Article and Script Courtesy: Niels Teusink
The Oracle wrap utility can be used to obfuscate PL/SQL code, to ensure it can't be easily read. Pete Finnigan described (pdf) the wrapping process for Oracle 9g, but for 10g and 11g it still remains a bit of a mystery. I decided to release my Python unwrapping utility (supports 10g and 11g).
The unwrapping steps for 10g are nicely described in the Oracle Hacker's Handbook, but the actual substitution table needed to decode the package is omitted. Nobody (as far as I know) has published it. A lot of people seem to know how to do it though, there is even an online unwrapper available (and I'm sure everyone seriously involved in Oracle security knows how to do it). A Russian-made closed source tool is also available, but tends to upset virus scanners.
So to save everyone a couple of hours of figuring it out, here it is: unwrap.py
It's easy to use (I've used the wrapped procedure from this article as an example):
$ ./unwrap.py wrapped.txt
=== Oracle 10g/11g PL/SQL unwrapper - by Niels Teusink - blog.teusink.net ===
PROCEDURE WRAP_IT (SEED_IN NUMBER)
IS
V_RAND INTEGER;
BEGIN
DBMS_RANDOM.INITIALIZE (SEED_IN);
FOR I IN 1..5 LOOP
V_RAND := MOD(ABS(DBMS_RANDOM.RANDOM),45);
DBMS_OUTPUT.PUT_LINE(I||': '||V_RAND);
END LOOP;
END;
Ask Anantha Team thanks Niels for permitting to post his article here.
it is not working with me, any one can help?
ReplyDeleteWhat is that you are getting?
ReplyDeletei am trying to unwrape a package, but when i run unwrap.py it is not giving me any result ! ! !
ReplyDeleteIs it anything to do with the version of Python?
ReplyDeleteDid you try the online Unwrapper? http://hz.codecheck.ch/UnwrapIt/
i dont think it has to do with Python verion, because i tried another wrapped code and it worked fine,
ReplyDeleteand i also tried the online unwrapper and it didnt work too...
I am afraid I cannot help you, please contact Niels Teusink as he is the creator of the code.
ReplyDeletethank you for your help and support, but how i can contact Niels Teusink?
ReplyDeletedo you have any contact details?
You can contact him through his blog: just leave him a message in the post
ReplyDeletehttp://blog.teusink.net/2010/04/unwrapping-oracle-plsql-with-unwrappy.html
thank you
ReplyDeleteany bady send oracle books
ReplyDeleteoracle 11g pl/sqql books
ReplyDeleteunoftunately, it doesnt work witk 11g.
ReplyDeleteIt seems it doesnt even recognize the header:
PACKAGE BODY blah wrapped
a000000
b3
abcd
...
...
Nice blog
ReplyDeleteI have tried to find the relevant information about it and tried the online unwrapper also but it is not working at my side. It seems like I have search more to find a satisfactory detail about this problem. Anyways thanks for helping out.
ReplyDeleteI have tried to find the relevant information about it and tried the online unwrapper also but it is not working at my side. It seems like I have search more to find a satisfactory detail about this problem. Anyways thanks for helping out.
ReplyDeleteI have tried to find the relevant information about it and tried the online unwrapper also but it is not working at my side. It seems like I have search more to find a satisfactory detail about this problem. Anyways thanks for helping out.
ReplyDeleteAnybody has Oracle unwrapper registration information. if yest please send it to me on aqeelmcse@hotmail.com
ReplyDeleteThank YOU !!!!!!!!!!!!!
ReplyDeleteAnybody has Oracle unwrapper registration information. if yest please send it to me on piseth.bt@gmail.com
ReplyDeleteHi Anantha,
ReplyDeleteI don't have /usr/bin/python... how can i do this?
Thanks!
You have to install python check this link
ReplyDeletehttps://www.google.co.in/search?oq=install+python+linux&sugexp=chrome,mod=0&sourceid=chrome&ie=UTF-8&q=install+python+linux