PHP encryption method and decryption method

Test file

test.php

<?php        echo "Hello World";? >

1. Encryption Method:

The <?php/*eval () function calculates the string according to the PHP code. The string must be a valid PHP code and must end with a semicolon.  STRTR () character substitution replaces the character "IA" in the string with "EO": Strtr ("Hilla Warld", "ia", "eo"), */function t_rndstr ($length = "") {//returns a random string $str =    "ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ";    if ($length = = "") {return str_shuffle ($STR);    } else {return substr (Str_shuffle ($STR),-$length); }} $T _k1 = T_rndstr (); With secret key 1$t_k2 = T_rndstr (); With secret key 2$vstr = File_get_contents ("./test.php"); File to encrypt $v1 = Base64_encode ($vstr); $c = Strtr ($v 1, $T _k1, $T _k2); Replace the corresponding character $c = $T _k1 according to the key. $T _k2.    $c;//$QN variable function is explained below $ISQS = 3;if ($isqs = = "1") {//1 take random string as variable name $q = T_rndstr ();//random string $q 1 = substr ($q, 2, 3);    $q 2 = substr ($q, 10, 10);    $q 3 = substr ($q, 20, 12);    $q 4 = substr ($q, 30, 10);    $q 5 = substr ($q, 40, 8); $q 6 = substr ($q, 5, 5);}    else if ($isqs = = "2") {//2 is made up of lowercase l and 1, which must begin with a letter $q 1 = "LL11L1L1";    $q 2 = "l1lll11l";    $q 3 = "ll1l1lll";    $q 4 = "L1LLL1L1";    $q 5 = "L1l1ll11"; $q 6 = "ll111l1l";} Else {//uppercase O and the number 0 constitute the basic variable $q 1 = "o00o0o";    $q 2 = "o0o000";    $q 3 = "o0oo00";    $q 4 = "oo0o00";    $q 5 = "OO0000"; $q 6 = "O00oo0";} $keystr = UrlDecode ("%6e1%7a%62%2f%6d%615%5c%76%740%6928%2d%70%78%75%71%79%2a6%6c%72%6b%64%679%5f%65%68%63%73%77 %6F4%2B%6637%6A ");/* string, which must have the characters required for the variable, such as Base64_decoden1zb/ma5\vt0i28-pxuqy*6lrkdg9_ehcswo4+f37j$q1 = BASE$Q3 = Strtr$q4 = SUBSTR$Q5 = abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz length $q1. = 64_decode de*/$s = ' $ '. $q 6. ' =urldecode ("%6e1%7a%62%2f%6d%615%5c%76%740%6928%2d%70%78%75%71%79%2a6%6c%72%6b%64%679%5f%65%68%63%73%77%6f4% 2B%6637%6A "); $ '. $q 1. '=$' . $q 6. ' {3}.$ '. $q 6. ' {6}.$ '. $q 6. ' {33}.$ '. $q 6. ' {30};$ '. $q 3. '=$' . $q 6. ' {33}.$ '. $q 6. ' {10}.$ '. $q 6. ' {24}.$ '. $q 6. ' {10}.$ '. $q 6. ' {24};$ '. $q 4. '=$' . $q 3. ' {0}.$ '. $q 6. ' {18}.$ '. $q 6. ' {3}.$ '. $q 3. ' {0}.$ '. $q 3. ' {1}.$ '. $q 6. ' {24};$ '. $q 5. '=$' . $q 6. ' {7}.$ '. $q 6. ' {13};$ '. $q 1. '.=$' . $q 6. ' {22}.$ '. $q 6.' {36}.$ '. $q 6. ' {29}.$ '. $q 6. ' {26}.$ '. $q 6. ' {30}.$ '. $q 6. ' {32}.$ '. $q 6. ' {35}.$ '. $q 6. ' {26}.$ '. $q 6. ' {30};eval ($ '. $q 1. '("' . Base64_encode (' $ '. $q 2. '="' . $c. ' "; eval (\ '? >\ '. $ '). $q 1. ' ($ '. $q 3. ' ($ '. $q 4. ' ($ '. $q 2. ',$' . $q 5. ' * *), $ '. $q 4. ' ($ '. $q 2. ',$' . $q 5. ',$' . $q 5. '),$' . $q 4. ' ($ '. $q 2. ', 0,$ '. $q 5. '))));') . '"));'; echo $s; file_put_contents ('./test_encode.php ', ' <?php '. $s. '?> ');? >

