Free obfuscation contest software for linux

B::Deobfuscate Perl module contains the deobfuscate source code.

SYNOPSIS

perl -MO=Deobfuscate,-csynthetic.yml,-y synthetic.pl

B::Deobfuscate is a backend module for the Perl compiler that generates perl source code, based on the internal compiled structure that perl itself creates after parsing a program. It adds symbol renaming functions to the B::Deparse module. An obfuscated program is already parsed and interpreted correctly by the B::Deparse program. Unfortunately, if the obfuscation involved variable renaming then the resulting program also has obfuscated symbols.

This module takes the last step and fixes names like $z5223ed336 to be a word from a dictionary. While the name still isnt meaningful it is at least easier to distinguish and read. Here are two examples - one from B::Deparse and one from B::Deobfuscate.

Initial input

if(@z6a703c020a){(my($z5a5fa8125d,$zcc158ad3e0)=File::Temp::tempfile(
UNLINK,1));print($z5a5fa8125d "=over 8nn");(print($z5a5fa8125d
@z6a703c020a)or die(((("Cant print $zcc158ad3e0: $!"))); print($z5a5fa8125d
"=backn");(close(*$z5a5fa8125d)or die(((("Cant close ".*$za5fa8125d.": $!")
));(@z8374cc586e=$zcc158ad3e0);($z9e5935eea4=1);}

After B::Deparse:

if (@z6a703c020a) {
(my($z5a5fa8125d, $zcc158ad3e0) = File::Temp::tempfile(UNLINK, 1));
print($z5a5fa8125d "=over 8nn");
(print($z5a5fa8125d @z6a703c020a)
or die((((q[Cant print ] . $zcc158ad3e0) . : ) . $!)));
print($z5a5fa8125d "=backn");
(close(*$z5a5fa8125d)
or die((((q[Cant close ] . *$za5fa8125d) . : . $!)));
(@z8374cc586e = $zcc158ad3e0);
($z9e5935eea4 = 1);
}

After B::Deobfuscate:

if (@parenthesises) {
(my($scrupulousity, $postprocesser) = File::Temp::tempfile(UNLINK, 1));
print($scrupulousity "=over 8nn");
(print($scrupulousity @parenthesises)
or die((((q[Cant print ] . $postprocesser) . : ) . $!)));
print($scrupulousity "=backn");
(close(*$scrupulousity)
or die((((q[Cant close ] . *$postprocesser) . : ) . $!)));
(@interruptable = $postprocesser);
($propagandaist = 1);
}

Youll note that the only real difference is that instead of variable names like $z9e5935eea4 you get $propagandist.

Convulsion is a drop-in CVS repository browser for PHP. It makes use of the libraries developed for the Chora module of the Horde project, but does not require that Horde be installed and working to be used.

You can browse directories and files, view a files revision history, compare two versions, and retrieve its ChangeLog. Convulsion also supports automatic obfuscation of e-mail addresses and syntax highlighting of most common languages.

Convulsions output is standards-compliant, accessible, and customisable by means of CSS.

Using Convulsion with Apache 2.x

Please note that in order to use Convulsion with the 2.x series of the Apache web server, you will need to set the value of the "AcceptPathInfo" directive to a value other than "Off". This can be done in the main Apache config, in the < VirtualHost > section for your site or using a .htaccess file.

