Home > Tutorials > PHP Tutorials

An encrypted PHP file is encountered and the decode process is written down

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
A friend in the morning let me help to see a PHP file, inside is garbled, change any one character will abort the run.

The file has only one row, and the following is part of the content:

The middle omits a bunch of character encodings, and the final content is

2kx9yhsqyo/d+5+fnpf+v/bsrlfeg= ')); return;? >5e813 ... 32-bit MD5 .... 3f6

Started using Zendstudio+xdebug tracking again, found that for this kind of compression in one line of code, debugging is simply powerless Ah! Breakpoints are not up.

Have a half-day or no effect, simply solve it by hand.

A simple look, just the variable name with some of the more special characters to replace, open with the editor, a few duplicate occurrences of the keyword replaced, you can see the approximate.

It also uses a custom function, which has been provided at the beginning of the file, that is, "蜖 棁 ㄔ┄ Opposita".

function 蜖 棁 ㄔ┄ opposita ($A, $B = "") {$A =base64_decode ($A), if (Empty ($A)) return "", if ($B = = "") {return ~ $A;} else{$D =strlen ($A), $B =str_pad ($B, $D, $B); $str = $A ^ $B; return $str;}}

After a few simple substitutions, you know what's in each field.


First, start with the Eval function, followed by 2 decryption functions, the function name is stored in the array. Similar

 
You can see the key code that cannot be run after the modification:
$A =file_get_contents (' origin.php '); @substr ($A, -32) ==md5 (substr (substr ($A, 0,-32). ' Another 32-bit MD5', 6) | | Die ();
After commenting out, proceed to the following code:

Again an eval, in decryption ...
Because the decrypted file is garbled, can not be directly used copy&paste, must be binary to write a file, and then after some substitution, decryption, and then write a file ... After a total of 5 rounds of decryption, finally get the source file.
Finally tidied up and wrote a regular to fix this file, directly remove the file.
  
Related code: http://download.csdn.net/detail/sbdx/8616319
                                                
The above describes the encounter an encrypted PHP file, the decode process written down, including aspects of the content, I hope the PHP tutorial interested in a friend helpful.

    • This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

    Related Keywords:
    is facetime encrypted is cpanel down is intuit down is bendbroadband down is jackd down is hootsuite down is playstation vue down

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    What's Trending
    Top 10 Tags
    datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
    Top 10 Keywords
    microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    Get Started for Free

    • Sales Support

      1 on 1 presale consultation

      Chat Contact Sales

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

      Open a Ticket

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

      Learn More