Why not adopt me?
NAME
Symantec::PCAnywhere::Profile - Base class for pcAnywhere utility functions
SYNOPSIS
This class should not be instantiated or used by itself. Use one of its subclasses instead.
DESCRIPTION
Provides methods common to pcAnywhere utility functions. See METHODS. Below is an overview of the general decoding mechaism.
FILE OBSCURING ALGORITHM
The general idea of the file obscuring algorithm is that each byte is XOR'd with the previous byte plus an incrementing eight-bit counter. For reasons unknown to us, there seems to be some kind of shift in the algorithm starting at byte 448, so we split up our decoding into a "first part" and a "second part).
for each byte
do
char = thisbyte (XOR) prevbyte (XOR) counter++
done
FIELD BREAKDOWN
The interesting fields appear to be in fixed positions: this was very helpful.
String fields seem to be terminated with a NUL byte, and we have observed that changing a long value to a short one leaves the tail end of the long field inside the file. In some cases we do not ever care about the "old" value, but since passwords and login names are disabled by NULing out the first byte, the bytes that remain might be interesting. See "FIELD DECODING" for further discussion.
We believe that some fields are slightly overloaded - we have seen overlap - and they mainly revolve around the GATEWAY fields. We don't know how pcAnywhere gateways work well enough to really know what to make of it.
FIELD DECODING
We define all the fields of interest in a hash to allow us to do a bit more than just decode: perhaps a bit of reporting or double-checking for overlaps and the like.
Each entry has a name, which is used as the key to the user-returned hash, plus the zero-based offset into the setring, the length, and a "type". The type is one of:
0 = string, strip everything after first NUL byte
1 = string, strip trailing NUL bytes
2 = binary
3 = little-endian 16-bit word
The reason we allow for type #1 is to avoid stripping NUL bytes from a few fields, such as passwords. If you enter a login name or password, but then disable the "auto-login", pcAnywhere simply NULs out the first byte: this is still useful information.
The original code on which this module is based was used for penetration testing, and so Type 1 was useful for recovering partly-obscured credentials. However, using Type 1 hampers the more likely use of this module, so the Hostname, Domain_Logname, and Password fields have been changed from Type 1 to Type 0.
Type 3 currently exists only for decoding port numbers.
EXPORT
None.
METHODS
new
The "new" constructor takes any number of arguments and sets the appropriate flags internally before returning a new object. The object is implemented as a blessed hash; if more than one argument is passed in, the arguments are considered as a list of key-value pairs which are inserted into the object data. Both "regular" and dash-style arguments are supported.
load_from_file
$chf->load_from_file($filename);
Loads a file for processing.
set_attrs
$chf->set_attrs(
PhoneNumber => 5551234,
AreaCode => 800,
IPAddress => '172.0.0.11',
ControlPort => '4763'
);
Sets the attributes of the file; pass in any number of key-value pairs.
set_attr
$chf->set_attr($attr => $value);
This convenience method sets the value for only one attribute. Note that set_attrs() can be called with exactly the same arguments as this method.
get_attrs
my @query = qw(PhoneNumber AreaCode IPAddress ControlPort);
my $attr = $chf->get_attrs(@query);
my %attrs = $chf->get_attrs(@query);
Pass in a list of items whose attributes you wish to retrieve. Returns a reference to a hash whose keys are the values you passed in and whose values are the attributes retrieved.
get_attr
my $value = $chf->get_attr($attr);
This helper method gets the value for only one attribute and returns it as a scalar.
get_fields
my @fields = $self->get_fields;
Returns (in hash order) the names of fields that can be read from or written to the file.
TO DO
Our understanding of the decoding process just looks incomplete: it's complicated enough for no good reason that we really just suspect that we have done it wrong. There are a couple of glitches even in the current decoding that it requires a bit more thought.
Implement better error handling.
Explain the default values for certain special fields.
Create (more) tests!
SEE ALSO
See Symantec::PCAnywhere::Profile::CHF for a useful subclass of this module.
AUTHOR
Darren Kulp, <kulp@thekulp.com>, based on code from Stephen J. Friedl, <steve@unixwiz.net>
COPYRIGHT AND LICENSE
Copyright (C) 2006 by Darren Kulp
Contains code placed in the public domain 2002 by Stephen Friedl
"Symantec" and "pcAnywhere" are trademarks of Symantec Corp.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.