Rewriter obfuscation algorithm

Does anyone know which obfuscation algorithm is used by the Portal Server to hide the internal URL's ??
I'm being audited and i need to demonstrate that it is really secure =(
Thanks a lot

Hi,
As I understand it you can't "desencrypt" an MD5 checksum because it's just that -- a checksum.
ie. you can only check the MD5 checksum of a new value to your computed MD5 checksum of the original value to see if the new value is the same as the original value.
Cheers,
Colin

Similar Messages

Algorithm practice

so i am playing around with some different search algorithms, one such one is:
public static int bubbleUp (String list[], String partNumber)
    // declares comparison to be used as a counter
    int comparisons = 1;
    // declares moves as a counter to be used later on
    int moves = 0;
    // declares sum of both comprisons and moves variables
    int sumNumbers = 0;
    // gets the variable partNumber and searches for it in list
    for (int i = 0; i < list.length; i++)
      if (!partNumber.equals (list ))
// add one to comparisons
comparisons++;
else
//if statement used to add the appropriate number of moves to the counter
if (!partNumber.equals (list [0]))
list [i] = list [i - 1];
list [i - 1] = partNumber;
moves+=2;
break;
// calculates sum of moves and comparisons
sumNumbers = comparisons + moves;
// return the number of comparisons
return sumNumbers;
now i am trying to use a two dimensional array rather than a single to search for different objects.
My question is, how would you change my code i wrote above to function for 2d arrays?

There's a saying: "code to the interface, not the implementation" and
that saying can be applied here; all you want to know in your algorithm is this:public interface BubbleUpable {
   public Object get(int index);
   public void set(int index, Object obj);
   public int length();
}One dimensional arrays can be wrapped in a simple wrapper class like this:public class ArrayWrapper implements BubbleUpable {
   private String[] a;
   public ArrayWrapper(String[] a) { this.a= a; }
   // interface implementation
   public Object get(int index) { return a[index]; }
   public void set(int index, Object obj) { a[index[= (String)obj; }
   public int length() { return a.length; }
}I'm sure a bit of Java 1.5 can take away a bit of explicit casting by applying
some generics here.
If you rewrite your algorithm such that it uses a BubbleUpable instead
of a String[] array, you can implement another wrapper (see above) that
wraps around a two dimensional array. Your algorithm wouldn't care at
all about the implementation though.
kind regards,
Jos

How Can I protect my swf files from decompiling / saving

I have navigated through the internet for a long time now but
could not find the solution to my problem which is "how to protect
my swf file from decompiling/saving"?
I know that it CAN BE DONE and here is an example of a file
on the internet that cannot be saved or decompiled using any
software that I have come across (ie:SOTHINK decompiler, saveflash)
http://www.3dinternet.com/video.swf
Any help? any hints ?
Thanks
Hagop

Hagop,
> I have navigated through the internet for a long time
now but
> could not find the solution to my problem which is "how
to
> protect my swf file from decompiling/saving"?
There is no way to protect your SWF from decompiling. Any
commercial
software on the market can be decompiled -- including the
Flash authoring
tool and Photoshop, for example -- which is why softare
generally ships with
an end user license agreement (EULA) that expects you to
agree not to
decompile or reverse engineer your purchase.
Most Flash content (other than RTMP requests for video, for
example) are
HTTP requests, which by nature means the content is
downloaded to your hard
drive, just like HTML documents, CSS files, JPGs, and GIFs.
Your browser
requests the files, downloads them to your hard drive, then
displays them
from your local copy.
> I know that it CAN BE DONE and here is an example of a
> file on the internet that cannot be saved or decompiled
using
> any software that I have come across
What you've seen, then, is merely the result of software
that uses
unknown (to you or to your sofware) encryption/obfuscation
algorithms. Keep
trying, and you'll eventually nail it.
At best, you can use obfuscators to temporarily deter a
certain segment
of the decompiling-inclined population.
David Stiller
Adobe Community Expert
Dev blog,
http://www.quip.net/blog/
"Luck is the residue of good design."

