How to decrypt "PHP shield decryption tool" _ php instances

PHP shield decryption tool is a powerful network decryption tool for "shield encryption, today, let's talk about the issue of this decryption tool. In fact, we are not so interested in the decryption tool. we just feel uncomfortable seeing the author encrypt the tool again. After research, decryption is not that complicated.

It's easy to use php_apd extension. There are only four sentences of code.

<?phprename_function('gzuncompress','new_gzuncompress');override_function('gzuncompress', '$arg', 'print(new_gzuncompress($arg)); return new_gzuncompress($arg);'); require_once 'decryption.php';decryption('decryption.php');

The core code of this tool: decryption. php

<? Phpfunction decryption ($ fileName) {/*** decoding function * @ param string $ str awaiting decoding string * @ param string $ whether to parse and decode flg * @ return string decoded string */function decode ($ str, $ flg = '') {if ($ flg ='') {$ ret = $ str;} else {$ ret = 'hangzhou'; $ I = 0; $ l = strlen ($ str); while ($ I ++ <$ l) {$ c = ord ($ str [$ i-1]); $ ret. = $ c <245? ($ C> 136? Chr ($ c/2): $ str [$ i-1]): "" ;}} return base64_decode ($ ret) ;}$ err = 'Decoding encountered an error, contact the instructor to process the file! '; $ Str = file_get_contents ($ fileName); $ path = pathinfo ($ fileName); $ dirname = $ path ['dirname']; // file directory $ baseName = $ path ['filename']; // file name if (preg_match ('| IN_DECODE _ (\ w {32}) | s ', $ str, $ arr) {// you have already been notified of the methods to prevent yourself from being decrypted, happy $ arr [1] = '761b5f52db6dff7ce91344e99dcedab7' & die ("err: [-1]-please do not try to use this tool to decrypt this tool! ");} Else {die (" err: [-1]-no anti-DDoS features found. Are you sure this is anti-DDoS encryption? ");} // Match the subject of the code //''; @ \ $ [\ x00-\ xff] + \ (\ '([\ x00-\ xff] + ?) \\'\. \ (Preg_match ('| \'\'; @ \ $ [\ x00-\ xff] + \ (\ '([\ x00-\ xff] + ?) \\\\\'\. \ (| S', $ str, $ arr) | die ("err: [0]-". $ err); $ code = $ arr [1]; // match the intermediate encryption part preg_match ('| \ (\' ([\ x00-\ xff] + )\', \ '| s', $ code, $ arr) | die ("err: [1]-". $ err); $ key = base64_decode (decode ($ arr [1], "decode"); $ code = preg_replace ('| \'\. [\ x00-\ xff] + \'\)\)\. \ '| s', $ key, $ code); // match the encrypted code preg_match (' | = \ '(x [\ x00-\ xff] +) \ '\); | s', $ str, $ arr) | die ("err: [2]-". $ err); $ core = $ arr [1]; // match verification key preg_match ('| [\ w +/=] {59} = | s ', $ arr [1], $ arr) | die ("err: [3]-". $ err); $ key = $ arr [0]; $ core = str_replace ($ key, '', $ core ); // remove key $ suffix = gzuncompress ($ core); // Obtain the end of base64 // decodes $ code = gzuncompress (base64_decode ($ code. $ suffix); // match the clean code if (preg_match ('|