MEMBUKA ENKRIPSI STORED PROCEDURE

www.tobuku.com

MEMBUKA ENKRIPSI STORED STORED PROCEDURE Maret 2006 Oleh : Feri Djuandi

Tingkat:

√ Pemula

Menengah

Pendahuluan Stored procedure pada database Microsoft SQL Server adalah sebuah program yang ditulis dalam bahasa Transact SQL (T-SQL) SQL) dan disimpan sebagai sebuah objek di dalam database. Stored procedure bisa berbentuk sebuah perintah SQL SELECT sederhana, hingga serangkaian baris-baris is perintah INSERT, UPDATE, DELETE, penggunaan variabel-variabel, variabel formula/ekspresi, iterasi, kondisi hingga pemanggilan stored procedure lainnya. Pada stored procedure yang kompleks, panjang programnya bisa mencapai ratusan baris. Pembuatan stored procedure e untuk menulis program adalah sebuah cara yang sangat efektif karena program ini akan dijalankan dalam lingkup database dimana eksekusinya relatif lebih cepat daripada program serupa yang dijalankan pada sisi aplikasi. Pada lingkungan clientserver, stored d procedure adalah sesuatu yang umum diterapkan. Pembuatan stored procedure pada database SQL Server bisa dilakukan pada aplikasi administrasi seperti SQL Enterprise Manager dan SQL Query Analyzer. Karena stored procedure adalah sebuah program, tidak ada cara lain kecuali Anda harus mengetik sendiri program itu baris demi baris. Tidak ada cara “click “ & drag” seperti saat Anda membuat program pada Visual Basic. Namun hal itu tidak menjadi masalah. Untuk seorang programer yang berpengalaman, mengetik baris-baris baris perintah T-SQL SQL bukanlah beban yang berat. Untuk tujuan tertentu, seorang programer dapat mengenkrip sebuah stored procedure - misalnya untuk melindungi kode programnya supaya tidak bisa dibaca oleh orang lain. Hal ini dilakukannya saat pembuatan/pengubahan pembuatan/pengubahan stored procedure tersebut, dengan perintah: CREATE PROCEDURE
Hal yang sama jika Anda hendak melakukannya pada Query Analyzer: An EXEC sp_helptext encrypted_proc The object comments have been encrypted. Jika Anda mengenkrip sebuah stored procedure, maka kode program di dalamnya tidak bisa dibaca lagi, bahkan oleh administrator sistem (SA). Tidak ada cara untuk mendekripnya kembali, ke sehingga Anda sangat dianjurkan untuk menyimpan kode programnya pada tempat lain

SQL-FD-06002 – MEMBUKA ENKRIPSI STORED PROCEDURE

1

Mahir

www.tobuku.com

(misalnya berbentuk file teks). Walaupun tidak ada cara untuk mendekripnya kembali menggunakan cara normal, sesungguhnya stored procedure yang telah dienkrip sungguh-sungguh bisa dibaca kembali teks aslinya. Hal ini memang tidak diketahui oleh banyak orang, namun kelemahan ini sudah terjadi pada SQL Server 7.0 dan masih terjadi pada SQL Server 2000 (kemungkinan besar celah keamanan ini sudah diperbaiki pada SQL Server 2005 dan setelahnya). Enkripsi stored procedure ini bisa diakali dengan cara yang cukup sederhana. Tidak dengan kalkulasi matematika yang rumit, tidak dengan permutasi yang bolak-balik, tidak dengan iterasi yang berulang-ulang, tapi cukup dengan sebuah operasi logika exclusive-or (XOR).