Comparing between short and byte operations

Hi, all!
I want to optimize performance of my applet. I have realization of block cipher that work using bytes. But for optimization purpose I rewrite encryption algorithm for short values. In simulator it works 3,5 faster, but when I test it in real card it works 4,5 slower. I use JCOP J2A080 java card.
Has anyone such a problem?
P.S. before optimization I tested different operations in card such : add, shift, xor, and, read/write and for short it works faster.
Code before optimization
    public static void add(byte[] x, short xLen, byte[] y, short yOffset,
               short yLen) {
          short carry = 0, i = 0;
          while (i < yLen) {
               carry += (short) ((x[i] & 0xFF) + (y[i + yOffset] & 0xFF));
               x[i++] = (byte) (carry & 0xFF);
               carry = (short) ((carry >>> 8) & 0xFF);
          while (i < xLen) {
               carry += (short) (x[i] & 0xFF);
               x[i++] = (byte) (carry & 0xFF);
               carry = (short) ((carry >>> 8) & 0xFF);
     private void mainStep(byte[] n1, byte[] key, short keyOffset)
          add(n1, (short) 4, key, keyOffset, (short) 4);
          Util.arrayFillNonAtomic(om, (short) 0, (short) 4, (byte) 0);
          om[0] = sbox[0 + (n1[0] & 0xF)];
          om[0] |= (byte)(bArr[1 + ((n1[0] >>> 4) & 0xF)]<<4);
          om[1] = (byte)(bArr[2 + (n1[1] & 0xF)]);
          om[1] |= (byte)(bArr[3 + ((n1[1] >>> 4) & 0xF)]<<4);
          om[2] = (byte)(bArr[4 + (n1[2] & 0xF)]);
          om[2] |= (byte)(bArr[5 + ((n1[2] >>> 4) & 0xF)]<<4);
          om[3] = (byte)(bArr[6 + (n1[3] & 0xF)]);
          om[3] |= (byte)(bArr[7 + ((n1[3] >>> 4) & 0xF)]<<4);
          n1[3] = (byte) ((om[2] << 3) | ((om[1] & 0xFF) >>> 5));
          n1[2] = (byte) ((om[1] << 3) | ((om[0] & 0xFF) >>> 5));
          n1[1] = (byte) ((om[0] << 3) | ((om[3] & 0xFF) >>> 5));
          n1[0] = (byte) ((om[3] << 3) | ((om[2] & 0xFF) >>> 5));
     }Code after optimization:
     private void mainStep(byte [] bKey, short j)
          short om1 = Util.getShort(bKey, j);
          short om0 = (short)(n_0 + om1);
          //change from add function
          if((((om1 < 0)&& (om0 >= 0)) && (n_0 >= 0))
                    ||
               (((om1 < 0) || (om0 >= 0)) && (n_0 < 0)))
               n_1 += 0x1;
          n_0 = om0;
          n_1 += Util.getShort(bKey, (short) (j+2));
          //and add function
          om0 = (short)(bArr[n_0 & 0xFF]&0xFF);
          om0 |= (short)((bArr[1+ ((n_0 >>> 8) & 0xFF)])<< 8);
          om1 = (short)((bArr[2+ (n_1 & 0xFF)] & 0xFF));
          om1 |= (short)((sbox[3+ ((n_1 >>> 8) & 0xFF)])<< 8);
          n_0 = (short)(( om0 << 11 ) | ((om1 >>> 5) & 0x7FF)) ;
          n_1 = (short)(( om1 << 11 ) | ((om0 >>> 5) & 0x7FF)) ;
     }

From my point of view, simulator is suitable for the logical functionality testing of your application. In order to benchmark your application, you should use an emulator whose configuration is close to your real card.
I used to participated into a smart card benchmark project. The real performance depends on many factors, even the driver for the card reader can affect the application performance. I've never used a simulator to test an application performance so I haven't got any problem like yours. Just some ideas to share with you.
Best regards,
JDL

How to handle a phrase like a single word in a query rewrite template?

