Thursday, February 14, 2013

WRAPPING Oracle procedure/function


In order to hide any procedure/function we can use oracle wrap utility. This would hide the code from user, but still the procedure can execute.

Here is the demonstration.

1   1. Create an sql file on database OS.

[oracle@lab ~]$ cat wrapping_proc.sql
CREATE OR REPLACE PROCEDURE wrapping_proc
IS
BEGIN
   DBMS_OUTPUT.PUT_LINE('WRAP TESTING');
 END;
/

    2. WRAP the sql file, this would create a wrapped file with .plb extension. Try the below command.

[oracle@lab ~]$ wrap iname=wrapping_proc.sql
PL/SQL Wrapper: Release 11.2.0.2.0- 64bit Production on Thu Feb 14 15:33:26 2013
Copyright (c) 1993, 2009, Oracle.  All rights reserved.
Processing wrapping_proc.sql to wrapping_proc.plb

3. Now copy the content of .plb file, and execute it after logging into the database.

[oracle@lab~]$ cat wrapping_proc.plb
CREATE OR REPLACE PROCEDURE wrapping_proc wrapped
a000000
1
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
7
50 92
AjmXfCjRF6msrZKufRFrtUPnC5gwg5nnm7+fMr2ywFwWlvJWFoVHDNCWFpeui5t0i8DAMv7S
hglpabhSm7JK/iiyveeysx0GMCyuJOqygaXKxqYCL7GPL64kvzIu9tFE6iQf9jmms29vnw==
/

4. Logging into the database to execute it.

[oracle@lab~]$ sqlplus scott/tiger
SQL> CREATE OR REPLACE PROCEDURE wrapping_proc wrapped
  2  a000000
  3  1
abcd
  4    5  abcd
abcd
  6    7  abcd
abcd
  8    9  abcd
 10  abcd
 11  abcd
 12  abcd
abcd
 13   14  abcd
 15  abcd
 16  abcd
 17  abcd
 18  abcd
 19  7
 20  50 92
 21  AjmXfCjRF6msrZKufRFrtUPnC5gwg5nnm7+fMr2ywFwWlvJWFoVHDNCWFpeui5t0i8DAMv7S
 22  hglpabhSm7JK/iiyveeysx0GMCyuJOqygaXKxqYCL7GPL64kvzIu9tFE6iQf9jmms29vnw==
 23
 24
 25  /

Procedure created.

   5.  Try executing and it works!

SQL> exec wrapping_proc;

PL/SQL procedure successfully completed.

SQL> drop procedure wrapping_proc;

Procedure dropped.
Now the interesting part is Even though Oracle claims the wrapped code can't be unwrapped. But it does!!!
There are couple of weblink where you can easily unwrap it. So the point of wrapping has become useless :(

 The following link is one of them.
http://www.codecrete.net/UnwrapIt/
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)