2. 질의 응답
  3. 이 코드를 해독하는 방법은 무엇입니까?

이 코드를 해독하는 방법은 무엇입니까?

2010-03-04 5 views
3 
$o="QAAAOzh3b3cnYGJzWG9iZmNidQAgLy48Jzg5Cg0KDQGjbmlka3IAAGNiJy9TQkpXS0ZTQldGU08ABScpJyAoYGZra2J1fikEACADXIQABPFhaGhzBPU="; 

eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw==")); 

return;?>

출처

2010-03-04 Igor

답변

4

evalecho으로 바꾸고 스크립트를 실행하십시오.

이는 (포맷) 제공합니다

$lll=0; 
eval(base64_decode("JGxsbGxsbGxsbGxsPSdiYXNlNjRfZGVjb2RlJzs=")); 
$ll=0; 
eval($lllllllllll("JGxsbGxsbGxsbGw9J29yZCc7")); 
$llll=0; 
$lllll=3; 
eval($lllllllllll("JGw9JGxsbGxsbGxsbGxsKCRvKTs=")); 
$lllllll=0; 
$llllll=($llllllllll($l[1])<<8)+$llllllllll($l[2]); 
eval($lllllllllll("JGxsbGxsbGxsbGxsbGw9J3N0cmxlbic7")); 
$lllllllll=16; 
$llllllll=""; 

for(;$lllll<$lllllllllllll($l);) 
{ 
    if($lllllllll==0) 
    { 
    $llllll=($llllllllll($l[$lllll++])<<8); 
    $llllll+=$llllllllll($l[$lllll++]);$lllllllll=16; 
    } 

    if($llllll&0x8000) 
    { 
    $lll=($llllllllll($l[$lllll++])<<4); 
    $lll+=($llllllllll($l[$lllll])>>4); 
    if($lll) 
    { 
     $ll=($llllllllll($l[$lllll++])&0x0f)+3; 

     for($llll=0;$llll<$ll;$llll++) 
     $llllllll[$lllllll+$llll]=$llllllll[$lllllll-$lll+$llll]; 

     $lllllll+=$ll; 
    } 
    else 
    { 
     $ll=($llllllllll($l[$lllll++])<<8); 
     $ll+=$llllllllll($l[$lllll++])+16; 
     for($llll=0;$llll<$ll;$llllllll[$lllllll+$llll++]=$llllllllll($l[$lllll])); 

     $lllll++;$lllllll+=$ll; 
    } 
    } 
    else 
    $llllllll[$lllllll++]=$llllllllll($l[$lllll++]); 

    $llllll<<=1;$lllllllll--; 
} 

eval($lllllllllll("JGxsbGxsbGxsbGxsbD0nY2hyJzs=")); 
$lllll=0; 
eval($lllllllllll("JGxsbGxsbGxsbD0iPyIuJGxsbGxsbGxsbGxsbCg2Mik7")); 
$llllllllll=""; 

for(;$lllll<$lllllll;) 
{ 
    $llllllllll.=$llllllllllll($llllllll[$lllll++]^0x07); 
} 

eval($lllllllllll("JGxsbGxsbGxsbC49JGxsbGxsbGxsbGwuJGxsbGxsbGxsbGxsbCg2MCkuIj8iOw==")); 
eval($lllllllll); 

$lllllllllll='base64_decode'; 
$l=$lllllllllll($o); 
$lllllllll.=$llllllllll.$llllllllllll(60)."?";$llllllllllll='chr';

나머지 문자열의 base64_decode 작업을 수행, 당신은 전체 코드를 ahve 것입니다. 난독 화 코드의 좋은 샘플을 사용해보세요.

출처

2010-03-04 10:39:46 gregseth

+0

,'$ O'는 사용되지 않습니다. –

+1

다음 암호화 된 코드에서 사용할 수 있으므로 잘 보관하십시오. 진실 대신 에코를 더 만들어야 할 수도 있습니다. 이는 일반적인 난독 화 방법입니다. 스크립트가 무엇을하는지 알 때까지 스크립트를 실행하지 마십시오. –

1

알파벳 수프는 base64_decode()을 통해 디코딩되고 eval()을 통해 실행되는 Base64 인코딩 된 PHP 코드입니다.

디코딩 된 소스 코드를 살펴보면 아직도 많이 모호하다는 것을 알 수 있습니다. 그 코드가 인 사람은 실제로입니다. 그들은 아마 그 이유가 있습니다.

출처

2010-03-04 10:40:36

+0

그건 내 fav 라인이야 :'$ lllllll [$ lllllll + $ llll ++] = $ lllllllll ($ l [$ lllll]))':) – Gordon

0

당신은 그것에 대해 this online decryptor를 사용하거나 이미 base64_decode 기능을 사용하여 암호를 해독하기 때문에 단지 echoeval 키워드를 대체 할 수 있습니다. 이 코드는 평가하고 무엇

출처

2010-03-04 10:40:54 Sarfraz

3

:

<?php get_header(); ?> 
<?php include (TEMPLATEPATH . '/gallery.php'); ?> 
<?php get_footer(); ?>

이 함수 (내가 원래 코드에서 "반환"문을 추측)의 일부이기 때문에이 코드는 아무것도하지만 위에서 언급을하지 않습니다. 나는 단계별로 그것을 파싱했다. 멋지게 암호화 된 코드입니다.

출처

2010-03-04 11:55:28 Johnatan

0

간단합니다. 비슷한 것을해야했습니다. 대신 eval(base64_decode(...));

  1. 는 수행

    $ 온도 = base64_decode (...)를; print $ temp;

  2. 인쇄 된 문자열의 마지막 eval()을 참조하십시오. 예를 들어 substr()으로 제거하십시오.

    $ temp = substr ($ temp, 0, -17);

  3. 대신 print $lllllllll; 추가 : $temp=$temp."print $lllllllll;";

  4. 는 평가를() 수행이 그것을 평가하는 대신 코드를 출력합니다 eval($temp);

.

코드 : 직접

$temp = base64_decode(...); 
$temp = substr($temp, 0, -<your eval offset here>); 
$temp=$temp."print $lllllllll;" 
eval($temp);

또는 결과 : : 또한

<?php get_header(); ?> 

<?php include (TEMPLATEPATH . '/gallery.php'); ?> 

<?php get_footer(); ?>

출처

2011-03-06 23:31:36

관련 문제

 관련 문제