Crestron automatic module deobfuscator

One problem my company faced on occasion, while working with legacy programs from other vendors, was receiving Crestron programs or modules that were password protected to prevent viewing and modification. Programs could still be compiled without the password, and protected modules could be added to other programs, but that was all.

I spent some time considering the design Crestron may have used for this. If it were my system to develop and there were no backwards-compatibility concerns, I’d probably use some sort of public key/private key encryption, with the private key hidden inside of the compiler.

As it turns out, the “encryption”, or rather, obfuscation was far simpler than that. Without going into details, it turns out the password for protection was included in effectively clear-text inside the protected file, always at a certain position. I wrote a small tool to parse a source file, look at the position, and output the password. (After all, it’s far simpler to allow the vendor’s tools to handle decryption.)

This script was hosted on the internal server and is still among the company’s set of tools. It has saved considerable time and effort on a few occasions.

Technologies: Crestron; Linux, Apache, PHP