Williams Orellana

Decrypt SQL Stored Procedures

February 16th, 2012Blog • SQL0 Comments

In work I have to use proprietary software, some days ago my boss asked me if I could decrypt some stored procedures in MS SQL 2005, a person whose doesn’t works for the company anymore decided encrypt some essentials stored procedures, so I decided take the challenge

Here’s a little resume how the problem was solved:

First of all is ensure that the DAC option is enabled

Since DAC cannot be accessed via network, you must access locally, you can do this putting ADMIN: before the database address and instance (e.g. admin:myserver\defaultinstance), then you must logon in the regular way (DAC don’t allow the object browser, so you’re alone) after this, simply go to the database where the stored procedures are located and execute the following script:

Source code

DECLARE @ObjectOwnerOrSchema NVARCHAR(128)
DECLARE @ObjectName NVARCHAR(128)
 
SET @ObjectOwnerOrSchema = 'dbo'
SET @ObjectName = 'NameOfTheStoredProcedureHERE'
 
DECLARE @i INT
DECLARE @ObjectDataLength INT
DECLARE @ContentOfEncryptedObject NVARCHAR(MAX)
DECLARE @ContentOfDecryptedObject VARCHAR(MAX)
DECLARE @ContentOfFakeObject NVARCHAR(MAX)
DECLARE @ContentOfFakeEncryptedObject NVARCHAR(MAX)
DECLARE @ObjectType NVARCHAR(128)
DECLARE @ObjectID INT
 
SET NOCOUNT ON
 
SET @ObjectID = OBJECT_ID('[' + @ObjectOwnerOrSchema + '].[' + @ObjectName + ']')
 
-- Check that the provided object exists in the database.
IF @ObjectID IS NULL
BEGIN
RAISERROR('El nombre del objeto provisto no existe en la base de datos.', 16, 1)
RETURN
END
 
-- Check that the provided object is encrypted.
IF NOT EXISTS(SELECT TOP 1 * FROM syscomments WHERE id = @ObjectID AND encrypted = 1)
BEGIN
RAISERROR('El objeto provisto existe, sin embargo no esta encriptado. Abortando.', 16, 1)
RETURN
END
 
-- Determine the type of the object
IF OBJECT_ID('[' + @ObjectOwnerOrSchema + '].[' + @ObjectName + ']', 'PROCEDURE') IS NOT NULL
SET @ObjectType = 'PROCEDURE'
ELSE
IF OBJECT_ID('[' + @ObjectOwnerOrSchema + '].[' + @ObjectName + ']', 'TRIGGER') IS NOT NULL
SET @ObjectType = 'TRIGGER'
ELSE
IF OBJECT_ID('[' + @ObjectOwnerOrSchema + '].[' + @ObjectName + ']', 'VIEW') IS NOT NULL
SET @ObjectType = 'VIEW'
ELSE
SET @ObjectType = 'FUNCTION'
 
-- Get the binary representation of the object- syscomments no longer holds
-- the content of encrypted object.
SELECT TOP 1 @ContentOfEncryptedObject = imageval
FROM sys.sysobjvalues
WHERE objid = OBJECT_ID('[' + @ObjectOwnerOrSchema + '].[' + @ObjectName + ']')
AND valclass = 1 AND subobjid = 1
 
SET @ObjectDataLength = DATALENGTH(@ContentOfEncryptedObject)/2
 
-- We need to alter the existing object and make it into a dummy object
-- in order to decrypt its content. This is done in a transaction
-- (which is later rolled back) to ensure that all changes have a minimal
-- impact on the database.
SET @ContentOfFakeObject = N'ALTER ' + @ObjectType + N' [' + @ObjectOwnerOrSchema + N'].[' + @ObjectName + N'] WITH ENCRYPTION AS'
 
WHILE DATALENGTH(@ContentOfFakeObject)/2 < @ObjectDataLength
BEGIN
IF DATALENGTH(@ContentOfFakeObject)/2 + 8000 < @ObjectDataLength
SET @ContentOfFakeObject = @ContentOfFakeObject + REPLICATE(N'-', 8000)
ELSE
SET @ContentOfFakeObject = @ContentOfFakeObject + REPLICATE(N'-', @ObjectDataLength - (DATALENGTH(@ContentOfFakeObject)/2))
END
 
-- Since we need to alter the object in order to decrypt it, this is done
-- in a transaction
SET XACT_ABORT OFF
BEGIN TRAN
 
EXEC(@ContentOfFakeObject)
 
