php encode/obfuscate

General discussions related to php

Moderators: macek, egami, gesf

shivam0101
New php-forum User
New php-forum User
Posts: 4
Joined: Tue Nov 16, 2010 2:28 pm

php encode/obfuscate

Postby shivam0101 » Tue Jan 29, 2013 5:30 pm

This question i have posted in http://stackoverflow.com/questions/1459 ... g-php-file i am looking for some more help from your site

I am looking for free php encoder/obfuscator. Looked at http://adromil.myxednotes.com/ the output is nice, but it uses a script file pencode.php how hard to decode this page, it uses,

eval()
gzinflate()
str_rot13()
base64_decode()

If i encode a file with this script, How much difficult to decode the same provided that the pencode.php will be distributed along with the php files.

Can someone show how to reverse engineer using the same functions mentioned above,

content of pencode.php,

Code: Select all

<?php $f='zUZ6YtowEP5cJP7DqU8imTJ1dkparZDWApvYCu1FSXbapsgkF2/NJJHtsIZ2/30XJ6GwvnX7tigE32Zqz50fn7svmo37F96oeblxMofiGbuDMVwngnjuMwEDam9PAke+5KnmVgw36HSS6xww9nJeb24W+8XCBK9DqgIsnsPOROfAoCEXCNWTRXcSYCeNReNwmY4STPrGgicKXEdWJn1HwOIABonKhHOxnzswjv0OS5HW6Xa3y4vgl7IO7vjJ0jaMfhJ45njD+Gd5twrLR9VXlZvmki8iWmjrSO/gsPdKrTnAhACTpICKoVxu0KmodBFKQ3OD0YPMQyISFuofWaIDTBygBOQ6oj/6wLvrWEv1QGMfcIVAMrGC6uJzCFfnxERsqPCKZMHmBDF9TcQAYCZLVN/pLSsNwsKqf2KJMEBamQpFgYxXVQyL2snpM8p6QtB/+2mbjXOjHlqgE/YCNCN4tdQtExl21kU0zhL1B8x2Y342G3txcTIGqSVfTXHvLVrKJrWA9iYD9/P1zGbH76fD89Gl13to4oDxeRFJyJw0PTku8nbk68pp5ayIJkrDkTcaXDgGrCoSDdPo8UhMs4YXqAnzFF9w5Wu0nV1KXaBR6+qbxPPp0ABp8SXv/teDfU3adM3GrwciSff+n1GsUSjvvbW9y5p6t6GHO9kRaUZtJ3ijIuwI9qeOzwj5zME+peW9mNt32pXQpaobTh9ERyffMQ6tFhOLpN+mdRYIlFQ9TbV2o2bF70+6av02XWDCrob+wWf9dj2dfexaF/0+TuQwkVYi+iETCnrYOgOlpUGyNFJ2UllSljkSRo3aKo26hl2x2A+7XDI/4jHywCrJW+tIv61vDHLWPit5MjVfoDzsvWmOWChgmk4fWUiKaoAEjxKl5zkLAna1vJuReztlv7Td0eR3NvLOh1C3/c1nUhfk7OkttIjLsDtD7tf0+xs='; eval(gzinflate(str_rot13(base64_decode('WC1YzNFVr8rMWMtWLFbVKC4pii/KLzE01lVXLEE1M4lCVlrOQlbVQ1bTBAJ4AA==')))); ?>

seandisanti
php-forum Fan User
php-forum Fan User
Posts: 838
Joined: Mon Oct 01, 2012 12:32 pm

Re: php encode/obfuscate

Postby seandisanti » Wed Feb 27, 2013 2:02 pm

if you change the only eval statement to be an echo statement, it tells you that what it's trying to execute is

Code: Select all

eval(gzinflate(str_rot13(base64_decode($f))));

so you take that and turn it into an echo also; and you get....

Code: Select all

* * * * * @summary IRCI Political CRM * @description Security encryption function * @version 1.3.0 * @file pencode.php * @author Ilios Resources and Cosultancy, Inc. (http://ilios-resources.com) * @contact http://ilios-resources.com/contactus.php * * @copyright Copyright 2012 Ilios Resources and Cosultancy, Inc., all rights reserved. * * This source file is free software, under either the GPL v2 license or a * BSD style license, available at: * eula.txt * eula.pdf * * * For details please refer to: http://ilios-resources.com * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ function php_decrypt($sValue, $sSecretKey) { return rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, $sSecretKey, base64_decode($sValue), MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB ), MCRYPT_RAND ) ), "\0" ); } function php_encrypt($sValue, $sSecretKey) { return rtrim( base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, $sSecretKey, $sValue, MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB ), MCRYPT_RAND) ) ), "\0" ); } function tokenf($algo=' adler32 ', $bsixfour=' ODc0NzUzNTQ2Ng== ', $bool=false) { return strtoupper(hash(trim($algo), trim($bsixfour), $bool)); } function machineid() { $zv='snefru'; $v='tiger128,4'; $data = hash($zv, gethostbyaddr($_SERVER['REMOTE_ADDR']), true); return strtoupper(hash($v, $data, false)); }

obfuscation is not security, anyone who tells you different is trying to sell you something.


Return to “PHP General”

Who is online

Users browsing this forum: No registered users and 1 guest