When encountering an encrypted php file, write down the decode process

Source: Internet
Author: User
: This article mainly introduces an encrypted PHP file and writes down the decode process. if you are interested in the PHP Tutorial, refer to it. In the morning, a friend asked me to help read a php file, which contains garbled characters. if I change any character, the operation will be suspended.

The file contains only one row. The following is part of the content:

A heap of character encoding is omitted in the middle, and the final content is

2Kx9yHSQyO/D + 5 + fnPf + v/BSrlfeg = '); return;?> 5e813... 32-bit md5...... 3f6

At first, I used ZendStudio + Xdebug to trace the code. I found that the debugging of this compressed code in a row is not powerful at all! Resumable Upload fails.

After half a day, it still didn't work. just solve it manually.

A simple look, just replace the variable name with some special characters, open it in the editor, and replace several repeated keywords.

A user-defined function is also used. This function is provided at the beginning of the file, that is, "Getting started without getting started ".

Function compute has been completed before ($ A, $ B = "") {$ A = base64_decode ($ A); if (empty ($ A) return ""; if ($ B = "") {return ~ $ A;} else {$ D = strlen ($ A); $ B = str_pad ($ B, $ D, $ B); $ str = $ A ^ $ B; return $ str ;}}

After several simple replacements, you can know what is saved in each field.


Start with the eval function, followed by two decryption functions, and the function name is saved in the array. Similar

 

The key code that cannot be run after the modification is displayed:

$ A = file_get_contents ('Origin. php '); @ substr ($ A,-32) = md5 (substr ($ A, 0,-32 ). 'Another 32-bit md5', 6) | die ();

After the code is commented out, run the following code:


Another eval, decrypted ......

Because the decrypted file has garbled characters, you cannot directly use Copy & Paste. you must write a file in binary format, replace and decrypt it, and then write a file ...... After a total of five rounds of decryption, the source file is obtained.

Finally, I sorted out a regular expression to fix this file and removed it directly.

  

Code: http://download.csdn.net/detail/sbdx/8616319

The above introduces an encrypted PHP file, which writes down the decode process, including some content, and hopes to help friends who are interested in PHP tutorials.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.