Board index   FAQ   Search  
Register  Login
Board index PHP PHP General

php encode/obfuscate

General discussions related to php

Moderators: macek, egami, gesf

php encode/obfuscate

Postby shivam0101 » Tue Jan 29, 2013 5:30 pm

This question i have posted in http://stackoverflow.com/questions/1459 ... g-php-file i am looking for some more help from your site

I am looking for free php encoder/obfuscator. Looked at http://adromil.myxednotes.com/ the output is nice, but it uses a script file pencode.php how hard to decode this page, it uses,

eval()
gzinflate()
str_rot13()
base64_decode()

If i encode a file with this script, How much difficult to decode the same provided that the pencode.php will be distributed along with the php files.

Can someone show how to reverse engineer using the same functions mentioned above,

content of pencode.php,
Code: Select all
<?php $f='zUZ6YtowEP5cJP7DqU8imTJ1dkparZDWApvYCu1FSXbapsgkF2/NJJHtsIZ2/30XJ6GwvnX7tigE32Zqz50fn7svmo37F96oeblxMofiGbuDMVwngnjuMwEDam9PAke+5KnmVgw36HSS6xww9nJeb24W+8XCBK9DqgIsnsPOROfAoCEXCNWTRXcSYCeNReNwmY4STPrGgicKXEdWJn1HwOIABonKhHOxnzswjv0OS5HW6Xa3y4vgl7IO7vjJ0jaMfhJ45njD+Gd5twrLR9VXlZvmki8iWmjrSO/gsPdKrTnAhACTpICKoVxu0KmodBFKQ3OD0YPMQyISFuofWaIDTBygBOQ6oj/6wLvrWEv1QGMfcIVAMrGC6uJzCFfnxERsqPCKZMHmBDF9TcQAYCZLVN/pLSsNwsKqf2KJMEBamQpFgYxXVQyL2snpM8p6QtB/+2mbjXOjHlqgE/YCNCN4tdQtExl21kU0zhL1B8x2Y342G3txcTIGqSVfTXHvLVrKJrWA9iYD9/P1zGbH76fD89Gl13to4oDxeRFJyJw0PTku8nbk68pp5ayIJkrDkTcaXDgGrCoSDdPo8UhMs4YXqAnzFF9w5Wu0nV1KXaBR6+qbxPPp0ABp8SXv/teDfU3adM3GrwciSff+n1GsUSjvvbW9y5p6t6GHO9kRaUZtJ3ijIuwI9qeOzwj5zME+peW9mNt32pXQpaobTh9ERyffMQ6tFhOLpN+mdRYIlFQ9TbV2o2bF70+6av02XWDCrob+wWf9dj2dfexaF/0+TuQwkVYi+iETCnrYOgOlpUGyNFJ2UllSljkSRo3aKo26hl2x2A+7XDI/4jHywCrJW+tIv61vDHLWPit5MjVfoDzsvWmOWChgmk4fWUiKaoAEjxKl5zkLAna1vJuReztlv7Td0eR3NvLOh1C3/c1nUhfk7OkttIjLsDtD7tf0+xs='; eval(gzinflate(str_rot13(base64_decode('WC1YzNFVr8rMWMtWLFbVKC4pii/KLzE01lVXLEE1M4lCVlrOQlbVQ1bTBAJ4AA==')))); ?>
shivam0101
New php-forum User
New php-forum User
 
Posts: 4
Joined: Tue Nov 16, 2010 2:28 pm

Re: php encode/obfuscate

Postby seandisanti » Wed Feb 27, 2013 2:02 pm

if you change the only eval statement to be an echo statement, it tells you that what it's trying to execute is
Code: Select all
eval(gzinflate(str_rot13(base64_decode($f))));

so you take that and turn it into an echo also; and you get....
Code: Select all
* * * * * @summary IRCI Political CRM * @description Security encryption function * @version 1.3.0 * @file pencode.php * @author Ilios Resources and Cosultancy, Inc. (http://ilios-resources.com) * @contact http://ilios-resources.com/contactus.php * * @copyright Copyright 2012 Ilios Resources and Cosultancy, Inc., all rights reserved. * * This source file is free software, under either the GPL v2 license or a * BSD style license, available at: * eula.txt * eula.pdf * * * For details please refer to: http://ilios-resources.com * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ function php_decrypt($sValue, $sSecretKey) { return rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, $sSecretKey, base64_decode($sValue), MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB ), MCRYPT_RAND ) ), "\0" ); } function php_encrypt($sValue, $sSecretKey) { return rtrim( base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, $sSecretKey, $sValue, MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB ), MCRYPT_RAND) ) ), "\0" ); } function tokenf($algo=' adler32 ', $bsixfour=' ODc0NzUzNTQ2Ng== ', $bool=false) { return strtoupper(hash(trim($algo), trim($bsixfour), $bool)); } function machineid() { $zv='snefru'; $v='tiger128,4'; $data = hash($zv, gethostbyaddr($_SERVER['REMOTE_ADDR']), true); return strtoupper(hash($v, $data, false)); }

obfuscation is not security, anyone who tells you different is trying to sell you something.
seandisanti
php-forum Fan User
php-forum Fan User
 
Posts: 773
Joined: Mon Oct 01, 2012 12:32 pm


Return to PHP General

Who is online

Users browsing this forum: No registered users and 3 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.