Parsing PHP confusing encryption and decryption means, such as PHPJM,PHPDP Aegis, PHP Shield

Source: Internet
Author: User
Tags zend

The original parsing PHP confusing encryption and decryption means, such as PHPJM,PHPDP Aegis, PHP Granville Shield

PHP as a very popular in the current web language, often see someone solve the php file, like the same year the ASP. Some people do not understand why to confuse (encryption), and even despise confusion (encryption), in my opinion, confusing encryption code can be used to prevent the general villain, will play a role in protection.

Reasons for encryption:

1. Protect code to prevent others from plagiarism

2. Protect files, prevent others from discovering/avira (PHP Trojan or backdoor)

3. Stealing someone else's code to prevent it from being discovered

4. Other commercial or non-commercial purposes

I have always been more concerned about the addition and decryption of code, from the simple eval base64,gzcompress,gzinflate to the shield, Zend Guard encryption, to the recent more popular one binary (Unicode garbled) encryption, such as PHPJM,PHPDP Aegis. Compare these kinds of encryption methods.

The first kind of encryption, is simply using the function encode code, then eval (decode (' Encode code '), decryption is very simple, directly replace the eval to exit can output the source code, if the multi-layer encryption, continue to replace ...

Eval(base64_decode(' pd9wahagzwnobyandhh0y21zlmnvbsc7pz4= '));  txtcms.com     

Decryption Difficulty: ★☆☆☆☆

The second kind of shield encryption, as the first way to upgrade, that is, the previous base64, such as the system built-in functions into an anonymous function. Decryption is the same as replacing Eval with exit.

$OOO 0o0o00=__file__;$OOO 000000=UrlDecode('%74%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64%66%70%6e%72 ');$OO 00o0000=28;$OOO 0000o0=$OOO 000000{4}.$OOO 000000{9}.$OOO 000000{3}.$OOO 000000{5};$OOO 0000o0.=$OOO 000000{2}.$OOO 000000{10}.$OOO 000000{13}.$OOO 000000{16};$OOO 0000o0.= $OOO 0000o0{3}.< Span class= "PLN" > $OOO 000000{11}.{12}. $OOO 0000o0{7}. $OOO 000000{5}; $O 0o0000o0= ' ooo0000o0 ' ;$ $O 0o0000o0 ( je9pme9pmdawmd.// Txtcms.com ...  omit          

Decryption Difficulty: ★★☆☆☆

The third type of Zend Guard, this encryption method cannot be manually decrypted as before. Tools are needed, such as: Dezender black knives.

Now all I know is that php4~php5.2 can be decrypted by this tool, and the decrypted variable or function may be ugly like the beginning of $_obfuscate, because it's confusing. However, if you add a code to the PHP code, the program overflow causes the decryption to fail.

@Zend;  3074;  The following omitted garbled //txtcms.com    

Decryption Difficulty: ★★★★☆

The fourth type of binary (Unicode garbled) encryption, such as PHPJM,PHPDP Aegis. This encryption is actually an upgraded version of the shield, that is, the anonymous function string after a series of scrambling to disperse, and then replace the function, variable, string into a processed Unicode string. The resulting file cannot be easily modified. Increased the difficulty of decryption, decryption method is also simple, is to replace those variables and methods, so that it becomes a normal string, and then exit.

If (!Defined("BEEABDD")){Define("BEEABDD",__file__);Global$?$妰,$唽,$墎 儢,$ 唫 敊?  Gao 垙 梽, $ toilets 墪 儛?  嚌 巵 dingning 亸, $ wide 檲 槗, $ 拹 枩 lurking 厷? Span class= "PLN" >$ 湠 maxed 啔 to Thunderbolt?  憻 檮 劀 瀺 晵 €? $ an nei sneezing Kunlun Wei loosen 剹, $ internal € 剮 po survival 湌 倹 €,$< Span class= "pun" > 槏 偀 Champagne 啅 € 攢 Write, $ 剦 Fumihiko œåšž dispose resistancehigh 瀿 pang Jiun 巼;   殸 ($ 殸, $ 妰? ) {... //txtcms.com               

Decryption Difficulty: ★★★★☆

Summary: PHP No extended encryption is used only a few functions of eval, preg_replace using the E modifier, STRTR, Base64_decode.

Parsing PHP confusing encryption and decryption means, such as PHPJM,PHPDP Aegis, PHP Shield

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.