Algoritma Dekripsi Logika enkripsi stored procedure SQL Server bisa dijelaskan sebagai berikut. Andaikan kita memiliki sebuah teks bernama “a”. Kemudian fungsi enkripsi SQL Server kita namakan E(x). Maka jika teks “a” dienkrip, akan dihasilkan sebuah hasil enkripsi yang kita sebut saja “a`”. a` = E(a) Andaikan kita memiliki sebuah teks lain yang bernama “b`”. Teks ini adalah hasil enkipsi dan kita tidak mengetahui teks aslinya, sehingga tujuan kita saat ini adalah untuk memecahkan kode tersebut. Dengan menggunakan “a” (yang diketahui teks aslinya) dan “a`” maka teks asli “b“ bisa diketahui. Hal pertama yang harus dilakukan adalah mendapatkan nilai-nilai unicode dari karakter-karakter teks “a”, “a`” dan “b`”. Nilai-nilai unicode dari sebuah karakter bisa diperoleh dengan mudah menggunakan fungsi UNICODE. Contoh: SELECT UNICODE(′a′) ----------97 (1 row(s) affected) Andaikan teks “a” terdiri dari beberapa karakter:

a0

a1

a2

a3

a4

a5

a6

…

an

Ua6

…

Uan

Maka nilai-nilai unicode dari rangkaian karakter diatas adalah:

Ua0

Ua1

Ua2

Ua3

Ua4

Ua5

Demikian pula untuk “a`” dan “b`”, rangkaian nilai-nilai unicode-nya adalah:

Ua`0

Ua`1

Ua`2

Ua`3

Ua`4

Ua`5

Ua`6

…

Ua`n

Ub`0

Ub`1

Ub`2

Ub`3

Ub`4

Ub`5

Ub`6

…

Ub`n

Sekarang adalah saatnya. Nilai unicode karakter-karakter “b” bisa diperoleh dengan melakukan operasi XOR yang melibatkan pasangan-pasangan nilai unicode karakter-karakter “a”, “a`” dan “b`”. Ub = Ua

Ua`

Ub`

Keterangan: = simbol operasi XOR


2

www.tobuku.com

Ua0

Ua1

Ua2

Ua3

Ua4

Ua5

Ua6

…

Uan

Ua`0

Ua`1

Ua`2

Ua`3

Ua`4

Ua`5

Ua`6

…

Ua`n

Ub`0

Ub`1

Ub`2

Ub`3

Ub`4

Ub`5

Ub`6

…

Ub`n

Ub0

Ub1

Ub2

Ub3

Ub4

Ub5

Ub6

…

Ubn

Akhirnya, untuk mendapatkan karakter-karakter b0, b1, b2 … bn kita bisa menggunakan fungsi NCHAR. Contoh: SELECT NCHAR(97) ----------a (1 row(s) affected) Dengan menggabung karakter-karakter b0, b1, b2 … bn , kita akan mendapatkan teks “b” yang asli. Pada SQL Server, operator XOR dinyakan dengan karakter “^”. Contoh: a ^ b ^ c. Hasil operasi XOR tidak dipengaruhi urutan nilai-nilainya. Sebagai contoh, a ^ b ^ c; b ^ c ^ a; atau a ^ c ^ b akan memberikan hasil yang sama. Algoritma di atas adalah rahasia dekripsi stored procedure SQL Server. Pada bagian berikutnya akan dijelaskan bagaimana teknik ini diterapkan untuk mendekrip sebuah stored procedure yang terenkrip.


3

www.tobuku.com

Implementasi Untuk bahan latihan, kita akan membuat sebuah stored procedure kemudian mengenkripnya dan mendapatkan kembali teks asli kode programnya. Silakan logon ke database SQL Server dan buat stored procedure bernama encrypted_proc dibawah ini. if

exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[encrypted_proc]') N'IsProcedure') = 1) DROP PROCEDURE [dbo].[encrypted_proc] GO CREATE PROCEDURE encrypted_proc AS PRINT 'I encrypted this procedure and forgot to check the source into cvs!' PRINT 'Now I don''t work here any more and you can''t find me!'

and

OBJECTPROPERTY(id,

GO Skrip di atas bisa diperoleh dari file example1.sql yang disertakan bersama dokumen ini. Perhatikan bahwa stored procedure ini belum dienkrip. SQL Server menyimpan kode program dari stored procedure di dalam table sistem yang bernama syscomments. Dengan menjalan perintah SELECT terhadap table ini, teks stored procedure tersebut bisa diperoleh. SELECT colid,[text] FROM syscomments WHERE id = object_id('encrypted_proc') colid text ------ -----------------------------------------------------------------------1 CREATE PROCEDURE encrypted_proc AS PRINT 'I encrypted this procedure and forgot to check the source into cvs!' PRINT 'Now I don''t work here any more and you can''t find me!'