Hi there,
i would like to handle a case like this:
"hewlett packard" printer
I have a custom thesaurus where {hewlett packard} is a synonym of {hp}, and viceversa of course.
Now, i can successfully find records like "hp printer" or "printer model hp 2575 "by issuing the following query:
select * from sale_items
where contains(item_name,
'SYN(hewlett packard,cust_thes) AND printer')>0
or its equivalent form containing curly braces:
select * from sale_items
where contains(item_name,
'SYN({hewlett packard},cust_thes) AND printer')>0
My problem is that i can't find a way of successfully passing the phrase "hewlett packard" as a single word in a query rewrite template like this one:
select * from sale_items
where contains(item_name,
'<query>
<textquery grammar="CONTEXT">{hewlett packard} printer
<progression>
<seq><rewrite>transform((TOKENS, "SYN(", ",cust_thes)", " AND "))</rewrite></seq>
</progression>
</textquery>
<score datatype="INTEGER" algorithm="COUNT"/>
</query>')>0
When i run this query i get no rows.
The same happens if i substitute curly braces with double quotes.
So, how to get phrases to be recognized in the query rewrite template?
Bye,
Flavio

I am unable to find out a way to search on the particular phrase like I have a document containing the text
“Oracle Text is a good searching tool.” Now if searches for the phrase “searching tool”, it doesn’t return any rows but if I search for “searching” and “tool” in 2 separate queries, it gives the document.
If any one has done it before, please tell me the solution.
I have used the following queries to create index on BLOB column:-
CREATE INDEX doc_ indx ON doctest(document)
INDEXTYPE IS ctxsys.CONTEXT PARAMETERS('lexer doc_lexer sync (on commit) ');
select * from doc_test where contains(document, 'searching tool') > 0;
select * from doc_test where contains(document,'searching') > 0;
select * from doc_test where contains(document,'tool') > 0;
Should I specify something while creating the indexes ?
Regards
Inderjeet

Error while using 3DES algorithm

Hi All,
i am trying to decrypt and encrypt the data using 3DES algorithm.i am facing following problem.find below what exaclty i have done:
SQL> variable x varchar2(100);
SQL> exec :x := 'how r u Anwar';
PL/SQL procedure successfully completed.
X
how r u Anwar
SQL> create or replace procedure crypt1( p_str in out varchar2 )
2 as
3 l_data varchar2(255);
4 begin
5 l_data := rpad( p_str, (trunc(length(p_str)/8)+1)*8, chr(0) );
6 dbms_obfuscation_toolkit.DESEncrypt
7 ( input_string => l_data,
8 key_string => 'MagicKey',
9 encrypted_string=> p_str );
10 end;
11 /
Procedure created.
SQL> create or replace procedure decrypt1( p_str in out varchar2 )
2 as
3 l_data varchar2(255);
4 begin
5 dbms_obfuscation_toolkit.DESDecrypt
6 ( input_string => p_str,
7 key_string => 'MagicKey',
8 decrypted_string=> l_data );
9
10 p_str := rtrim( l_data, chr(0) );
11 end;
12 /
Procedure created.
SQL> set autoprint on;
SQL> exec crypt1( :x );
PL/SQL procedure successfully completed.
X
5??V????? ??
SQL> exec decrypt1( :x );
BEGIN decrypt1( :x ); END;
ERROR at line 1:
ORA-28232: invalid input length for obfuscation toolkit
ORA-06512: at "SYS.DBMS_OBFUSCATION_TOOLKIT_FFI", line 0
ORA-06512: at "SYS.DBMS_OBFUSCATION_TOOLKIT", line 153
ORA-06512: at "UJAPAN.DECRYPT1", line 5
ORA-06512: at line 1
X
5??V????? ??
Any idea or thought would be appreciable.
Thanks n advance
Anwar

From the top of my head (without checking the docs) I think that the string to be obfuscated must have a length of a multitude of 8 bytes. You might need some padding to get it to the right length.
cu
Andreas

WebVPN Content Rewrite - how can we bypass it?

We are publishing a Bookmark through a WebVPN portal to a server on the inside of our network. That bookmark is made available to users via DAP.
The bookmark works for the most part, however the internal website does not function very well through the content-rewrite engine of the Cisco ASA. Upon further inspection of traffic, packet captures from the egress interface of the ASA vs. packet captures of an internal host who successfully loads the internal website show that the Cisco ASA is rewriting the http header of the get request. There are whole fields of the http header that are missing.
In any case, we just want the ASA to reverse proxy the website to the outside world over a secure tunnel. How can we bypass the content rewrite engine?
And before anyone submits a URL to Cisco's documention on Content rewrite, take a close look it. First it says, "here is how to disable content rewrite for a destination...but further on it says, here is how to make your destination split tunnel. Which is it? Are we disabling content rewrite, or are we split tunneling the traffic, because, split tunneling doesn't help since the web content is still inside our network.
I tried the Proxy Bypass but it does not improve the functionality of the site. So, long story short, pretty frustrated with WebVPN as a Reverse Proxy.
Anyone out there no how to really, truly, bypass the content rewrite?

As to content rewriter.
(this is going to be a crude and possibly not 100% accurate explanation, but you seem to know your way around HTTP/SSL etc).
The way ASA clientless VPN is, it's more of a SSL/TLS-protected proxy connection rather than a typical VPN tunnel.
This allows quite a bit of features to ride on top (overlay, smart tunneling, port forwarding, ...) etc but also poses some technical challanges.
It requires that certain information is relayed and certain obfuscated (e.g who's doing name resolution - ASA, what will we do with cookies dependning on their types).
So we've created content rewrite engine to make sure that once it's presented to user browser, it all seems like it's coming from ASA - the proxy. This requires some effort in terms of rewriting content of HTTP stream so it's retains it original functionality.
Thus most of the time you don't want to bypass rewirter - you want to make sure it rewrites it properly.
M.
edit: Is it a security feature? Not really so, but it does protect your client from potentially bad pages, because it will parse them before presenting thjem to users.

JPG to JBIG Algorithm in JAVA

Hi!
I need to do the jpg to jbg compresion. (http://www.jpeg.org/jbig/)
This is a bi-level fax compresion. I don't find any solution for it...
I was looking at Markus Kuhn source code in c (http://www.cl.cam.ac.uk/~mgk25/jbigkit/), but I'm still in school and I don't have the knowledge to rewrite it into Java...
I need to make an applet for that conversation (i get a jpg picture), I'm trying with IMageMagick (http://www.yeo.id.au/jmagick/) and servlet right now (not pure programing solution ;))
Is there some other algorithms?? Perhaps in java (without native code)?
Thanks!

Take a look at the ImageIO stuff in java 1.4 and later.
This is a pluggable framework for loading and saving images. By default it can load and save jpeg and tiff (which has a
fax compression mode I believe).
If not then you can obtain thrid party plugins for the framework that support your format (or you can write your own).
If you wish to perform tasks such as colour conversion (convert the image to binary for example) then you may want to
look at JAI. However that is probably overkill. You can perform many simple image processing tasks using Java 2D.
matfud

Extracting EXIF info from Jpeg + And Stitching Algorithm

I develop Stiching program for digital images in order to create Panoramas with Java. I need to extract EXIF meta data from Jpeg images : focus, focal lens, exposure, constrat, white balance, shutter speed et al.
I ve looked at several code in Java on google, i dont understand much, if anyone can explain it in a simple way for me plz, i will be very appreciate.
Also if anyone have any info on stitching algorithm using Java , it will be very helpful.
Thank you
Hoan

I examined your sample .jpg with Exiftool, the most authoritative metadata tool available, and I also used the following tools to examine the metadata:
OS X 10.9.5: Finder, Preview, Photoshop CC 2014, LR 5.6, exiv2
Windows 8.1: File Explorer, Irfanview 4.38
All of these were able to display the EXIF metadata, including exposure information, without problems, and Exiftool didn’t flag any nonconformities. So it seems that it’s the Android apps that aren’t conforming to the standards.
Looking at the internal structure of the LR-produced .jpg, I suspect that it is producing a layout of the IFD0, IFD1, and ExifIDF sections that the Android apps aren’t expecting (because the developers didn’t follow the standards). LR produces the following ordering: unused bytes, ExifIFD, IFD1, IFD0. A more typical ordering would be: (no unused bytes), IFD0, ExfIFD, IFD1. Both orderings conform with the standards.
You could test out this hypothesis by obtaining a copy of the free Exiftool and then in a Terminal window (Mac) or command prompt (Windows) do the following command:
exiftool –exif:usercomment=”Hello world!” sample.jpg
This will cause Exiftool to rewrite the Exif metadata in the more-common ordering. If the Android apps can now see the EXIF exposure metadata in the modified sample.jpg, then that confirms the apps are non-standards-conforming and should be fixed.