Generates Test_encode after running encryption. PHP file

<?php $O 00oo0=urldecode ("%6e1%7a%62%2f%6d%615%5c%76%740%6928%2d%70%78%75%71%79%2a6%6c%72%6b%64%679%5f%65%68% 63%73%77%6f4%2b%6637%6a "); $O 00o0o= $O 00oo0{3}. $O 00oo0{6}. $O 00oo0{33}. $O 00oo0{30}; $O 0oo00= $O 00oo0{33}. $O 00oo0{10 }. $O 00oo0{24}. $O 00oo0{10}. $O 00oo0{24}; $OO 0o00= $O 0oo00{0}. $O 00oo0{18}. $O 00oo0{3}. $O 0oo00{0}. $O 0oo00{1}. $O 00oo0{ $OO 0000= $O 00oo0{7}. $O 00oo0{13}; $O 00o0o.= $O 00oo0{22}. $O 00oo0{36}. $O 00oo0{29}. $O 00oo0{26}. $O 00oo0{30}.$ O00OO0{32}. $O 00oo0{35}. $O 00oo0{26}. $O 00oo0{30};eval ($O 00o0o (" Je8wtzawmd0itghxqk16qw5zc29qulvmsvhkzvbgsff2q2fwrwtovfphy2lxdwxtymdkclz5s3r3rfnpeer2z2pick1mt1hrexvhafltvw5fcff3b1b0y2llq 2vstkhkwlzhvelgc0fmegxxv3ptskjfejlxdffnq1bktuzzugphtzj2b1lqvwtswkjysxhqm0kzvvhsudrkslcwbfl6oct6d2s9ijtldmfskcc/ Picuje8wme8wtygktzbptzawkcrptzbpmdaoje8wtzawmcwkt08wmdawkjiplcrptzbpmdaoje8wtzawmcwkt08wmdawlcrptzawmdaplcrptzbpmdaoje8wt zawmcwwlcrptzawmdapkskpow== "));? >

Analytical

<?php//all the $o00oo and so on are variables!!! /* Will%6e1%7a%62%2f%6d%615%5c%76%740%6928%2d%70%78%75%71%79%2a6%6c%72%6b%64%679%5f%65%68%63%73%77%6f4%2b%6637% 6 decode into n1zb/ma5\vt0i28-pxuqy*6lrkdg9_ehcswo4+f37j and assign value to $o00oo0*/$O 00oo0=urldecode ("%6e1%7a%62%2f%6d%615%5c%76%740% 6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A ");//From $ O00oo0 and other variable strings are obtained after the corresponding characters are made into a new string, and assigned to the corresponding variable//For example $O 00oo0{3} represents the third character in the n1zb/ma5\vt0i28-pxuqy*6lrkdg9_ehcswo4+f37j string, b/ /$O 00o0o = "base" $O 00o0o= $O 00oo0{3}. $O 00oo0{6}. $O 00oo0{33}. $O 00oo0{30};//$O 0oo00 = "Strtr" $O 0oo00= $O 00oo0{33}.$ O00OO0{10}. $O 00oo0{24}. $O 00oo0{10}. $O 00oo0{24};//$OO 0o00 = "substr" $OO 0o00= $O 0oo00{0}. $O 00oo0{18}. $O 00oo0{3}.$ o0oo00{0}. $O 0oo00{1}. $O 00oo0{24};//$OO 0000 = "$OO 0000= $O 00oo0{7}. $O 00oo0{13};//$O 00o0o =" Base64_decode "$O 00o0o . = $O 00oo0{22}. $O 00oo0{36}. $O 00oo0{29}. $O 00oo0{26. $O 00oo0{30}. $O 00oo0{32}. $O 00oo0{35}. $O 00oo0{26}. $O 00oo0{30 The PHP code eval ($O 00o0o ("je8wtzawmd0itghxqk16qw5zc29qulvmsvhkzvbgsff2q2fwrwtovfphy2lxdwxtymdkclz5s3r") is executed by Eval after};//3rfnpeer2z2pick1mt1hrexvhafltvw5fcff3b1b0y2llq2vstkhkwlzhvelgc0fmegxxv3ptskjfejlxdffnq1bktuzzugphtzj2b1lqvwtswkjysxhqm0kz vvhsudrkslcwbfl6oct6d2s9ijtldmfskcc/ Picuje8wme8wtygktzbptzawkcrptzbpmdaoje8wtzawmcwkt08wmdawkjiplcrptzbpmdaoje8wtzawmcwkt08wmdawlcrptzawmdaplcrptzbpmdaoje8wt zawmcwwlcrptzawmdapkskpow== "));/*eval executes the following PHP code the first step is to decode $o00o0o as" Base64_decode ". That is, the subsequent string is Base64 decoded JE8WTZAWMD0ITGHXQK16QW5ZC29QULVMSVHKZVBGSFF2Q2FWRWTOVFPHY2LXDWXTYMDKCLZ5S3R3RFNPEER2Z2PICK1MT1HREXVHAFL Tvw5fcff3b1b0y2llq2vstkhkwlzhvelgc0fmegxxv3ptskjfejlxdffnq1bktuzzugphtzj2b1lqvwtswkjysxhqm0kzvvhsudrkslcwbfl6oct6d2s9ijtl dmfskcc/ Picuje8wme8wtygktzbptzawkcrptzbpmdaoje8wtzawmcwkt08wmdawkjiplcrptzbpmdaoje8wtzawmcwkt08wmdawlcrptzawmdaplcrptzbpmdaoje8wt zawmcwwlcrptzawmdapkskpow== decoding after $o0o000= " Lhqbmzanysojrufixjepfhqvcapekntzgciwulmbgdrvyktwdsoxdvgjbrmfoxkyughysunepqwoptcikcernhdzvatifsalxlqwzmjbez9wtqmcpdmfypjao 2voypukrzbxixj3i3uxrp4djw0lyz8+zwk= "; eval ('?> '. $O 00o0o ($O 0oo00 ($OO 0o00 ($O 0o000, $OO 0000*2), $OO 0o00 ($O 0o000,$ OO0000, $OO 0000), $OO 0o00 ($O 0o000,0, $OO 0000))); The second step is to decode the code after decoding for another piece of code, according to the encryption algorithm, the value of the $o0o000 variable is the key 1+ key The source code and the replacement of the string, this side first restore the replaced string back, and then base64_decode to decode, you can get the original code!!! Note: Because the source code already contains <?php, so this side must join '?> ' */?>