(1 row(s) affected)


4

www.tobuku.com

Query di atas menghasilkan sebaris record. Pada stored procedure yang cukup panjang, teksnya tidak akan cukup disimpan dalam sebuah baris sehingga ia akan dipecah dan disimpan dalam beberapa baris pada table syscomments. Sekarang kita akan memodifikasi stored procedure tadi dengan menambahkan beberapa teks yang panjang agar Anda bisa melihat bagaimana ia akan disimpan. if

exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[encrypted_proc]') and OBJECTPROPERTY(id, N'IsProcedure') = 1) DROP PROCEDURE [dbo].[encrypted_proc] GO CREATE PROCEDURE encrypted_proc AS --Chapter I. Down the Rabbit-Hole. --001: Alice was beginning to get very tired of sitting by her sister on the bank, and of having nothing to do: once or twice she had peeped into the book her sister was reading, but it had no pictures or conversations in it, ànd what is the use of a book,` thought Alice `without pictures or conversation?` --002: So she was considering in her own mind (as well as she could, for the hot day made her feel very sleepy and stupid), whether the pleasure of making a daisy-chain would be worth the trouble of getting up and picking the daisies, when suddenly a White Rabbit with pink eyes ran close by her. --003: There was nothing so VERY remarkable in that; nor did Alice think it so VERY much out of the way to hear the Rabbit say to itself, Òh dear! Oh dear! I shall be late!` (when she thought it over afterwards, it occurred to her that she ought to have wondered at this, but at the time it all seemed quite natural); but when the Rabbit actually TOOK A WATCH OUT OF ITS WAISTCOAT- POCKET, and looked at it, and then hurried on, Alice started to her feet, for it flashed across her mind that she had never before seen a rabbit with either a waistcoat-pocket, or a watch to take out of it, and burning with curiosity, she ran across the field after it, and fortunately was just in time to see it pop down a large rabbit-hole under the hedge. --004: In another moment down went Alice after it, never once considering how in the world she was to get out again. --005: The rabbit-hole went straight on like a tunnel for some way, and then dipped suddenly down, so suddenly that Alice had not a moment to think about stopping herself before she found herself falling down a very deep well. --006: Either the well was very deep, or she fell very slowly, for she had plenty of time as she went down to look about her and to wonder what was going to happen next. First, she tried to look down and make out what she was coming to, but it was too dark to see anything; then she looked at the sides of the well, and noticed that they were filled with cupboards and book-shelves; here and there she saw maps and pictures hung upon pegs. She took down a jar from one of the shelves as she passed; it was labelled ÒRANGE MARMALADE`, but to her great disappointment it was empty: she did not like to drop the jar for fear of killing somebody, so managed to put it into one of the cupboards as she fell past it. --007: `Well!` thought Alice to herself, àfter such a fall as this, I shall think nothing of tumbling down stairs! How brave they`ll all think me at home! Why, I wouldn`t say anything about it, even if I fell off the top of the house!` (Which was very likely true.)