ProGuard is a free Java class file shrinker, optimizer, and obfuscator. ProGuard project can detect and remove unused classes, fields, methods, and attributes. It can then optimize bytecode and remove unused instructions.
Finally, it can rename the remaining classes, fields, and methods using short meaningless names. The resulting jars are smaller and harder to reverse-engineer.
More compact jar files also means smaller storage requirements, faster transfer of applications across networks, faster loading, and smaller memory footprints.
ProGuards main advantage compared to other Java obfuscators is probably its compact template-based configuration. A few intuitive command line options or a simple configuration file are usually sufficient. For instance, the following configuration option preserves all applets in a jar:
-keep public class * extends java.applet.Applet
The user manual explains all available options and shows more examples of this powerful configuration style.
ProGuard is fast. It only takes seconds to process programs and libraries of several megabytes. The results section presents actual figures for a number of applications.
ProGuard is a command-line tool with an optional graphical user interface. It also comes with plugins for Ant and for the J2ME Wireless Toolkit.
ProGuard is a Java class file shrinker, optimizer, and obfuscator. The shrinking step detects and removes unused classes, fields, methods, and attributes. The optimization step analyzes and optimizes the bytecode of the methods. The obfuscation step renames the remaining classes, fields, and methods using short meaningless names. The resulting jars are smaller and harder to reverse-engineer.
ProGuard can also be used to list unused fields and methods in an application, and to print out the internal structure of class files.
ProGuard typically reads the input jars (or wars, ears, zips, or directories). It then shrinks, optimizes, and obfuscates them. It then writes the results to one or more output jars (or wars, ears, zips, or directories). The input jars can optionally contain resource files. ProGuard copies all non-class resource files from the input jars to the output jars. Their names and contents remain unchanged.
ProGuard requires the library jars (or wars, ears, zips, or directories) of the input jars to be specified. It can then reconstruct class hierarchies and other class dependencies, which are necessary for proper shrinking, optimization, and obfuscation. The library jars themselves always remain unchanged. You should still put them in the class path of your final application.
In order to determine which code has to be preserved and which code can be discarded or obfuscated, you have to specify one or more entry points to your code. These entry points are typically classes with main methods, applets, midlets, etc.
- In the shrinking step, ProGuard starts from these seeds and recursively determines which classes and class members are used. All other classes and class members are discarded.
- In the optimization step, ProGuard further optimizes the code. Among other optimizations, classes and methods that are not entry points can be made final, and some methods may be inlined.
- In the obfuscation step, ProGuard renames classes and class members that are not entry points. In this entire process, keeping the entry points ensures that they can still be accessed by their original names.
Any classes or class members of your code that are created or invoked dynamically (that is, by name) have to be specified as entry points too. It is generally impossible to determine these cases automatically, but ProGuard will offer some suggestions if keeping some classes or class members appears necessary. For proper results, you should at least be somewhat familiar with the code that you are processing.
ProGuard does handle Class.forName("SomeClass") and SomeClass.class constructs automatically. The referenced classes are preserved in the shrinking phase, and the string arguments are properly replaced in the obfuscation phase. With variable string arguments, it is generally impossible to determine their possible values (they might be read from a configuration file, for instance).
However, as mentioned, ProGuard will note constructs like "(SomeClass)Class.forName(variable).newInstance()". These might be an indication that the class or interface SomeClass and/or its implementations may need to be preserved. You can then adapt your configuration accordingly.
Whats New in 3.9 Stable Release:
- This release fixes a number of bugs.
- Notably, ".class" constructs compiled in Java 6 are now handled correctly.
- The optimization step now avoids a possible division by 0 and correctly processes local variables with indices larger than 255.
- The documentation and examples have been updated.
Whats New in 4.0 Beta Development Release:
- Added preverifier for Java 6 and Java Micro Edition, with new option -dontpreverify.
- Added new option -target to modify java version of processed class files.
- Made -keep options more orthogonal and flexible, with option modifiers allowshrinking, allowoptimization, and allowobfuscation.
- Added support for configuration by means of annotations.
- Improved shrinking of unused annotations.
- Added check on modification times of input and output, to avoid unnecessary processing, with new option -forceprocessing.
- Added new options -flattenpackagehierarchy and -repackageclasses (replacing -defaultpackage) to control obfuscation of packages names.
- Added new options -adaptresourcefilenames and -adaptresourcefilecontents, with file filters, to update resource files corresponding to obfuscated class names.
- Now respecting naming rule for nested class names (EnclosingClass$InnerClass) in obfuscation step, if InnerClasses attributes or EnclosingMethod attributes are being kept.
- Added new inter-procedural optimizations: method inlining and propagation of constant fields, constant arguments, and constant return values.
- Added optimized local variable allocation.
- Added over 250 new peephole optimizations.
- Improved making classes and class members public or protected.
- Now printing notes on suspiciously unkept classes in parameters of specified methods.
- Now printing notes for class names that dont seem to be fully qualified.
- Added support for uppercase filename extensions.
- Rewritten class file I/O code.
- Updated documentation and examples.

fl0p provides a passive OS fingerprinting tool.
fl0p is a passive L7 flow fingerprinter that examines TCP/UDP/ICMP packet sequences, can peek into cryptographic tunnels, can tell human beings and robots apart, and performs a couple of other infosec-related tricks.
This approach differs from the techniques used by most other passive
sniffers and mappers, and is advantageous in several interesting ways:
- General flow behavior remains largely unchanged regardless of whether
cryptographic tunnels or other obfuscation techniques are used. As
such, backdoors or firewall evasion techniques that for example
use SSL on port 443, can be told apart from browser traffic, and
further investigated.
- General insight into legitimate encrypted sessions can be gained; for
example, it is possible to remotely tell successful and failed SSH
authentication attempts apart, and react accordingly.
- Human actions can be told apart from automated efforts: it is possible
to ignore SMTP client programs, but single out humans manually
interacting with the server on port 25; similarly, automated SSH
login attempts can be told apart from human actions.
Enhancements:
- Chained signature support added.
- SMTP signatures