2. Decryption Method

<?php//Encrypted file format must be fixed!! /* $O 00oo0=urldecode ("%6e1%7a%62%2f%6d%615%5c%76%740%6928%2d%70%78%75%71%79%2a6%6c%72%6b%64%679%5f%65%68%63%73% 77%6f4%2b%6637%6a "); $O 00o0o= $O 00oo0{3}. $O 00oo0{6}. $O 00oo0{33}. $O 00oo0{30}; $O 0oo00= $O 00oo0{33}. $O 00oo0{10}.$ O00OO0{24}. $O 00oo0{10}. $O 00oo0{24}; $OO 0o00= $O 0oo00{0}. $O 00oo0{18}. $O 00oo0{3}. $O 0oo00{0}. $O 0oo00{1}. $O 00oo0{24} ; $OO 0000= $O 00oo0{7}. $O 00oo0{13}; $O 00o0o.= $O 00oo0{22}. $O 00oo0{36}. $O 00oo0{29}. $O 00oo0{26}. $O 00oo0{30}. $O 00oo0{ $O 00oo0{35}. $O 00oo0{26}. $O 00oo0{30};eval ($O 00o0o ("Je8wtzawmd0itmv5selcamzrdk ... 1uyvnuuupny21uyvvooctotm89ijtldmfskcc/== "));?    > *//To decrypt the file, remove the PHP identity $encode _sourcecode = file_get_contents ("./test_e.php");    $encode _sourcecode = str_replace (' <?php ', ' ', $encode _sourcecode);    $encode _sourcecode = str_replace ('?> ', ' ', $encode _sourcecode); Extract the content that needs to be decrypted for the first time//i.e. JE8WTZAWMD0ITMV5SELCAMZRDK ... 1uyvnuuupny21uyvvooctotm89ijtldmfskcc/== Echo ' </br></br>------------------------------$encode _sOurcecode_content</br> ';    $start = Strripos ($encode _sourcecode, ' ("') + 2;    $end = Strripos ($encode _sourcecode, ' ") ');    $encode _sourcecode_content = substr ($encode _sourcecode, $start, $end-$start);    echo $encode _sourcecode_content; Decrypt the contents of the encrypted part of the code//$O 0o000= "Neyhibjfqvdmwo ... Josptgmdl3m3jgskqtib0nuh8+hno= "; Eval (' ...    OO0000)));    Echo ' </br></br>------------------------------$decode _sourcecode_content</br> ';    $decode _sourcecode_content = Base64_decode ($encode _sourcecode_content);    echo $decode _sourcecode_content; After decryption is still an encrypted code, need to decode again, so to re-extract the content needs to be decrypted out//that is NEYHIBJFQVDMWO ... josptgmdl3m3jgskqtib0nuh8+hno= Echo ' </br></br>------------------------------$decode _sourcecode_    Content_encode_content</br> ';    $start = Stripos ($decode _sourcecode_content, ' "') + 1;    $end = Strripos ($decode _sourcecode_content, ' "'); $decode _sourcecode_content_encode_content = substr ($decode _sourcecode_content, $start, $end-$Start);    echo $decode _sourcecode_content_encode_content; According to the encryption rules, replace the characters and decode, you can get the original file echo ' </br></br>------------------------------$decode _sourcecode_content_    Encode_content</br> '; $origin _content = Base64_decode (Strtr (substr ($decode _sourcecode_content_encode_content, 104), substr ($decod    E_sourcecode_content_encode_content, substr ($decode _sourcecode_content_encode_content, 0, 52));    Var_dump ($origin _content); File_put_contents ('./test_origin.php ', $origin _content);?>