5

www.tobuku.com

--008: Down, down, down. Would the fall NEVER come to an end! Ì wonder how many miles I`ve fallen by this time?` she said aloud. Ì must be getting somewhere near the centre of the earth. Let me see: that would be four thousand miles down, I think--` (for, you see, Alice had learnt several things of this sort in her lessons in the schoolroom, and though this was not a VERY good opportunity for showing off her knowledge, as there was no one to listen to her, still it was good practice to say it over) `--yes, that`s about the right distance--but then I wonder what Latitude or Longitude I`ve got to?` (Alice had no idea what Latitude was, or Longitude either, but thought they were nice grand words to say.) --009: Presently she began again. Ì wonder if I shall fall right THROUGH the earth! How funny it`ll seem to come out among the people that walk with their heads downward! The Antipathies, I think--` (she was rather glad there WAS no one listening, this time, as it didn`t sound at all the right word) `--but I shall have to ask them what the name of the country is, you know. Please, Maàm, is this New Zealand or Australia?` (and she tried to curtsey as she spoke--fancy CURTSEYING as you`re falling through the air! Do you think you could manage it?) Ànd what an ignorant little girl she`ll think me for asking! No, it`ll never do to ask: perhaps I shall see it written up somewhere.` --010: Down, down, down. There was nothing else to do, so Alice soon began talking again. `Dinah`ll miss me very much to-night, I should think!` (Dinah was the cat.) Ì hope they`ll remember her saucer of milk at tea-time. Dinah my dear! I wish you were down here with me! There are no mice in the air, I`m afraid, but you might catch a bat, and that`s very like a mouse, you know. But do cats eat bats, I wonder?` And here Alice began to get rather sleepy, and went on saying to herself, in a dreamy sort of way, `Do cats eat bats? Do cats eat bats?` and sometimes, `Do bats eat cats?` for, you see, as she couldn`t answer either question, it didn`t much matter which way she put it. She felt that she was dozing off, and had just begun to dream that she was walking hand in hand with Dinah, and saying to her very earnestly, `Now, Dinah, tell me the truth: did you ever eat a bat?` when suddenly, thump! thump! down she came upon a heap of sticks and dry leaves, and the fall was over. --011: Alice was not a bit hurt, and she jumped up on to her feet in a moment: she looked up, but it was all dark overhead; before her was another long passage, and the White Rabbit was still in sight, hurrying down it. There was not a moment to be lost: away went Alice like the wind, and was just in time to hear it say, as it turned a corner, Òh my ears and whiskers, how late it`s getting!` She was close behind it when she turned the corner, but the Rabbit was no longer to be seen: she found herself in a long, low hall, which was lit up by a row of lamps hanging from the roof. --012: There were doors all round the hall, but they were all locked; and when Alice had been all the way down one side and up the other, trying every door, she walked sadly down the middle, wondering how she was ever to get out again. --013: Suddenly she came upon a little three-legged table, all made of solid glass; there was nothing on it except a tiny golden key, and Alice`s first thought was that it might belong to one of the doors of the hall; but, alas! either the locks were too large, or the key was too small, but at any rate it would not open any of them. However, on the second time round, she came upon a low curtain she had not noticed before, and behind it was a


6

www.tobuku.com

little door about fifteen inches high: she tried the little golden key in the lock, and to her great delight it fitted! --014: Alice opened the door and found that it led into a small passage, not much larger than a rat-hole: she knelt down and looked along the passage into the loveliest garden you ever saw. How she longed to get out of that dark hall, and wander about among those beds of bright flowers and those cool fountains, but she could not even get her head though the doorway; ànd even if my head would go through,` thought poor Alice, ìt would be of very little use without my shoulders. Oh, how I wish I could shut up like a telescope! I think I could, if I only know how to begin.` For, you see, so many out-of-the-way things had happened lately, that Alice had begun to think that very few things indeed were really impossible. --015: There seemed to be no use in waiting by the little door, so she went back to the table, half hoping she might find another key on it, or at any rate a book of rules for shutting people up like telescopes: this time she found a little bottle on it, (`which certainly was not here before,` said Alice,) and round the neck of the bottle was a paper label, with the words `DRINK ME` beautifully printed on it in large letters. PRINT 'I encrypted this procedure and forgot to check the source into cvs!' PRINT 'Now I don''t work here any more and you can''t find me!' GO Skrip di atas bisa diperoleh dari file example2.sql. Stored procedure yang cukup panjang seperti di atas akan disimpan dalam lebih dari satu baris di table syscomments. Silakan jalankan query ini untuk melihatnya. SELECT colid,[text] FROM syscomments WHERE id = object_id('encrypted_proc') ORDER BY colid colid text ------ -----------------------------------------------------------------------------------------------------------1 CREATE PROCEDURE encrypted_proc AS --Chapter I. Down the Rabbit-Hole. --001: Alice was beginning to get very tired of sitting by her sister on the bank, and of having nothing to do: once or twice she had peeped into the book her sister was reading, but 2 hink you could manage it?) Ànd what an ignorant little girl she`ll think me for asking! No, it`ll never do to ask: perhaps I shall see it written up somewhere.` --010: Down, down, down. There was nothing else to do, so Alice soon began talking again. `D (2 row(s) affected)


