View All PHP files in wdLinux

View All PHP files in wdLinux

The PHP file in wdLinux is simple to encrypt. You can dig holes ~
All PHP files in wdcp_v2.5.tar.gz have been decrypted.

I accidentally saw the wdLinux system and found that the PHP plug-in was used for encryption. I tried to decrypt it for fun. The algorithm was super simple and there was a dead key with 10 digits.

Zlib is used to compress the data during encryption, and then xor is performed with the key one by one based on certain algorithms.

Add a file header as the identification code.



You have successfully decrypted the entire folder and pasted a file:
 

Finally, paste the perl code:



 

Sub wd_decode {my @ data = unpack 'C * ', substr (read_file ($ _ [0]), 9); my @ key = (0xB8, 0x35, 0x6, 0x2, 0x88, 0x1, 0x5B, 0x7, 0x44, 0x0); my ($ I, $ j) = (0, scalar @ data); for (@ data) {$ _ = $ key [2 * ($ j % 5)] ^ ~ $ _; $ _ & = 0xFF; -- $ j;} return encode ('utf8', decode ('gbk', uncompress (pack 'C *', @ data )));}

Solution:

Encryption needs to be enhanced