The Oracle wrap utility can be used to obfuscate PL/SQL code, to ensure it can't be easily read. The wrapping process for Oracle 9g described by Pete Finnigan, but for 10g and 11g it still remains a bit of a mystery.
To see pdf file about How to Unwrap PL/SQL, see the link below:
http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Finnigan.pdf
The unwrapping steps for 10g are nicely described in the Oracle Hacker's Handbook, but the actual substitution table needed to decode the package is omitted. A lot of people seem to know how to do it though, there is even an online unwrapper available. See the link below:
http://hz.codecheck.ch/UnwrapIt/Unwrap.jsp
A Russian-made closed source tool is also available, but tends to upset virus scanners.To download unwrap.py, please click the link below:
http://www.teusink.net/unwrap.py
For more details, please refer here:
http://blog.teusink.net/2010/04/unwrapping-oracle-plsql-with-unwrappy.html
Wednesday, April 14, 2010
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment