Simple reversible encryption

Last year i had to reverse engineering a php file that contain strange code inside and eval().
After digging inside the obfuscation process i write one for bash without any requirement and supporting a loop process. It work simply by combining base64, hex and gz compression.

You can find the code on my github.

Encryption is simple :

./2enc 2 www.cyklodev.com
### Loop 0 
H4sIALIZm1MAA0t1STZOhWOvnFSXyCog2zTVJSoTiLOAOBcoZgDEhkBxI4QakHhUNgAAfNT7QAAAAA
### Loop 1 
H4sIALIZm1MAA02PzQ4CIQyEXwlZ9gVMrxwgwQSu2ATd9ezq0zt1MPHQtOl80x+VFFSiU+lvlbQiDpV8Z30ZKm2Dbr2NmkV8gnfsF/iKI5sfKhXzysK6e/h3ePzkoHXbgboZCy6+VK6DMwq4PMiabr268h6b973NMjx1MrbX5iSw6cT97UamB/5h/xV46zG1MO8En/fpn79Vz57tjgt96S/O41d/AOFiUdA8AQAA

Decryption work with the same number of loop :

./2dec 2 'H4sIALIZm1MAA02PzQ4CIQyEXwlZ9gVMrxwgwQSu2ATd9ezq0zt1MPHQtOl80x+VFFSiU+lvlbQiDpV8Z30ZKm2Dbr2NmkV8gnfsF/iKI5sfKhXzysK6e/h3ePzkoHXbgboZCy6+VK6DMwq4PMiabr268h6b973NMjx1MrbX5iSw6cT97UamB/5h/xV46zG1MO8En/fpn79Vz57tjgt96S/O41d/AOFiUdA8AQAA'
### Loop 0
H4sIALIZm1MAA0t1STZOhWOvnFSXyCog2zTVJSoTiLOAOBcoZgDEhkBxI4QakHhUNgAAfNT7QAAAAA
### Loop 1
www.cyklodev.com

Put nothing behind for usage

./2enc 
 Usage ./2enc [number of loop] '[string]'
If spaces in string protect it with quotes
Warning big data after loop 5

As said just upside, it’s really heavy after more than 5 loop even for small source.

How to write you own perl module

Today i will cover the writing of perl modules. Perl is a powerful language with a particular usage on parsing things very efficiently. The performance of perl is really close to the C language, and it has a big advantage, it’s embedded in your GNU/Linux systems !

This tutorial will follow these lines :

  • Perl on your system
  • Simple perl module
  • Cpanminus usage

Perl on your system

First of all you have to understand that perl look only in particular directories on the system to get available modules. To check these path you can simply type :

perl -V

It will give you the actual version, compilation options, etc … end at the bottom the @INC variable where are the modules.

  Built under linux
  Compiled at Feb  4 2014 23:11:19
  @INC:
    /root/perl-vault
    /etc/perl
    /usr/local/lib/perl/5.14.2
    /usr/local/share/perl/5.14.2
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.14
    /usr/share/perl/5.14
    /usr/local/lib/site_perl

You can get this @INC list without other annoying infos with this command:

perl -e 'print join "\n", @INC'

Now it’s time to use our Module, and so we have to define the path we want to use to store our modules. And first of all we need to write one !

Let’s decide our module with concern only admin stuff, so we will store in root path in perl-vault directory. For doing this you just have to add a environment variable with the path.

export PERL5LIB="/root/perl-vault"

You can add this for example in the .profile in root folder, and as usual you have disconnect and reconnect with your user, or you can simply source the file.

. .profile

You can now test that your directory is now active with a perl -V.

  Built under linux
  Compiled at Feb  4 2014 23:11:19
  %ENV:
    PERL5LIB="/root/perl-vault"
  @INC:
    /root/perl-vault
    /etc/perl
    /usr/local/lib/perl/5.14.2
    /usr/local/share/perl/5.14.2
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.14
    /usr/share/perl/5.14
    /usr/local/lib/site_perl

Simple perl module

For writing a standard module we have few rules to respect :

  • The module extension need to be .pm
  • The first line is the package name
  • The last line need to be 1;

So let’s make a simple module for Nginx who make nothing ;)

vim /root/perl-vault/Nginx.pm
package Nginx;
sub make(){
	my $string = " nothing ;p\n";	
	return $string;
} 1;

And now let’s make a small perl script who use our new Module:

vim /root/perl-vault/nginx.pl
#!/usr/bin/perl -w
use lib '/root/perl_vault'; 		#If not defined in ENV
use Nginx;   				#Module loading

my ($result);
$result = Nginx::make;
print "Nginx::make … $result";

The result is as expected !

perl /root/perl-vault/nginx.pl
root@testperl:~/perl-vault# perl nginx.pl
Nginx::make …  nothing ;p

We will see in next part how to integrate other modules in Nginx.pm

Cpanimus usage

Let’s work with the File::Find::Rule module to search in file system, for example to detect virtual hosts in /etc/nginx/sites-available.
We edit the Nginx.pm file and add the module File::Find::Rule :

package Nginx;

use File::Find::Rule;

sub make(){
	my $string = " nothing ;p\n";	
	return $string;
} 

sub listAvailable(){
	
	my @available_full = File::Find::Rule->new
    ->file
    ->maxdepth(1)
    ->in('/etc/nginx/sites-available/');
    
	return @available_full;
}
1;

And we change the file nginx.pl to call our new method.

#!/usr/bin/perl -w
use lib '/root/perl_vault'; 		#If not defined in ENV
use Nginx;   						#Module loading

my ($result);
$result = Nginx::make;
print "Nginx::make … $result";

@result = Nginx::listAvailable;
foreach (@result){
        print "$_ \n";
}

The result is an error about the location of the module because we haven’t it at this time.

root@testperl:~/perl-vault# perl /root/perl-vault/nginx.pl
Can't locate File/Find/Rule.pm in @INC ....

To simplifiy the module installation cpanminus, let’s install it :

apt-get install cpanminus

Cpanminus will handle all dependancies of the module we want to install. So now we can install the missing module in our case File:Find:Rule:

cpanm install File::Find::Rule
--> Working on File::Find::Rule
Fetching http://search.cpan.org/CPAN/authors/id/R/RC/RCLAMP/File-Find-Rule-0.33.tar.gz ... OK
Configuring File-Find-Rule-0.33 ... OK
==> Found dependencies: Text::Glob, Number::Compare
--> Working on Text::Glob
Fetching http://search.cpan.org/CPAN/authors/id/R/RC/RCLAMP/Text-Glob-0.09.tar.gz ... OK
Configuring Text-Glob-0.09 ... OK
Building and testing Text-Glob-0.09 ... OK
Successfully installed Text-Glob-0.09
--> Working on Number::Compare
Fetching http://search.cpan.org/CPAN/authors/id/R/RC/RCLAMP/Number-Compare-0.03.tar.gz ... OK
Configuring Number-Compare-0.03 ... OK
Building and testing Number-Compare-0.03 ... OK
Successfully installed Number-Compare-0.03
Building and testing File-Find-Rule-0.33 ... OK
Successfully installed File-Find-Rule-0.33
3 distributions installed

Let’s try to execute again

root@testperl:~/perl-vault# perl /root/perl-vault/nginx.pl
Nginx::make …  nothing ;p
/etc/nginx/sites-available/default 

We don’t have anymore the error and we find the file after importing the module in our @INC.

Cpanminus is a great help for importing modules without knowing the dependancies, it get modules from cpan website and you can contribute to it.
To submit your module you can follow this link.

Cyklodev WP Notify 1.2.0 : notify your users easily

A friend of mine tell me that she don’t find an accurate plugin to notify her users by email when she publish an article. So with that i decide to make a simple plugin who send email notification to all users within a specific role.

To use Cyklodev WP Notify, i insert a link inside the posts list and in the edit page.

I already wrote some improvements on this basic usage :

  • Subject and message customisation for the email
  • Metawords for posts name/url and blog name
  • French and English translation
  • Twitter driver for directly publish on your account

As usual you can leave comments on this page or ask your question on the support page.

Create your Twitter application

I just finish to create a new plugin with Twitter capability and for using it you have to create a Twitter application. So let’s see how you must create it.

First of all you have to login to the Twitter’s developer center.

Then you have to create a new application by following this link.

Fill the form and submit it, then you will see 5 tabs. Be carefull of not create access token at this point, it will be needed after some settings.

Go in settings tab and check the Read and Write in Application Type and don’t forget to update Twitter application’s settings downside.

Then go back in details tab and now create your access token. It have to show this :
Access level Read and write

At this point you have 4 parameters to use in the plugin :

  • Consumer key
  • Consumer secret
  • Access token
  • Access token secret

A small tips if your Access Level is stuck in read only :

  • Remove your application in the settings
  • Check the Application Type in Settings tab
  • Recreate your access token

How to submit your plugin on WordPress.org

After submitting some of my plugins i will explain you the submitting process of a plugin on our beloved plateform WordPress.org !

First of all you will need to create an account by following this register link.

The plugin must respect some rules on it structure, for this i have made an empty plugin on my github : wordpress-plugin-minimal .

In few words :

  • You must complete the index.php with your infos
  • You must have an readme.txt file  with the same infos

When your satisfied with you plugin functionality you can submit it to WordPress by following this link.

You will have to give the plugin name, the description and an online link where WordPress’s reviewers can download you plugin in a zip file.

Be warned ! The plugin name cannot have the word “wordpress” or any offending word !!!

Once the plugin is submit you need to wait an email from the team after they reviewed your code to check compliance to them rules and some security checks.

The email will tell you if your plugin is accepted, if it’s the case they will open a svn repository to you with your WordPress.org credentials. You will find a nice guide they write to use this repository.

If you want to add screenshot you will have to push the files in the asset folder.

That’s it ! You are now a plugin author, and your plugin will be in the official WordPress repository and shown in the plugin search in backoffice.

 

Cyklodev WP Settings in version 1.1.1 and starting a paypal integration plugin

My WP Settings plugin continue his life with some improvement on data validation. If you have any request for adding new functionality’s you can use this page.

In an other hand, i begin to write another plugin for a paypal integration on WordPress, and the first step is to include a donate button via a shortcode and a small front end widget.

Please be patient, it will soonly be publish.