Teaches you how to decrypt "PHP shield decryption tool ". As a matter of fact, I am not so interested in the decryption of Alibaba Cloud Security. I just felt uncomfortable seeing that the author encrypted the tool again. After research, decryption is not that complicated. The php_apd extension is very light. In fact, it is not so interested in the decryption of shield, but it is uncomfortable to see that the author encrypted the tool again. After research, decryption is not that complicated.
It's easy to use php_apd extension. There are only four sentences of code.
<?phprename_function('gzuncompress','new_gzuncompress');override_function('gzuncompress', '$arg', 'print(new_gzuncompress($arg)); return new_gzuncompress($arg);'); require_once 'decryption.php';decryption('decryption.php');
The core code of this tool: decryption. php
<? Phpfunction decryption ($ fileName) {/*** decoding function * @ param string $ str awaiting decoding string * @ param string $ whether to parse and decode flg * @ return string decoded string */function decode ($ str, $ flg = '') {if ($ flg ='') {$ ret = $ str;} else {$ ret = 'hangzhou'; $ I = 0; $ l = strlen ($ str); while ($ I ++ <$ l) {$ c = ord ($ str [$ i-1]); $ ret. = $ c <245? ($ C> 136? Chr ($ c/2): $ str [$ i-1]): "" ;}} return base64_decode ($ ret) ;}$ err = 'Decoding encountered an error, contact the instructor to process the file! '; $ Str = file_get_contents ($ fileName); $ path = pathinfo ($ fileName); $ dirname = $ path ['dirname']; // file directory $ baseName = $ path ['filename']; // file name if (preg_match ('| IN_DECODE _ (\ w {32}) | s ', $ str, $ arr) {// you have already been notified of the methods to prevent yourself from being decrypted, happy $ arr [1] = '761b5f52db6dff7ce91344e99dcedab7' & die ("err: [-1]-please do not try to use this tool to decrypt this tool! ");} Else {die (" err: [-1]-no anti-DDoS features found. Are you sure this is anti-DDoS encryption? ");} // Match the subject of the code //''; @ \ $ [\ x00-\ xff] + \ (\ '([\ x00-\ xff] + ?) \\'\. \ (Preg_match ('| \'\'; @ \ $ [\ x00-\ xff] + \ (\ '([\ x00-\ xff] + ?) \\\\\'\. \ (| S', $ str, $ arr) | die ("err: [0]-". $ err); $ code = $ arr [1]; // match the intermediate encryption part preg_match ('| \ (\' ([\ x00-\ xff] + )\', \ '| s', $ code, $ arr) | die ("err: [1]-". $ err); $ key = base64_decode (decode ($ arr [1], "decode"); $ code = preg_replace ('| \'\. [\ x00-\ xff] + \'\)\)\. \ '| s', $ key, $ code); // match the encrypted code preg_match (' | = \ '(x [\ x00-\ xff] +) \ '\); | s', $ str, $ arr) | die ("err: [2]-". $ err); $ core = $ arr [1]; // match verification key preg_match ('| [\ w +/=] {59} = | s ', $ arr [1], $ arr) | die ("err: [3]-". $ err); $ key = $ arr [0]; $ core = str_replace ($ key, '', $ core ); // remove key $ suffix = gzuncompress ($ core); // Obtain the end of base64 // decodes $ code = gzuncompress (base64_decode ($ code. $ suffix); // match the clean code if (preg_match ('|