在一些代码中,使用wrap加密,经过加密的存储过程等不能查看,oracle也没有公布unwrap方法,但这也难不倒一些喜欢专研的大神,Oracle加密的原理就是先对源码进行lz压缩lzstr,然后对压缩数据进行SHA-1运算得到40位的加密串shstr,然后将加密串与压缩串拼接得到shstr+lzstr,然后对拼接后的字符串进行Oracle双字符转换(转换表)。最后将转换后的字符串进行base64编码,最终得到wrap的加密串。首先先看一下简单的wrap加密。
通过wrap可以加密:1. 存储过程,2. 函数 3. 包和包体 4. type和type body
1. 比如需要加密proc1存储过程,首先编译一下这个存储过程,保证存储过程的正确性
PgSQL
oracle@linux-fz9d:~> cat sp_test_wrap.sql
create or replace procedure proc1(
p_para1 varchar2
)
as
begin
dbms_output.put_line('p_para3:'||p_para1);
end;
/
-----------编译存储过程
oracle@linux-fz9d:~> sqlplus scott/tiger
SQL*Plus: Release 12.1.0.1.0 Production on Thu Apr 24 12:15:11 2014
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Last Successful login time: Thu Apr 24 2014 12:14:20 -04:00
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL> @sp_test_wrap.sql
Procedure created.
------------执行存储过程
SQL> begin
2 proc1('A');
3 end;
4 /
p_para3:A
PL/SQL procedure successfully completed.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
oracle@linux-fz9d:~>catsp_test_wrap.sql
createorreplaceprocedureproc1(
p_para1varchar2
)
as
begin
dbms_output.put_line('p_para3:'||p_para1);
end;
/
-----------编译存储过程
oracle@linux-fz9d:~>sqlplusscott/tiger
SQL*Plus:Release12.1.0.1.0ProductiononThuApr2412:15:112014
Copyright(c)1982,2013,Oracle.Allrightsreserved.
LastSuccessfullogintime:ThuApr24201412:14:20-04:00
Connectedto:
OracleDatabase12cEnterpriseEditionRelease12.1.0.1.0-64bitProduction
WiththePartitioning,OLAP,AdvancedAnalyticsandRealApplicationTestingoptions
SQL>@sp_test_wrap.sql
Procedurecreated.
------------执行存储过程
SQL>begin
2proc1('A');
3end;
4/
p_para3:A
PL/SQLproceduresuccessfullycompleted.
2. 确保proc1存储过程可以正常编译后,执行wrap加密
PgSQL
----------iname为输入脚本名,oname为输出脚本名
oracle@linux-fz9d:~> wrap iname=sp_test_wrap.sql oname=sp_test_wrap_plb.sql
PL/SQL Wrapper: Release 12.1.0.1.0- 64bit Production on Thu Apr 24 12:19:15 2014
Copyright (c) 1993, 2009, Oracle. All rights reserved.
Processing sp_test_wrap.sql to sp_test_wrap_plb.sql
---------------加密之前的脚本
oracle@linux-fz9d:~> cat sp_test_wrap.sql
create or replace procedure proc1(
p_para1 varchar2
)
as
begin
dbms_output.put_line('p_para3:'||p_para1);
end;
/
---------------加密之后的脚本
oracle@linux-fz9d:~> cat sp_test_wrap_plb.sql
create or replace procedure proc1 wrapped
a000000
1
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
7
70 a6
MJv8blMmvJpCGliPHxGeL1Av/N8wg5nnm7+fMr2ywFwWFpeu33ePCaasqc6mxsqAhAJ8xsoX
KMbK7w4OG5wLS+HIn8Ay/tId1eH7H0majzC1UMipUC8Aykr+CNLHPWmW45ZaVvIhYQlkJjfs
Gt6ydwb8weDXpqaUJ/0Z
/
oracle@linux-fz9d:~>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
----------iname为输入脚本名,oname为输出脚本名
oracle@linux-fz9d:~>wrapiname=sp_test_wrap.sqloname=sp_test_wrap_plb.sql
PL/SQLWrapper:Release12.1.0.1.0-64bitProductiononThuApr2412:19:152014
Copyright(c)1993,2009,Oracle.Allrightsreserved.
Processingsp_test_wrap.sqltosp_test_wrap_plb.sql
---------------加密之前的脚本
oracle@linux-fz9d:~>catsp_test_wrap.sql
createorreplaceprocedureproc1(
p_para1varchar2
)
as
begin
dbms_output.put_line('p_para3:'||p_para1);
end;
/
---------------加密之后的脚本
oracle@linux-fz9d:~>catsp_test_wrap_plb.sql
createorreplaceprocedureproc1wrapped
a000000
1
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
7
70a6
MJv8blMmvJpCGliPHxGeL1Av/N8wg5nnm7+fMr2ywFwWFpeu33ePCaasqc6mxsqAhAJ8xsoX
KMbK7w4OG5wLS+HIn8Ay/tId1eH7H0majzC1UMipUC8Aykr+CNLHPWmW45ZaVvIhYQlkJjfs
Gt6ydwb8weDXpqaUJ/0Z
/
oracle@linux-fz9d:~>
3. 通过wrap加密之后的脚本,重新在数据库中编译一下,然后查看其数据库中的代码
PgSQL
oracle@linux-fz9d:~> sqlplus scott/tiger
SQL*Plus: Release 12.1.0.1.0 Production on Thu Apr 24 12:21:31 2014
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Last Successful login time: Thu Apr 24 2014 12:15:12 -04:00
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
------------编译加密之后的脚本
SQL> @sp_test_wrap_plb.sql
Procedure created.
------------查看编译之后的存储过程
SQL> select text from dba_source where name='PROC1';
TEXT
--------------------------------------------------------------------------------
procedure proc1 wrapped
a000000
1
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
TEXT
--------------------------------------------------------------------------------
abcd
abcd
abcd
abcd
abcd
abcd
abcd
7
70 a6
MJv8blMmvJpCGliPHxGeL1Av/N8wg5nnm7+fMr2ywFwWFpeu33ePCaasqc6mxsqAhAJ8xsoX
KMbK7w4OG5wLS+HIn8Ay/tId1eH7H0majzC1UMipUC8Aykr+CNLHPWmW45ZaVvIhYQlkJjfs
TEXT
--------------------------------------------------------------------------------
Gt6ydwb8weDXpqaUJ/0Z
--------------测试编译之后的存储过程
SQL> set serveroutput on
SQL> begin
2 proc1('a');
3 end;
4 /
p_para3:a
PL/SQL procedure successfully completed.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
oracle@linux-fz9d:~>sqlplusscott/tiger
SQL*Plus:Release12.1.0.1.0ProductiononThuApr2412:21:312014
Copyright(c)1982,2013,Oracle.Allrightsreserved.
LastSuccessfullogintime:ThuApr24201412:15:12-04:00
Connectedto:
OracleDatabase12cEnterpriseEditionRelease12.1.0.1.0-64bitProduction
WiththePartitioning,OLAP,AdvancedAnalyticsandRealApplicationTestingoptions
------------编译加密之后的脚本
SQL>@sp_test_wrap_plb.sql
Procedurecreated.
------------查看编译之后的存储过程
SQL>selecttextfromdba_sourcewherename='PROC1';
TEXT
--------------------------------------------------------------------------------
procedureproc1wrapped
a000000
1
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
TEXT
--------------------------------------------------------------------------------
abcd
abcd
abcd
abcd
abcd
abcd
abcd
7
70a6
MJv8blMmvJpCGliPHxGeL1Av/N8wg5nnm7+fMr2ywFwWFpeu33ePCaasqc6mxsqAhAJ8xsoX
KMbK7w4OG5wLS+HIn8Ay/tId1eH7H0majzC1UMipUC8Aykr+CNLHPWmW45ZaVvIhYQlkJjfs
TEXT
--------------------------------------------------------------------------------
Gt6ydwb8weDXpqaUJ/0Z
--------------测试编译之后的存储过程
SQL>setserveroutputon
SQL>begin
2proc1('a');
3end;
4/
p_para3:a
PL/SQLproceduresuccessfullycompleted.
通过如上简单的一个加密,存储过程的内容编码就屏蔽掉了,只能查看到加密的内容。这种对于在存储过程中有敏感信息的代码非常有作用。但加密好之后,如何解密呢?
正如文章开头所说,oracle并没有提供unwrap的方法,但心细一点的童鞋可能网上已经找到解密的办法了,这里提供一个编译好的java程序,来至于黄伟hellodba,下载地址在文章末尾
,
转载请注明: 版权所有,文章允许转载,但必须以链接方式注明源地址,否则追究法律责任!
最后编辑:2014-06-05作者:Jerry
一个积极向上的小青年,热衷于分享--Focus on DB,BI,ETL