IF @@ERROR <> 0
ROLLBACK TRAN
 
-- Get the encrypted content of the new "fake" object.
SELECT TOP 1 @ContentOfFakeEncryptedObject = imageval
FROM sys.sysobjvalues
WHERE objid = OBJECT_ID('[' + @ObjectOwnerOrSchema + '].[' + @ObjectName + ']')
AND valclass = 1 AND subobjid = 1
 
IF @@TRANCOUNT > 0
ROLLBACK TRAN
 
-- Generate a CREATE script for the dummy object text.
SET @ContentOfFakeObject = N'CREATE ' + @ObjectType + N' [' + @ObjectOwnerOrSchema + N'].[' + @ObjectName + N'] WITH ENCRYPTION AS'
 
WHILE DATALENGTH(@ContentOfFakeObject)/2 < @ObjectDataLength
BEGIN
IF DATALENGTH(@ContentOfFakeObject)/2 + 8000 < @ObjectDataLength
SET @ContentOfFakeObject = @ContentOfFakeObject + REPLICATE(N'-', 8000)
ELSE
SET @ContentOfFakeObject = @ContentOfFakeObject + REPLICATE(N'-', @ObjectDataLength - (DATALENGTH(@ContentOfFakeObject)/2))
END
 
SET @i = 1
 
--Fill the variable that holds the decrypted data with a filler character
SET @ContentOfDecryptedObject = N''
 
WHILE DATALENGTH(@ContentOfDecryptedObject)/2 < @ObjectDataLength
BEGIN
IF DATALENGTH(@ContentOfDecryptedObject)/2 + 8000 < @ObjectDataLength
SET @ContentOfDecryptedObject = @ContentOfDecryptedObject + REPLICATE(N'A', 8000)
ELSE
SET @ContentOfDecryptedObject = @ContentOfDecryptedObject + REPLICATE(N'A', @ObjectDataLength - (DATALENGTH(@ContentOfDecryptedObject)/2))
END
 
WHILE @i BEGIN
--xor real & fake & fake encrypted
SET @ContentOfDecryptedObject = STUFF(@ContentOfDecryptedObject, @i, 1,
NCHAR(
UNICODE(SUBSTRING(@ContentOfEncryptedObject, @i, 1)) ^
(
UNICODE(SUBSTRING(@ContentOfFakeObject, @i, 1)) ^
UNICODE(SUBSTRING(@ContentOfFakeEncryptedObject, @i, 1))
)))
 
SET @i = @i + 1
END
 
-- PRINT the content of the decrypted object
SELECT substring(@ContentOfDecryptedObject, len(@ContentOfDecryptedObject) - 1000, 1000)
 
-- PRINT the content of the decrypted object
PRINT(@ContentOfDecryptedObject)

and that it’s I hope this can be useful to someone.

Best Regards!!

Install PEAR on Debian Squeeze being normal user

February 13th, 2012Blog • PHP0 Comments

Sometimes when you need to install PEAR, you do not want to do it globally, an easy way to do this is what I show below.

How do I do?

To carry out the task we need the file phar that contains the PEAR package manager. You can download with wget, just have to open a terminal and run the following command.

wget http://pear.php.net/go-pear.phar

If you execute the command

$ php go-pear.phar

Really nothing happens, only when you look in /var/log/syslog you can see what really happens, Suhosin indicating the error occurred.

Why?

By default the version of PHP that has Debian provides built the Suhosin patch which adds security to the interpreter, but results in slight discomfort for developers.

How I can fix?

Really is very easy, we just have to tell the PHP interpreter to ignore the directive only for this run and run the phar indicated:

$ php -d suhosin.executor.include.whitelist="phar" go-pear.phar

And that’s it, easy right?

I hope it’s useful for you

Best Regards!!

Programming in Python

February 7th, 2012Blog • Python0 Comments

As the title says, I decided to start the journey of learning a new programming language, I have finally decided by Python, So here I leave a few links where you can find e-books to get started in learning this great programming language.

A byte of Python

Is a great benninger’s book on Python by Swaroop C H.

Python Programming

Is a wikibook guide to Python

Think Python

is a beginner’s programming book written by Zed Shaw. It was written for Python 2.6.

And last but not least, an online interactive programming resource code.he.net, I hope that these resources are of great use to you, and remember never give up.

Best Regards!!

Starting again

January 6th, 2012Blog • Life0 Comments

Well, new year and new blog, but not because I want in that way, it’s because my old hosting provider decided suspend my account, why? I don’t know, I just know that they want me to upgrade my account to reactivate it again. So I decided change my hosting provider

Unfortunately, I couldn’t make a backup of the older posts anyway I don’t think much was lost, is just as well, so I can start again and in a best way