God Shield Encryption and decryption tutorial (i) PHP variable available characters _php tutorial

First of all, the name of the PHP variable naming rules, Baidu next catch a lot:
(1) PHP variable names are case-sensitive;
(2) The variable name must start with the dollar sign $;
(3) The beginning of the variable name can begin with an underscore;
(4) The variable name cannot begin with a numeric character.

In fact, all programming similar naming conventions are:
1. The first character of a variable is preferably a letter or _ and cannot begin with a number
2. The second character begins to allow numbers, letters, _

Well, that's pretty much it, but that's not the point we're talking about.
Today we are talking about the available characters of PHP variables, not just numbers, letters, _ Oh.

A few days ago QQ on a friend sent me a shell, is encrypted, whole garbled, but there are comments, called "God Shield Encryption" good domineering look.
It uses some of the more uncommon knowledge points, the most obvious is the variable name, so today we start with the variable.

Of course, I didn't find any authoritative material on the Internet. Strong description of the PHP variable name available characters information, so I can only test myself. (Bad English, no way Google to favorable evidence)
First look at the method I'm using (if you have a better way, you want to share it.) ）

Copy the Code code as follows:
if ($_post) {
$CHR = Chr ($_post[' CHR ');
Eval (' $ '. $chr. " = 1; ");
echo ' OK ';
Exit
}
?>




Test

The code is relatively simple, and the PHP section is only responsible for parsing each character as a variable name and whether the result of the execution will throw an overflow.
For example, the character a will parse eval (' $a = 1; '); The result is certainly no problem, so no exception is thrown, and the result is the OK character.
If the character-then it will parse eval (' $-=1; '); This is obviously wrong, so the PHP Parse Error:syntax error will be thrown, unexpected '-', expecting t_variable or ' $ ' and the OK character.
And the following Ajax part is the use of the return result is ' OK ' to determine whether it is a valid variable name.
Let's see what happens after the execution:

Copy CodeThe code is as follows:
"\x41, \x42, \x43, \x44, \x45, \x46, \x47, \x48, \x49, \x4a, \x4b, \x4c, \x4d, \x4e, \x4f, \x50, \x51, \x52, \x53, \x54, \ X55, \x56, \x57, \x58, \x59, \x5a, \x5f, \x61, \x62, \x63, \x64, \x65, \x66, \x67, \x68, \x69, \x6a, \x6b, \x6c, \x6d, \x6 E, \x6f, \x70, \x71, \x72, \x73, \x74, \x75, \x76, \x77, \x78, \x79, \x7a, \x7f, \x80, \x81, \x82, \x83, \x84, \x85, \x86, \x87, \x88, \x89, \x8a, \x8b, \x8c, \x8d, \x8e, \x8f, \x90, \x91, \x92, \x93, \x94, \x95, \x96, \x97, \x98, \x99, \x9a, \ x9b, \x9c, \x9d, \x9e, \x9f, \xa0, \xa1, \xa2, \xa3, \xa4, \xa5, \xa6, \xa7, \xa8, \xa9, \xaa, \xab, \xac, \xad, \xae, \xa F, \xb0, \xb1, \xb2, \xb3, \xb4, \xb5, \xb6, \xb7, \xb8, \XB9, \xba, \xbb, \XBC, \XBD, \xbe, \XBF, \xc0, \xc1, \xc2, \xc3, \xc4, \xc5, \xc6, \xc7, \xc8, \xc9, \xca, \XCB, \XCC, \xcd, \xce, \XCF, \xd0, \xd1, \xd2, \xd3, \xd4, \xd5, \xd6, \xd7, \ Xd8, \XD9, \xda, \xdb, \xdc, \xdd, \xde, \XDF, \xe0, \xe1, \xe2, \xe3, \xe4, \xe5, \xe6, \xe7, \xe8, \xe9, \xea, \xeb, \xe C, \xed, \xee, \xef, \XF0, \xf1, \xf2, \xf3, \xf4, \xf5, \xf6, \xf7, \xf8, \xf9, \xfa, \XFB, \XFC, \xfd, \xfe, \xff "

After finishing found that this is the 16 data, of course, do not understand it's okay to look at the results after escaping:

Copy the Code code as follows:
"A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z, _, A, B, C, D, E, F, G, H, I, J, K, L, M, N , O, p, Q, R, S, T, U, V, W, X, Y, Z,,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,? ,?,?,?,?,, ¡,¢,£,¤,¥,¦,§,¨,©,ª,«,¬,, ®,¯,°,±,²,³,´,µ,¶,,¸,¹,º,»,¼,½,¾,¿,à,á,â,ã,ä , Å,æ,ç,è,é,ê,ë,ì,í,î,ï,ð,ñ,ò,ó,ô,õ,ö,x,ø,ù,ú,û,ü,ý,þ,ß,à,á,â,ã,ä,å,æ,ç,è,é,ê,ë,ì, Í,î,ï,ð,ñ,ò,ó,ô,õ,ö,÷,ø,ù,ú,û,ü,ý,þ,ÿ "

In addition to the previous a-z_a-z is familiar to us, the back of those messy things can also be used as a normal variable name, simply incredible.
In fact, PHP expands the character range of the variable name, and extends the available character range of the variable to the \x7f-\xff above a-z_a-z.
So, the first character range should be [A-za-z_\x7f-\xff]
Then whether the second character is also so able, we continue to test under.
Put the eval (' $ '. $CHR in the PHP code above. = 1; "); Change to eval (' $a '. $chr. " = 1; "); Save Tests,

Copy CodeThe code is as follows:
"\x9, \xa, \xd, \x20, \x30, \x31, \x32, \x33, \x34, \x35, \x36, \x37, \x38, \x39, \x41, \x42, \x43, \x44, \x45, \x46, \x47 , \x48, \x49, \x4a, \x4b, \x4c, \x4d, \x4e, \x4f, \x50, \x51, \x52, \x53, \x54, \x55, \x56, \x57, \x58, \x59, \x5a, \x5f, \x61, \x62, \x63, \x64, \x65, \x66, \x67, \x68, \x69, \x6a, \x6b, \x6c, \x6d, \x6e, \x6f, \x70, \x71, \x72, \x73, \x74, \x \x76, \x77, \x78, \x79, \x7a, \x7f, \x80, \x81, \x82, \x83, \x84, \x85, \x86, \x87, \x88, \x89, \x8a, \x8b, \x8c, \x8d , \x8e, \x8f, \x90, \x91, \x92, \x93, \x94, \x95, \x96, \x97, \x98, \x99, \x9a, \x9b, \x9c, \x9d, \x9e, \x9f, \xa0, \xa1, \xa2, \xa3, \xa4, \xa5, \xa6, \xa7, \xa8, \xa9, \xaa, \xab, \xac, \xad, \xae, \xaf, \xb0, \xb1, \xb2, \xb3, \xb4, \xb5, \x B6, \xb7, \xb8, \XB9, \xba, \xbb, \XBC, \XBD, \xbe, \XBF, \xc0, \xc1, \xc2, \xc3, \xc4, \xc5, \xc6, \xc7, \xc8, \XC9, \xca , \XCB, \XCC, \xcd, \xce, \XCF, \xd0, \xd1, \xd2, \xd3, \xd4, \xd5, \xd6, \xd7, \xd8, \xd9, \xda, \xdb, \xdc, \XDD, \xde, \XDF, \xe0, \xe1, \xe2,\xe3, \xe4, \xe5, \xe6, \xe7, \xe8, \xe9, \xea, \xeb, \xec, \xed, \xee, \xef, \xf0, \xf1, \xf2, \xf3, \xf4, \xf5, \xf6, \x F7, \xf8, \xf9, \xfa, \XFB, \XFC, \xfd, \xfe, \xff "

found that the results of a lot of characters, in fact, some of us are to be removed, such as \x20 is actually a space, equivalent to eval (' $a = 1; '); , of course, can be carried out normally.
In addition to the space, and \t\r\n are removed because these are also PHP syntax to allow the \T=\X9,\N=\XA,\R=\XD, so we want to remove the results of the first 4 data \x9, \xa, \xd, \x20,
The end result is just a lot more \x30, \x31, \x32, \x33, \x34, \x35, \x36, \x37, \x38, \x39 people who are familiar with ASCII may see it at one glance, which is the number 0-9
So the first character range should be [\w\x7f-\xff] to the regular is not ripe may feel how not [0-9a-za-z_\x7f-\xff], in fact \w is 0-9a-za-z_

Perhaps someone would say $ $a; ${$a}; What about such a variable?
I think this is out of the scope of the variable name, isn't it.

OK, about the PHP variable available characters of the knowledge point sharing is complete, if there is any wrong, please leave a message, I will promptly correct to avoid misleading everyone.

My guess: ASCII range 0-127 (\x00-\x7f), Latin1 range 0-255 (\x00-\xff), perhaps PHP is to extend the scope to latin1 character set, of course, I have not read the PHP source code, can only be said to be a conjecture.

http://www.bkjia.com/PHPjc/777636.html www.bkjia.com true http://www.bkjia.com/PHPjc/777636.html techarticle first of all, the name of the PHP variable naming rules, Baidu next catch a lot: (1) PHP variable names are case-sensitive; (2) The variable name must start with the dollar sign $; (3) Variable name can be underlined at the beginning ...

