php encode/obfuscate

[shivam0101]

This question i have posted in http://stackoverflow.com/questions/1459 ... g-php-file i am looking for some more help from your site

I am looking for free php encoder/obfuscator. Looked at http://adromil.myxednotes.com/ the output is nice, but it uses a script file pencode.php how hard to decode this page, it uses,

eval()
gzinflate()
str_rot13()
base64_decode()

If i encode a file with this script, How much difficult to decode the same provided that the pencode.php will be distributed along with the php files.

Can someone show how to reverse engineer using the same functions mentioned above,

content of pencode.php,

Code: Select all

<?php $f='zUZ6YtowEP5cJP7DqU8imTJ1dkparZDWApvYCu1FSXbapsgkF2/NJJHtsIZ2/30XJ6GwvnX7tigE32Zqz50fn7svmo37F96oeblxMofiGbuDMVwngnjuMwEDam9PAke+5KnmVgw36HSS6xww9nJeb24W+8XCBK9DqgIsnsPOROfAoCEXCNWTRXcSYCeNReNwmY4STPrGgicKXEdWJn1HwOIABonKhHOxnzswjv0OS5HW6Xa3y4vgl7IO7vjJ0jaMfhJ45njD+Gd5twrLR9VXlZvmki8iWmjrSO/gsPdKrTnAhACTpICKoVxu0KmodBFKQ3OD0YPMQyISFuofWaIDTBygBOQ6oj/6wLvrWEv1QGMfcIVAMrGC6uJzCFfnxERsqPCKZMHmBDF9TcQAYCZLVN/pLSsNwsKqf2KJMEBamQpFgYxXVQyL2snpM8p6QtB/+2mbjXOjHlqgE/YCNCN4tdQtExl21kU0zhL1B8x2Y342G3txcTIGqSVfTXHvLVrKJrWA9iYD9/P1zGbH76fD89Gl13to4oDxeRFJyJw0PTku8nbk68pp5ayIJkrDkTcaXDgGrCoSDdPo8UhMs4YXqAnzFF9w5Wu0nV1KXaBR6+qbxPPp0ABp8SXv/teDfU3adM3GrwciSff+n1GsUSjvvbW9y5p6t6GHO9kRaUZtJ3ijIuwI9qeOzwj5zME+peW9mNt32pXQpaobTh9ERyffMQ6tFhOLpN+mdRYIlFQ9TbV2o2bF70+6av02XWDCrob+wWf9dj2dfexaF/0+TuQwkVYi+iETCnrYOgOlpUGyNFJ2UllSljkSRo3aKo26hl2x2A+7XDI/4jHywCrJW+tIv61vDHLWPit5MjVfoDzsvWmOWChgmk4fWUiKaoAEjxKl5zkLAna1vJuReztlv7Td0eR3NvLOh1C3/c1nUhfk7OkttIjLsDtD7tf0+xs='; eval(gzinflate(str_rot13(base64_decode('WC1YzNFVr8rMWMtWLFbVKC4pii/KLzE01lVXLEE1M4lCVlrOQlbVQ1bTBAJ4AA==')))); ?>


[seandisanti]

if you change the only eval statement to be an echo statement, it tells you that what it's trying to execute is

Code: Select all

eval(gzinflate(str_rot13(base64_decode($f))));


so you take that and turn it into an echo also; and you get....

Code: Select all

* * * * * @summary IRCI Political CRM * @description Security encryption function * @version 1.3.0 * @file pencode.php * @author Ilios Resources and Cosultancy, Inc. (http://ilios-resources.com) * @contact http://ilios-resources.com/contactus.php * * @copyright Copyright 2012 Ilios Resources and Cosultancy, Inc., all rights reserved. * * This source file is free software, under either the GPL v2 license or a * BSD style license, available at: * eula.txt * eula.pdf * * * For details please refer to: http://ilios-resources.com * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ function php_decrypt($sValue, $sSecretKey) { return rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, $sSecretKey, base64_decode($sValue), MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB ), MCRYPT_RAND ) ), "\0" ); } function php_encrypt($sValue, $sSecretKey) { return rtrim( base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, $sSecretKey, $sValue, MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB ), MCRYPT_RAND) ) ), "\0" ); } function tokenf($algo=' adler32 ', $bsixfour=' ODc0NzUzNTQ2Ng== ', $bool=false) { return strtoupper(hash(trim($algo), trim($bsixfour), $bool)); } function machineid() { $zv='snefru'; $v='tiger128,4'; $data = hash($zv, gethostbyaddr($_SERVER['REMOTE_ADDR']), true); return strtoupper(hash($v, $data, false)); }


obfuscation is not security, anyone who tells you different is trying to sell you something.