Re: XLS files scrambling

Subject: Re: XLS files scrambling
From: Paul Tchistopolskii <paul@xxxxxxx>
Date: Fri, 23 Jun 2000 12:27:19 -0700
Hi, George.

Long time ago I was used to work for one paranoid,
who was thinking that if he encrypt the source code
of some perl scripts - he benefit on a long run.
He got that scrambling in 2-3 days.

I think that the pattern of scrambling XSL, perl or
whatever other interpreter is common and

1. Write propriatary 'crypt' utility  ( use DES-based
encryption,  it is strong and  there are open sources
hanging around ).

2. crypt script.xsl >  script.xsl

The produced ( scrambled ) script.xsl will have a
magic signature in the first few bytes, or  e t.c.

3. Find the place in perl ( XSL, whatever ) code
which is loading the stylesheet. If the stylesheet
starts with magic signature - decrypt it first.

 In case of XSL re-capturing SAX Eception
could work - I mean - "if it is not XML - it is encrypted"

4. To run hacked stylesheets - ship hacked

5. There are some interesting twists here.
For example, with perl if was not straightforward,
because there was more than one place that
has to be 'closed'. Hacked interpreter written in
java could also be decompiled e t.c.  e t.c.

Pafranaoya has no limits

Conclusion. If you want to hack XT, for example,
to read  encrypted stylesheets - just write your
own ( decrypting ) SAXParser ( similar to
UxSpecialParser ) and  that's all you need.
No code changes to XT.  The same could be
done for any other 'reasonable'  XSLT Engine,
which has no particular parser hardcoded, but
allows usage of other SAXParsers.

For detailes on UxSpecialParser - you can
download Ux source code from


----- Original Message -----
From: George Prezerakos

> Cmon you guys,
> I don't mean to start a new thread here but...
> We gotta separate between personal and corporate views. Of course I like open source
source projects and freeware distribution (and I have actually developed free or low-cost
s/w a lot of times).
> However, when working for a company and writing software for the company's clients you
might (just might) be asked to encrypt some stuff. I haven't come across this situation
yet but I posted my original question just in case.
> Think about it before starting to flame me once more :)
> Regards,
> George Prezerakos

 XSL-List info and archive:

Current Thread