Query rewrite error QSM-01219

Hi,
When having a query run with the REWRITE_OR_ERROR hint the query fails with:
QSM-01151: query was rewritten
QSM-01209: query rewritten with materialized view, CM_FT_FX1_MV, using text match algorithm
QSM-01219: no suitable materialized view found to rewrite this query
What do these error then mean? Does this mean that the MV wasn't found or that the MV had issues? This worked before and the only change was that we upgraded the database from version 10.2.0.1 to 10.2.0.3.
If the MV name is specified in the hint REWRITE_OR_ERROR(CM_FT_FX1_MV) then the query works fine. Is something like this supported in Oracle: REWRITE_OR_ERROR(MV1,MV2,......) ?
Did anyone encounter similar issue?
Thanks,
Zrinka

Since you have not posted more details, see if your case is similar to bug 7201596 on metalink.

Query rewrite template, NEAR, max_span

Hi all,
I've tried searching for this answer, so I hope I haven't overlooked the solution in the forum.
For a query like the following, how would I set the max_span value with NEAR?
select id from docs where CONTAINS (text,
'<query>
   <textquery lang="ENGLISH" grammar="CONTEXT"> kukui nut
     <progression>
       <seq><rewrite>transform((TOKENS, "${", "}", "AND"))</rewrite></seq>
       <seq><rewrite>transform((TOKENS, "${", "}", "NEAR"))</rewrite></seq>
     </progression>
   </textquery>
<score datatype="INTEGER" algorithm="COUNT"/>
</query>')>0;The following was something I tried in order to set the max_span value to 20 words, but not surprisingly this didn't work :)
<seq><rewrite>transform((TOKENS, "${", "}", "NEAR", "20"))</rewrite></seq>Any help would be much appreciated!

Hi,
I think it is not possible this way. If you look at the description of the TRANSFORM function:
TRANSFORM((terms, prefix, suffix, connector))then I don't see any possibility to come form the TOKENS to something like 'near((token1,token2),20). It is not possible with that function.
Maybe the only possibility to do this automatically is maybe to use a self written function wich will return your rewrite text.
select id from docs where CONTAINS (text,
your_rewrite_function('kukui nut') ) > 0In your_rewrite_function you return a valid syntax.
Herald ten Dam
http://htendam.wordpress.com

Reduce the process time..??!! complex algorithm

HI,
I have a complex algorithm which takes almost 900 milliseconds per line to process this . I have to calculate the probability for hundreds of thousand lines. Just imagine if have to calculate this for some 500000 lines which is not feasilble at al.. Can anyone help me in simplifing this algorithm & improve the performance..
This is very urgent & your help will desperately needed. Pls...pls ..help.
thanks in advacnce...
probabilty(int a, int b, int c, int d)     {
     int a1 = 0;
     int b1 = 0;
     int c1 = 0;
     int d1 = 0;
     double p = 0.0;
     double q = 0.0;
     double sum = 0.0;
     if(a*b*c*d == 0) {
          if (d == 0) {
               a1 = a;
               a = b;
               b = a1;
               a1 = c;
               c = d;
               d = a1;
     } else if (((a + 0.0)/(b + 0.0)) < ((c + 0.0)/(d + 0.0))) {
          a1 = a;
          a = b;
          b = a1;
          a1 = c;
          c = d;
          d = a1;
     p = logFact(a+b) +
          logFact(a+c) +
          logFact(b+d) +
          logFact(c+d) -
          logFact(a+b+c+d);
     for (int i=b; i>=0; i--) {
          b1 = i;
          a1 = a + b - b1;
          c1 = a + c - a1;
          d1 = b + d - b1;
          q = logFact(a1) +
               logFact(b1) +
               logFact(c1) +
               logFact(d1);
          sum = Math.exp(p-q) + sum;
          if(a*b*c*d == 0) {
               break;
     }

Replace
if (a*b*c*d == 0) ==> if (a | b | c | d == 0)
Try to avoid arithmetic operation, if it cannot be avoided, try to use integer than double. For example :
the line:
if (((a + 0.0)/(b + 0.0)) < ((c + 0.0)/(d + 0.0))) can be rewritten as
if (a * d < b * c)
If the above has not reduce much processing time...I guess you need to take a closer look at logFact() function. Go thru' its mathematic algo, see if there is anyway to rewrite it, or u can try to post the body of logFact() in this forum.
CT

Obfuscation of protected class members - good/bad?

