Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: wrapping packages

Re: wrapping packages

From: Pete Finnigan <oracle_list_at_peterfinnigan.demon.co.uk>
Date: Sun, 21 Sep 2003 09:39:50 -0800
Message-ID: <F001.005D09FA.20030921093950@fatcity.com>


Hi Peter, Tanel and Jared,

Peter: I meant a public unwrap process not the internal mechanisms in the PL/SQL interpreter / VM.

Tanel: I would be more worried about Oracle coming after you in the legally sense if you did reverse engineer the wrap process!!

Jared: Are you sure that's how it works? do you have inside knowledge? - if it is this way, is it compiled P-Code or the intermediate DIANA representation? - if it were DIANA or p-code then Peter is wrong above as i would assume that instead of needing an un-wrapper that the VM / interpreter just loads p-code rather than calling the compiler first - if it is DIANA representation then that would mean loading somewhere in the middle of the normal process - or would it? - Is normal (non wrapped) pl/sql that is loaded into the cache held as p-code or DIANA - (or both?).

I understood that the wrap process encoded or rather obfuscated the PL/SQL not encrypted it - I am not sure storing it as P-Code or diana would be secure as it should then be possible to extract enough structural program info from the database with the diana packages? or from the tables where the diana - or p-code is held.

Anyway's Peter is right in some sense as I heard that some Russian guy is supposed to have reverse engineered the wrap process and un-encoded / decrypted all of the builtin packages and posted the code somewhere on the net - A guy from a security company in the states told me this some months ago but i haven't seen any discussion of it to confirm it.

kind regards

Pete

--

Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

--

Please see the official ORACLE-L FAQ: http://www.orafaq.net
--

Author: Pete Finnigan
  INET: oracle_list_at_peterfinnigan.demon.co.uk

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Sun Sep 21 2003 - 12:39:50 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US