtmp-1
> -rw-r--r-- 1 daia ancompl 1005836 Sep 1 02:36 wtmp-2
> [daia at euler/~]> pcregrep -nv '\S{76}' wtmp-*
> wtmp-1:13063:Uj8DSQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> wtmp-2:330:AAAAAAAAAAAAAAAAAAAAAAAAAL0RTD+qmwo=
> wtmp-2:13064:AAAAAAAAAAAAAAAAAAAAAA==
> [daia at euler/~]> sed -e '1,328d; 332,$d' <wtmp-2
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAL0RTD+qmwo=
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAPZgAAAAAAAAAAAAAAAAAA
> [daia at euler/~]> perl -V | head -1
> Summary of my perl5 (revision 5.0 version 6 subversion 1) configuration:

-rw-r--r-- 1 root root 336446 Aug 31 22:54 fi-big
-rw-r--r-- 1 root root 336447 Aug 31 22:55 fi-small

delta:/home # pcregrep -nv '\S{76}' fi-big
4370:byBJUHY2IHJvdXRlcnMgcHJlc2VudAo=

delta:/home # sed -e '1,328d; 332,$d' < fi-big
dWwgIDggMTE6MTY6MDQgZGVsdGEga2VybmVsOiAgIGh0dHA6Ly93d3cuc2N5bGQuY29tL25ldHdv
cmsvdmlhLXJoaW5lLmh0bWwKSnVsICA4IDExOjE2OjA0IGRlbHRhIGtlcm5lbDogUENJOiBGb3Vu
ZCBJUlEgMTEgZm9yIGRldmljZSAwMDoxMS4wCkp1bCAgOCAxMToxNjowNCBkZWx0YSBrZXJuZWw6

delta:/home # pcregrep -nv '\S{76}' fi-small
5:Q0sgRklOIFVSR1A9MCAK
4371:cHJlc2VudAo=

delta:/home # sed -e '1,328d; 332,$d' < fi-small
MyAgTm92LTE3LTIwMDEgIFdyaXR0ZW4gYnkgRG9uYWxkIEJlY2tlcgpKdWwgIDggMTE6MTY6MDQg
ZGVsdGEga2VybmVsOiAgIGh0dHA6Ly93d3cuc2N5bGQuY29tL25ldHdvcmsvdmlhLXJoaW5lLmh0
bWwKSnVsICA4IDExOjE2OjA0IGRlbHRhIGtlcm5lbDogUENJOiBGb3VuZCBJUlEgMTEgZm9yIGRl

delta:/home # perl -V | head -1
Summary of my perl5 (revision 5.0 version 6 subversion 1) configuration:

I'm clueless.

-- 
  Andreas Meyer           | http://www.anup.de
                          | http://home.wtal.de/MeineHomepage
  Key fingerprint = 91 F2 F8 DA 6F F0 5A FD  C5 94 3A D5 1A DF AF C5

Next message: cRuX: "Re: problem "email lost", part 2"
Previous message: Noel Jones: "Re: Mime_header_checks and header_checks"
Next in thread: Liviu Daia: "Re: OT: Base64 encoding in obfuscated Perl"
Maybe reply: Liviu Daia: "Re: OT: Base64 encoding in obfuscated Perl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs