解码这个PHP?

 缘来是你-心定 发布于 2022-12-20 14:50
  • php
  • eval
  • awk
  • vb
  • v8
  • jq

    • 好吧,我有一些PHP,我正在与客户合作.最后一个让他的网站编码所有PHP的人,让像我这样的人很难进入并做出改变.我不知道这是什么.

    好的,所以它开始是这样的:

    ~DFLKc06hc06hc064rCOFTQEWInNxkqSBgs4KNSHjxs47gXVMgMpl38aKc0L7I8rfIXpMgMpI38aKc06fI0L7IRVyc8a7I06fI0L7AFL7I8rfI8a7I0VB38rfI0L7I8rfIXVyc8rfI8rfI06fuXVCEJxYG8OZv8a4NHoBIqsqkRzo8vLZsCOeqQHu1HHe+WLFJQN2rnaWg+sHdYkM40t4FJpK/Y8yOPEj3yxHzSzCucSQ2FaxV+ayxy3CMSHuX8L4v84hyHoeHWWqstxoJYtFkqNWEqGZuJE52ntdmQOx/Qzy4CgClPsAI08Mre6HGerBdR/7gRS3uvGqknNKrqSB38rfI0L7I8rfIR85oCEx2RVyc8rfI8rfI8rfuvI==VEe2YserMNxrnHjunE2RPIurCNxaJt0BqgW1YzyunGlBYzFoYsyoHGWZQEeAWsF2MVB3nzFuqGo1YtjWQEIuVg2RFNK/JtCunEx2WsF2M6aBCOFunSB3nzFuqGo1YtjWQEIuvIA3Yt4DWsF2+EoaQ/fKMOhZQgeoszW/nVB3nzFuqGo1YtjWQEIuvIA3Yt4DHGeAqt4oM6aBFNx5PoW/nLFuCOenFzekJNW5qSCCvIA3Yt4DSNKrCVfKMVyZnsuWQEjVJsyrt/CAnzeaF4aUVpyZnsuLnG4ZJtlBcSf3Yt4DHGeAqt4oXpQDX/7gXpyZnsuMnzeavIuIYsFrqWKrCOMAFNx5PoW/nLFuCOenFzx4qsFdF4a2FNx5PohZQEx5Q/3UVpyZnsu+YsyA+EoaQ/fKMNWlQNjmqNHAF/7gXVyZnsuWQEjVJsyrt/CIYsyAF4auvIA3Yt4DHNxaJLx/QExdM6aBYsF/Ys3AR82RqEK/qtxkJVfAFNx5PohZCNZVJsyrMNxrMVyIYsyA+EoaRShUVpyIYsyA+EoaM6aBCOFunSB3QNxaJLFuCV3UVEoEMVZrCtFrCOMAFOhZCNZVJs+20VIrRSfKcSfgQEWEF/3BPIA3Yt4DHNx/Yt4rt/C/qtYgsSfKMVyIYsyA+EoavIuKqtjrqShuqpfAMtW5QOydRVyIYsyA+EoaRS3BPIA3Yt4DHNxaJLx/QExdt4aBcSf3QNxaJLFuC62RT+uKVpyZnsu+YsFZnsenFzhZCNBgsSfKMNo5QNjmqNHAF/7gXVyZnsu+YsyA+sF/Ys3uvIA3Yt4DHNxaJVfKMVZuQzeoCVB3Yt4DHNx/Yt4rt/CIYsyAF4auMVYEMtW5QOydRVyZnsu+YsFZnsenFzhZCNBgsS3uVk7gX/Q1FNx5PohZQEx5Q42gQNxaJVCCM6ABF/7gvIA3Yt4DHEWEM6aBRNorQGWaRVyZnsu+YsFZnsenFzFoqpCCRSfEFpxonshaPSB3Yt4DHNx/Yt4rt/C/qtYgsS3uVk7gX/Q1FNx5PohZQEx5Q42gQEWEF4aBvpfgFr2RFNx5PohZQEx5QaK4CVfKMNx/QExdRV3UVpyZnsu+YsFZnsecCsynFGooF4aBcSfAJserqs+AFNx5PohZQEx5Q42gJtHgsS3BFpYZqt4ICO3AFNx5PohZQEx5Q42gJtHgsS3uVk73Yt4DHNx/Yt4rt/CuqSCCM6ABF4WHykBgvIA3CNo5qseaYsfBcShaJt4oRV3UVpy/Ytd3nG48qtemnEyrM6aBQEx1qVB4X60IR82RFNx5PohZQEx5QaK4Cx2gQto3F4aBcSf3CNo5qseaYsfBXSy/Ytd3nG48qtemnEyrvIA3Yt4DHNx/Yt4r8zWat/CrQpCCM6aBRNorQGWaRVyZnsu+YsFZnsenFze/F4auMVYEMtW5QOydRVyZnsu+YsFZnsenFze/F4auR+AiFNx5PohZQEx5Q42gQzMgsSfDMVQgvIA3Yt4DHNx/Yt4r8zWat/CbqsoznzF3Q/CCM6aBRNorQGWaRVyZnsu+YsFZnsenFG5oPsCmQEyrF4auMVYEMtW5QOydRVyZnsu+YsFZnsenFG5oPsCmQEyrF4auR+AiFNx5PohZQEx5Q42gJGWdCGK/qO0gsSfDMVQgvIA3Yt4DyNWrCNo1YsyunGlBcSf3Yt4DyNK5Yto1MVl3Yt4DHNxaJVf1FNx5PoFoqk2RFNx5P3yoQzyunExaJtK1MVlKMVQiF/dACOyIsGF4Jtj3szx4qsFdRVyZnsu+YsFZnsecCs+uvIu/qsy4QElBFNx5P3yoQzyunExaJtK1vIuKVEq4nEeaJtK1MNe2Jteb+GK4ng+BRVy2JtdbRShUVpyAJsyknzW1CNW/M6aBF/l1X/Q1FNjunE2BXpQmJNoaYGK4ngyoQpdZQGagvIuoYGZmMVF6nzW1CNW/MLqunNHDMNZuCNemCtdaqsMpvIuknNWZQgeaYsykYteAqSBuvIA3nNKkJaemCtdaM6aB062RJtYBRNqunNWTqsZuQzyrRVyAJsyknzW1CNW/RS3BPIA3qEBBcShEnzhonpB3JNoaYGK4ngyoQpIgQp2gR82RCGZunNHA0S3BPIuuqpfAqEjmYG2AFNqAXLjc+a5TyWBuRShUVpypCtqEqsMBcShkJNKIRNq/qtx3RVyEJVjEJtjoQGoDqSB3JNoaYGK4ngyoQp3uR82RFNF4qEqoQp2bvIu/qsCunE+AFNqAR82RqgC/JsyoRVyEJVI3YgWEqEW/R82RqEq2CseARVyEJV3UVEqaQgW1YGxaqSB3qEB2qgyonNIAFNqARS3UVEq2nGebRVyEJVj08aeXs4WvR82RYgFoYt2UVg4onOeoMO2RFNjmYG56nzW1CV2bvIurnNWoQVBjR82RT+uuqpfAFNjmYG56nzW1CVfwcSf4RShUVEF/qtxbvIuKVgaRTtW2QGHBPIA3qEBBcShEnzhonpB3JNoaYGK4ngyoQpIgC/2gR82RqgC/JsyoRVyEJVIp0SMuvIA3YgWEqEW/cSMjMk2RT+uEYGjmQGHAFNqAR82RT+uKVpyZQG48qtx/YGZWQEIBcShZQG40JtdbvkukQEWZCNW8qtx/YGZWQEIAFN4dnNo1JGyoQz+uvIAUalVnRPIq

