General encryption php file restoration method

General encryption PHP file restoration method previous article practice restoring PHP encrypted files said I found the PHP encrypted file method is insufficient, so this article was available.

Background Analysis

As we all know, PHP is a scripting language, which is mainly used to explain and run rather than compile and run. Therefore, compared with compiled languages (C, C #, C ++), it does not have the ability to directly generate exedll. Therefore, the traditional encryption method cannot be shelled.

There are two encryption methods for PHP: obfuscation and encryption.

Obfuscation is not encrypted in a strict sense. This type of code is like the code that uses the abbreviation of pinyin to name variables, but you seem to have struggled. This is beyond our scope.

Encryption can be executed in two ways: one is an extension (Loader ). The other is no extension.

First, let's talk about the unextended encryption method. This encryption method is very brainless, because its decryption process is public and uses known PHP functions. The encrypted code is generally similar to the following:

 
Even if it looks very complex:
It's just the above variant. This type of decryption is very good for public cracking. you only need to change eval to echo.
Another extension method is complicated. The function of extension here is mainly to decrypt and execute the code. compared with the non-extension form, it hides the code for decryption and execution in the extension, so the cracking is more complicated.
The extensions here are generally divided into two types: 1. providing decryption and execution functions. 2. directly overwrite zend_compile_file to parse custom PHP files.
The first typical example is the zoeeyguard I mentioned in the previous article. it mainly uses the zend_eval_string function to execute php code.
The second example is Zend Guard and Songge's php-beast.
Both methods are similar. You can give priority to the ideas in my previous article.
Of course, what should I do if I fail to solve the problem in the previous article?
At this time, we need to provide a big killer.
You will find that I have been talking about two functions zend_compile_file and zend_eval_string in the previous article. some smart phper has come to mind, right! The idea is to change eval to echo.
Practical examples
We can't just talk about it. Here is an example:
This time, let's start with Song Ge's php-beast. Song Ge's code is very beautiful. he knows that aes des decryption takes time and also writes a Cache.
1. download the php source package for linux (it is best to select one between version 5.6 and version 5.5, which is not supported by version 7. the changes to BTW: 7 are still quite large and many items are not compatible, zend Guard does not support 7. Here I am taking a detour .)
2. find the function in the file Zendzend_language_scanner.c: zend_op_array * compile_file (zend_file_handle * file_handle, int type TSRMLS_DC) in the format of more than 500 lines. add the following code to the front (code, do not vomit ):
ZEND_API example * compile_file (example * file_handle, int type TSRMLS_DC) {zend_lex_state variable; zend_op_array * op_array = (optional *) emalloc (sizeof (zend_op_array )); zend_op_array * records = CG (active_op_array); zend_op_array * retval = NULL; int compiler_result; zend_bool records = 0; znode records; zend_bool records = CG (in_compilation ); /** BEGIN ** // the meaning here is that every time php compiles the php source code, print the source code as char * buf; size_t size; zend_stream_fixup (file_handle, & buf, & size); printf ("\ n ####### \ nFILE TYPE: % d file name: % s CONTENT: % s \ n ####### \ n ", (* file_handle ). type, (* file_handle ). filename, buf);/** END **/
Run the following command in the php folder:
// Save some time./configure -- disable-ipv6 -- disable-allmakemake install
4. if it succeeds, PHP has been installed successfully.
5. we will write two test files: test. php and execute it to encrypt before. php to generate after. php.
// Test. php
  
// Before. php
   
7. execute the following php test. php and then execute php after. php.
Let's take a look:
4. if your php code is to be encrypted and published, the best way is to increase the charge and then provide the source code directly.