Friday, 26 August 2016 17:25
30 minutes
Intermediate
English
Rx is a cross language obfuscator, helps to obfuscating the code with communication continuity.
A new challenge came to us, that we have to obfuscate a web application had a development of more than two years implemented in Perl.PHP,JS,HTML,CSS ,PostgreSQL.
A HTML element in form (<input id=”first_name” >), validated in JavaScript (document.getElementById(‘first_name’)), formatted by element id method in CSS(#first_name{..}), communicated to PHP/Perl ($_POST[‘first_name’]/$CGI->param(‘first_name’), inserted in DB as INSERT INTO table_name(first_name).. and finally send back to HTML by Template Variables(<TMPL_VAR FIRST_NAME>) from PHP/Perl. It’s a straight communication, but the real time usage has variance in different attitudes in implementation subject to the language methods. Now all the “first name” should be replaced by ‘*****’
A challenge and opportunity came together. Initial attempts were taken by commercial tools and c in Linux environment. But the cross language usage variances become a challenge. We unable to treat different things as different things, we have to find different usages of single communication and treat them similar way to maintain the communication between languages.
Instead of find and replace, we followed to capture the keys (first_name) in various possible contexts, then index it (1=>first_name) and finally obfuscate it (1=>’zxcde’). It‘s worked better than straight (A=>B) replacements.
In this talk,
we will share the journey of Rx tool evaluation and how the Perl’s Regular Expression and natural expressiveness saved the day. I will hint on basic usage, internal structure, scalability & extendibility.