Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

simple perl program

Here you can discuss every aspect of Debian. Note: not for support requests!
Post Reply
Message
Author
User avatar
kp
Posts: 13
Joined: 2006-03-02 13:26
Location: Ukraine
Contact:

simple perl program

#1 Post by kp »

cat "test... test... test..." | perl -e '$??s:;s:s;;$?::s;;=]=>%-{\\>%<-{;;y; -/:-@[-`{-};`-{/" -;;s;;$_;see'

if u don't know exactly what this program doing PLEASE DO NOT COPY-PASTE it into command shell

i've found it on linux-related forum with request for help "why it's not working??"

what do you all think about that?

P.S. i'm really interested if somebody can tell me what is this program for that's why i'm not telling that here

:twisted:
devil in the details

Harold
Posts: 1482
Joined: 2005-01-07 00:15
Been thanked: 3 times

#2 Post by Harold »

A google search of this string returned 3,300 hits, most of them telling me that the perl string boils down to rm -rf /.

kp> what do you all think about that? P.S. i'm really interested if somebody can tell me what is this program for that's why i'm not telling that here

I am not amused, kp.

lacek
Posts: 764
Joined: 2004-03-11 18:49
Location: Budapest, Hungary
Contact:

#3 Post by lacek »

This script indeed tries to run "rm -rf /". Neither am I amused.
What am I thinking about it? Do you really care? So well, you asked for it. I think you should really rewrite the code in order not to do anything harmful. Yeah, yeah, you asked everybody not to run the code. This is a nice thing to do, but you know what? It would be way nicer if you asked the question like this:

Can you understand what does this code do?:
echo "hey_kp"|perl -e '$??s:;s:s;;$?::s;;:<).>}|-!.}]/?}=?#+\n|;;y# -/:-@[-_{-}#`-{/" -#;s@@$_@see;'
Way nicer, isn't it? :-)

Because you didn't do this, it leads me to believe that
a) You really _don't_ understand this piece of code, and you _can't_ modify it in order to make it a bit less destructive, or
b) You don't care if someone accidentally wipes his/her system in an attempt of trying to run the code, because "you warned him/her".

Now, my opinion in either case:
a) Don't try to make yourself look more "hardcore" by picking up some litter from the internet. Try to understand things like this before you do anything. Modify them not to do anything harmful. _Then_ it could even be fun.
b) You are a careless stupid "coder" who tries to be destructive. This forum is for _helping_ the people, not for harming them in order to have a good time. So, begone!

Ps: If someone is _really_ interested about how the code works, just ask, and I'll post it here.... :-)

User avatar
kp
Posts: 13
Joined: 2006-03-02 13:26
Location: Ukraine
Contact:

#4 Post by kp »

blah blah blah

i was expecting such reaction

[quote]A google search of this string returned 3,300 hits, most of them telling me that the perl string boils down to rm -rf /.[/quote]

you think i don't know about that?


refering to lacek... i'm not trying to make myself "hardcore" whatever it means.. i'm not stupid and maybe i am "coder" in fact don't know what quoted coder means..

the only way to find out what peolple think about posting such pieces of code is to post some.. that was my question not "what this code for?", "why this code not working?"

[quote]i'm really interested if somebody can tell me what is this program for that's why i'm not telling that here[/quote]

i am not interesting in what program doing i'm interesting if someone can tell what program doing before pasting it into shell.. feel the difference

there is no need to blame me
devil in the details

lacek
Posts: 764
Joined: 2004-03-11 18:49
Location: Budapest, Hungary
Contact:

#5 Post by lacek »

I of course see the difference, it's only kind of careless to post things like this. You know, _many_ people will try to run the code after skimming your post, or worse, many will try to run just to see what's happening...
However, posting sentences like
i'm really interested if somebody can tell me what is this program for that's why i'm not telling that here
suggests that you know very well what the code does, you just don't want to tell it to anyone, instead, you wait if someone is "smart enough" to decypher it.
All the flame wouldn't happened if you hadn't said that.
But well... you did. :-)

As of your question, you didn't really asked why it isn't working. You mentioned that you found a post somewhere, and _that_post_ was asking why isn't it working. But you didn't really asked any questions.
To go further, this thing isn't working because of the "cat" command, which should be "echo" for obvious reasons. Since many people mistakenly uses 'cat' instead of 'echo', this only makes the whole thing more nasty. For a newbie who spots this "mistake" thinks:
"Hey, that guy writes 'cat' instead of 'echo'. I'll answer him, but before that, I'll just make sure that my solution works."
Bummer.
For this, I think that "questions" like this one shouldn't exist. It is not a question, it's a bad "joke" disguised as a question. I'm sure there are someone who finds this whole thing very funny anyway...

Anyway, here is how the script works.

It is basically two regex substitutions and one transliteration. Piping anything into its standard input makes no difference, the perl code doesn't use its input in any way.
If you split the long line on the boundaries of the expressions, you get this:

Code: Select all

$??s:;s:s;;$?::
s;;=]=>%-{\\>%<-{;;
y; -/:-@[-`{-};`-{/" -;;
s;;$_;see
The first line is a condition which does nothing save makes the code look more difficult. If the previous command originated from the perl code wasn't successful, it does some substitutions on the standard input (which the program doesn't use, so effectively it substitutes the nothing).
Since no previous command exists, $? is always 0, so the first line never gets executed.
The second line substitutes the standard input (the nothing) for seemingly meaningless garbage.
The third line is a transliteration operator. It defines 4 ranges, in which the characters gets substituted to the one range and the 4 characters given in the transliteration replacement. I'd prefer not to write the whole transliteration table here, because it's a bit long. If you are really interested, just write the characters in the defined ranges (space to '/', ':' to '@', '[' to '`', and '{' to '}'), and write next tpo them the charactes from the replacement range ('`' to '{'), and finally, write the remaining characters (/,", space and -) from the replacement pattern.
When you have this table, you can see what character gets replaced to what.
The last line executes the resulting command by substituting the nothing with the resulted string (which is 'xterm'. Originally it was 'system"rm -rf /"', and is held in $_), evaluates the substitution as an expression and executes it.

Well, in a nutshell, that's it.
Last edited by lacek on 2006-03-09 07:16, edited 1 time in total.

Lavene
Site admin
Site admin
Posts: 4958
Joined: 2006-01-04 04:26
Location: Oslo, Norway

Re: simple perl program

#6 Post by Lavene »

kp wrote:i've found it on linux-related forum with request for help "why it's not working??"

what do you all think about that?

P.S. i'm really interested if somebody can tell me what is this program for that's why i'm not telling that here

:twisted:
I think that posting malicious code is stupid. Posting malchious code and not tell that it's malicious even when the poster know it is should result in immediate and permanent ban from the forum.

You knowingly put peoples system at risk. And as lacek mentioned the error in the code is easy to spot even if you don't know the first thing about perl, which of course is the intention. This is an attempt to make people wipe their system camouflaged as a script riddle... common among the kids on warez channels on IRC.

Tina

lacek
Posts: 764
Joined: 2004-03-11 18:49
Location: Budapest, Hungary
Contact:

#7 Post by lacek »

I edited the posts, so the script now tries to run xterm instead of "rm -rf /", this way I think I put an end to a simple amusement of a simple soul. :-)

User avatar
kp
Posts: 13
Joined: 2006-03-02 13:26
Location: Ukraine
Contact:

#8 Post by kp »

yeah.. ok.. ban me now, i deserve this :(
devil in the details

Post Reply