7

www.tobuku.com

Sekarang kita akan mengenkrip stored procedure ini. Hal ini bisa dilakukan dengan memodifikasi skrip example2.sql di atas pada bagian awal barisnya. ALTER PROCEDURE encrypted_proc WITH ENCRYPTION AS ... Setelah mengenkrip stored procedure tersebut, jalankan lagi query terhadap table syscomments. Anda akan mendapati kode programnya dalam keadaan terenkrip dan tidak bisa dibaca. Silakan membuka stored procedure tersebut menggunakan SQL Enterprise Manager dan pastikan bahwa Anda tetap tidak bisa membacanya. Untuk mendekrip stored procedure yang sudah didekrip, silakan membuka skrip yang telah ditulis dalam file decryptor.sql menggunakan SQL Query Analyzer. Skrip ini adalah sebuah contoh untuk mendekrip stored procedure bernama encrypted_proc yang kita gunakan sebagai latihan di sini. Skrip ini pun bisa digunakan untuk mendekrip stored procedure lain, tapi Anda harus lebih dulu memodifikasinya dengan mengganti teks “encrypted_proc” dengan nama stored procedure anda. /*######################################################################### Purpose : Decrypting the encrypted SQL Server stored procedure/view/trigger Author : Feri Djuandi ([email protected]) Dated : Mar 2006 Usage: Please BACKUP your database before running this script. Incrorrectly running this script may cause loosing/overwriting of your stored procedure. To use this script, you must modify it first: 1. Replace the "encrypted_proc" text with your encrypted SP's name. 2. If you want to use this script to decrypt view/trigger, you must replace all "STORED PROCEDURE" text to "VIEW" OR "TRIGGER" Use this script at your own risk. No one is responsible for any destructive results. #########################################################################*/

SET NOCOUNT ON DECLARE @ctext nvarchar(4000), @i int, @j int CREATE TABLE #tempcomments ( ID int PRIMARY KEY NOT NULL, ctext nvarchar(4000) NOT NULL )


8

www.tobuku.com

DECLARE cursor_sp1 INSENSITIVE CURSOR FOR SELECT ctext FROM syscomments WHERE id = object_id('encrypted_proc') ORDER BY colid FOR READ ONLY OPEN cursor_sp1 SET @i=0 WHILE 1=1 BEGIN FETCH NEXT FROM cursor_sp1 INTO @ctext IF @@FETCH_STATUS=0 BEGIN SET @i=@i+1 INSERT #tempcomments VALUES (@i, @ctext) END ELSE BREAK END CLOSE cursor_sp1 DEALLOCATE cursor_sp1 DECLARE @origcryptstr nvarchar(4000), @origplainstr varchar(8000), @tmp_origplainstr nvarchar(4000), @knownplainstr nvarchar(4000), @knowncryptstr nvarchar(4000) SELECT @knownplainstr = N'CREATE PROCEDURE encrypted_proc WITH ENCRYPTION AS ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


9

www.tobuku.com

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


10

www.tobuku.com

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


11

www.tobuku.com

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------' EXEC('ALTER PROCEDURE encrypted_proc WITH ENCRYPTION AS ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