Hi,
there was a post regarding de-obfuscation, so i thought I�d ask a philosophical question and your opinion on another related problem.
I�ve seen an API for one product with protected methods and viriables documented in the javadoc. However, when trying to subclass API classes, it turns out that these protected methods have been obfuscated, often making meaningful subclassing impossible.
What do people think about such things? How do such practices stand from the OOP point of view? I would guess this is a bad violation...
Philip

After all, I don't understand the point of
obfuscation. The JVM was designed in a way that
de-obfuscators are always on the strong side -- The
JVM has to ensure even for obfuscated programs that
they don't do any damage to your system, so it must
(kind of) de-obfuscate them.An example of obfuscation:
before:
if (KeyValidator.validate(userKey, userName)) {
runApplication();
} else {
displayMessage("Your key is invalid, please purchace a key...");
System.exit(0);
}If you dowloaded a demo, decompiled it and looked at the code it would be easy to hack it to make it work without a key... so the creators of the code obfuscate it. This renames methods and objects, replaces strings with encryped strings transformed my a method, and throws in meaningless code:
after:
if (a(A.a).b(c, C){
x();
} else if (z.c(e.rr(0x03<<2) {
} else{
z(xlp("[2039rj[0q4q[q03q4hr[q09f[0f9h[0qwe9hf[q0we9r8[0q23f[02934");
System.exit(0);
}now that this garbage is in the middle of 1.5M of similar source code, it's no longer obvious what this does.
Similarly, obfuscated code can protect proprietary algorithms.

Should we be 'Obfuscating'/wrapping our PL/SQL code?

Versions:10gR2, 11G, 11GR2
We are a software development firm in Retail Domain. We have around 35 packages, 80 procedures and functions. Currently none of our PL/SQL source codes are hiddent('obfuscated'). Is this a professional approach?
If the client faces an issue with our code and when they send us the exp dump file to reproduce this issue. We wouldn't even be able see let alone debug the code. Right? Are there any other disadvantages with Obfuscation?

Jiri in SF wrote:
I would really appreciate of Oracle would provide code to their own packages. For example UTL_MAIL has issues for some SMTP servers, why I cannot take source code, improve it the way I want and then use it (of course I would not expect oracle to provide support for changed code).UTL_MAIL is perhaps a bad example. The code can be unwrapped - and the resulting source does not look good. The API itself is designed poorly IMO.
Instead of rewriting UTL_MAIL, I would rather see it redesigned. For example, the existing API for example does not allow you to view the Mime payload to send via the DATA command at all. This is essential for debugging purposes.
What about wanting to create a valid e-mail (Mime) that you want to deliver via another protocol (e.g. IMAP)? The API should enable you to create that and then select to use the payload without necessarily transmitting it via SMTP.
Despite my dislike for Microsoft the company, I've always found their API sets logical, sensible and easy to use. Unfortunately the same can often not be said from the supplied PL/SQL package interfaces from Oracle. :-(

Algorithm part and conversion of word syllables

Hi guys,
We have a word for example the word category. The word contains the following syllables as shown below :
ca � te � go - ry
We want to convert this word to the following word
capatepegoporypy
I mean we take a syllable (e.g. ca), we rewrite the syllable and then in the place of the consonant we place the letter �p�(capa etc)
Well I�m trying to solve this problem but I have to confess that I got confused in the algorithm part,I don�t know which steps I have to follow in order ro solve it(I�m new at Java).
Could you plz help me?I mean could you please indicate to me the steps I have to follow in order to make this program function?
Thanks in advance!
Good night!

Well i already have done that,by using many arraysForget about arrays.
and putting then together them (concatenation)but
what i have done on the paper doesn't make any
sense...Describe the process of what you would do to transform "category" into "capatepegoporypy" if you only had a pencil and paper. Don't use any programming terms in your description. Pretend there's no such thing as a computer and you have to tell someone how to do this.

Rewriter obfuscation algorithm

Similar Messages

Maybe you are looking for