Tilt-n-Roll is a puzzle game where you must roll your marble through the 3d maze to the exit.
This game is an entry into Intels Game Demo 2007 contest. Please take the time to rate my game and help me win a prize!
Tilt the 3d maze and roll your marble to the exit. The final version will fully support laptop SMS / HDAPS sensors to allow players to tilt the laptop to play! (Support is partially there now - Linux users get an SDL patch and Mac users can wrangle with Unimotion).
Main features:
- Multiple powerups, monsters, switches, puzzles, traps...
- Built-in level editor: design and share your mazes with friends!
- Keyboard or mouse control for unsupported laptops
- Plenty of sound effects and catchy music
- Physics calculations are run in a second thread: multicore users should see an increase in both framerate and simulation accuracy
- Runs on Windows, Mac OS or Linux.
- Completely open-source software under the GNU GPL!

DSPAM is a server-side statistical anti-spam agent for Unix email servers.
DSPAM masquerades as the email servers local delivery agent and effectively filters spam using a combination of de-obfuscation techniques, specialized algorithms, and statistical analysis.
The result is an administratively maintenance-free, self-learning anti-spam tool. DSPAM has yielded real-world success rates beyond 99.9% accuracy with less than a 0.01% chance of false positives.
The DSPAM project attempts to set itself apart from other filters by focusing on the following areas:
- DSPAM has a strong drive for research. Many new algorithms and approaches to fighting spam have come out of the DSPAM project. Some of the approaches deployed in DSPAM include Concept Identification, Neural Networking, Message Inoculation , advanced de-obfuscation techniques, and a new noise reduction algorithm called Bayesian Noise Reduction. Were always looking for new approaches to improving the accuracy of DSPAM.
- A strong focus on large-scale implementation support. The largest implementation of DSPAM weve heard about to-date involves 350,000 users, with the next largest being around 125,000, then 100,000. DSPAM has been designed to run with a very short execution time (between 0.01s - 0.03s real time for classification and between 0.03s - 0.10s real time for training, on average hardware), and has been equipped with a storage driver API allowing several different storage mechanisms to be used. Depending on disk space constraints, accuracy can be traded off for additional disk space or vice-versa.
- Usability. DSPAM was designed with "grandma" in mind. Users can retrain by either forwarding any spam they receive to a spam address, or (in v3.4.2+) use the history function of the included web interface to quickly mark spam and deliver false positives. End-users dont need to know any commandline utilities or other complexities plaguing some other such tools. Functions such as whitelisting and keyword inventory are automatic (based on statistical functions) and therefore require no user intervention.
Main features:
- System-wide administratively-maintenance free filtering. The DSPAM agent can integrate into just about any network and can even be implemented as an SMTP gateway.
- A simple-to-use learning mechanism. DSPAM allows users to simply forward their spam to their "spam email address" for learning, eliminating any learning curve necessary to make it usable by your customers. The information used in every calculation is temporarily stored on the server, enabling DSPAM to relearn the original message by looking for a small signature in the forwarded spam. As a result, users dont have to be trained to bounce messages around, and administrators dont have to worry about incompatible mail clients.
- Support for a variety of storage implementations. DSPAMs storage driver API allows the administrator to choose how they wish to store data. Currently supported drivers include SQLite, Berkeley DB3, Berkeley DB4, MySQL, PostgreSQL and Oracle.
- Written in C for speed, performance, and scalability. Unlike Python or PERL solutions DSPAM is written in a low-level compiled language, meaning there is very little overhead. DSPAM runs fast, efficient, and doesnt depend on any third-party language interpreters.
- MTA support. DSPAM works great with Sendmail, Postfix, Qmail, Courier, and Exim, and should work well with many other MTAs. In the event you happen to run something like Exchange, DSPAM can be implemented on your network as an SMTP gateway. Just point your MX at it and configure it to relay to your mail server.
Enhancements:
- This is an unofficial release, but significant.
- Several significant bugfixes have been made.
- Bill Yerazunis Orthogonal Sparse Bigram (OSB) tokenizer algorithm has been added.
- The code has been significantly optimized to run much faster and with fewer resources.

DOMjudge is an automated judge system to run programming contests.
Main features:
- Lightweight, depends on standard software to do its task
- Webinterface for portability and simplicity
- Scalable: distributed judging is easy
- Modular system for plugging in languages/compilers
- Features rejudging, clarifications, detailed submission/judging info
- Designed with security in mind
- Has been used in live contests
- Its Open Source, Free Software