Pete Finnigan's Oracle Security Weblog

I just saw via my Oracle blogs aggregator that Anton Scheffer has released a nice blog post showing how he has cracked the 10g PL/SQL wrap mechanism or rather how he has found out the one missing bit of information (the substitution table). The 9i and lower wrap mechanism was shown by myself at BlackHat in 2006, i also hinted briefly at the 10g mechanism. My paper can be found on my Oracle security white papers page. David then detailed much more of the 10g wrap mechanism in his book the Oracle hackers hand book. He showed the mechanism/algorithm used but stopped at revealing the substitution table in his book.

Anton has done some research into finding the substitution table but not via reversing the binary but via a simpler method of comparing the clear text (from known PL/SQL) to the compressed text. This is then used to create a complete table that allows unwrapping of PL/SQL for 10g. He has also included some Java code to allow unwrapping of PLB files. This is some nice research. His post is called "Unwrapping 10G wrapped PL/SQL". Also of note is a paper mentioned in his post by three Israeli's http://webcourse.cs.technion.ac.il/236349/Spring2009/ho/WCFiles/final_report.pdf - (broken link) Automatic detection of vulnerabilities in wrapped packages in Oracle