Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Secure External Password Store"] [Next entry: "Public Demonstration of PFCLScan in Edinburgh Thursday May 13th"]

10g and 11g PL/SQL Unwrapper source code available



I was emailed by an old friend of mine at the weekend to point me at Niels Teusink's blog post about his new 10g/11g PL/SQL unwrapper written in python. There have been a number of unwrappers available over the years (for free download and for sale and also written by researchers), the most recent being Anton Scheffers code referenced in my blog post "Details of a 10g PL/SQL Unwrapper available" but Anton defered from releasing the look-up table that David Litchfield suggested might be considered a trade secret in his Oracle Hackers Handbook description of the algorithm. The table is not hard to locate or indeed generate as Anton cleverly showed using code cracking techniques but now Niels has made the code for the table available in his python script.

Of course readers of this blog will know that I have written about unwrapping PL/SQL many times as its one of my areas of interest. I have written unwrappers in C and also in PL/SQL for all PL/SQL versions that support wrapping - there are some interesting differences in some of the language versions. The biggest being the change in algorithm between 9iR2 and 10gR1. The wrapped code looks better in 10g from the surface but the algorithm, is much weaker. A comparison of Niels code and my Blackhat paper should illustrate this. The major issue with 9i was that the symbol table was visible but 9i and earlier wrap is based on the ideas of ADA / DIANA and its design ethos that the code be stored as DIANA is written out as IDL and each tool should consume DIANA; this made unwrapping an integral part of the design of ADA/DIANA.

I showed in my Blackhat paper that the DIANA/IDL is still there in 10g but some commentors since have miss-interpreted this and stated that I said 10g wrap was the same as 9i. This is not true, what i really showed is that the same mechanisms are still there, PL/SQL still used DIANA and IDL; thats because the 9i wrap is the internal state of the PL/SQL compiler; the compiler is still there of course but the wrap mechanism has changed.

Niels blog post is titled "Unwrapping Oracle PL/SQL with unwrap.py" and his python script is called "unwrap.py"

The last time i talked about unwrapping PL/SQL was in a post called "Unwrapping PL/SQL" and this post references some of my other posts including the Blackhat paper and links to Antons work.