12

www.tobuku.com

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


13

www.tobuku.com

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------') DECLARE cursor_sp2 INSENSITIVE CURSOR FOR SELECT ctext FROM syscomments WHERE id = object_id('encrypted_proc') ORDER BY colid FOR READ ONLY OPEN cursor_sp2 SET @j=@i WHILE 1=1 BEGIN FETCH NEXT FROM cursor_sp2 INTO @ctext IF @@FETCH_STATUS=0 BEGIN SET @j=@j+1 INSERT #tempcomments VALUES (@j, @ctext) END ELSE BREAK END CLOSE cursor_sp2 DEALLOCATE cursor_sp2

DECLARE @length int, @counter int


14

www.tobuku.com

SET @origplainstr= '' DECLARE cursor_sp3 INSENSITIVE CURSOR FOR SELECT ID,ctext FROM #tempcomments WHERE ID <= @i ORDER BY ID FOR READ ONLY OPEN cursor_sp3 WHILE 1=1 BEGIN FETCH NEXT FROM cursor_sp3 INTO @j,@origcryptstr IF @@FETCH_STATUS=0 BEGIN SELECT @knowncryptstr = ctext FROM #tempcomments WHERE ID = @i+@j SET @length = datalength(@origcryptstr) SET @tmp_origplainstr = replicate(N'X', (@length / 2)) SET @counter = 1 WHILE (@counter <= (@length/2) ) BEGIN SET @tmp_origplainstr = stuff(@tmp_origplainstr, @counter, 1, NCHAR(UNICODE(substring(@origcryptstr, @counter, 1)) ^ (UNICODE(substring(@knowncryptstr, @counter, 1)) ^ (CASE WHEN @j=1 THEN UNICODE(substring(@knownplainstr, @counter, 1)) ELSE 45 END)) ) ) SET @counter = @counter + 1 END SET @origplainstr= @origplainstr+CONVERT(varchar(4000),ISNULL(@tmp_origplainstr,'') ) END ELSE BREAK END CLOSE cursor_sp3 DEALLOCATE cursor_sp3 SET @i=CHARINDEX('with encryption ',LOWER(@origplainstr),1) IF @i > 0


15

www.tobuku.com

SET @origplainstr= LEFT(@origplainstr, @i-1) + SUBSTRING(@origplainstr, @i + 16,LEN(@origplainstr)) SET @origplainstr= 'ALTER ' + SUBSTRING(@origplainstr, 8,LEN(@origplainstr)) PRINT 'The stored procedure has been successfully decrypted.' EXEC(@origplainstr) DROP TABLE #tempcomments


16

www.tobuku.com

Mohon berhati-hati hati menjalankan skrip ini. Kesalahan penggunaannya akan mengakibatkan stored procedure yang ingin didekrip malah menjadi terhapus atau kode programnya tertimpa dengan teks lain. Hal-hal hal yang harus diperhatikan sebelum menjalankan men skrip ini adalah:

Backup-lah lah database yang akan Anda kerjakan untuk mencegah kehilangan/kerusakan data.

Pastikan Anda mengganti teks ““encrypted_proc”” dengan nama stored procedure yang ingin didekrip.

Skrip ini bisa juga digunakan untuk mendekrip view dan trigger yang dienkrip. Silakan memodifikasi skrip tersebut dengan mengganti teks “STORED PROCEDURE” dengan “VIEW” atau “TRIGGER”. Mohon lakukan dengan hati-hati hati dan pastikan Anda merubah teks yang seharusnya.

Skrip ini hanya bisa dijalankan pada stored procedure/view/trigger yang dalam keadaan terenkrip. Skrip ini akan menemui kesalahan saat eksekusi jika digunakan untuk mendekrip objek yang tidak terenkrip.

Jika Anda telah siap, jalankan skrip tersebut. Saat prosesnya selesai dan tidak ada kesalahan, SQL Server akan menampilkan teks “The The stored procedure has been successfully decrypted. decrypted.” Untuk memastikan hasilnya, silakan buka stored procedure yang baru dienkrip tadi menggunakan SQL Enterprise Manager. Teks asli dari kode programnya akan terpampang terpampang di depan anda. Begitulah caranya membaca stored procedure yang dienkrip.


17

MEMBUKA ENKRIPSI STORED PROCEDURE

Recommend Documents