    然后我将其解码为:

    但是我还没有进一步.有关如何使用它的任何想法?

    1 个回答

    • 哦,一个谜题!我喜欢谜题.

      该解码器有两个阶段.

      第一个分配许多字符串,然后解码并评估第二个阶段.这里删除了一些错误的格式和变量名称:

      $map=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');
$base64_decode=$map{4}.$map{9}.$map{3}.$map{5};
$base64_decode.=$map{2}.$map{10}.$map{13}.$map{16};
$base64_decode.=$base64_decode{3}.$map{11}.$map{12}.$base64_decode{7}.$map{5};
$fopen=$map{0}.$map{12}.$map{7}.$map{5}.$map{15};
$fgets=$map{0}.$map{1}.$map{5}.$map{14};
$fgetc=$fgets.$map{11};
$fgets=$fgets.$map{3};
$fread=$map{0}.$map{8}.$map{5}.$map{9}.$map{16};
$strtr=$map{3}.$map{14}.$map{8}.$map{14}.$map{8};
$filename=__FILE__;
$hex_a68=0xa68;
eval($base64_decode(another base64 blob -- the second stage))

      除了$map和之外,每个字符串$filename最终都被赋予其名称作为内容.

      第二个阶段,从Base64 blob解码,由你已经发现的第二个部分组成,我在下面对其进行了类似的处理:

      $fh = $fopen($filename, 'rb');
$fread($fh, 0x554);
$data = $base64_decode($strtr(
    $fread($fh, 0x17c),
    'fhV6LxNOMFRX0evc+yS8HWtsYqJnQCPTBZpk3oEgAu9b251mIj/ra4GzldDU7Kwi=',
    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
));
eval($data);

      这将从当前PHP文件读取一些编码数据,使用strtr()它修改它,Base64对其进行解码,然后对其进行评估.这个解码的结果似乎有些损坏(可能你已经省略了部分输入?),但是包含这个可读的PHP代码片段:

      class asmLink
{
static function createSearchUrl ($originalUrl)
{
$originalUrl = trim($originalUrl);
$amzUrlBits = parse_url($originalUrl);
$amzScheme = $amzUrlBits['

      顺便说一句:建议您的客户考虑非常仔细地阅读与前任开发人员签订的合同,并且可能需要考虑法律程序 - 开发人员故意采取措施防止您的客户由其他任何人维护其网站.

      2022-12-20 14:52 回答
    撰写答案
    今天,你开发时遇到什么问题呢?
    立即提问
    热门标签
    PHP1.CN | 中国最专业的PHP中文社区 | PNG素材下载 | DevBox开发工具箱 | json解析格式化 |PHP资讯 | PHP教程 | 数据库技术 | 服务器技术 | 前端开发技术 | PHP框架 | 开发工具 | 在线工具
    Copyright © 1998 - 2020 PHP1.CN. All Rights Reserved 京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有