解码这个PHP？

Okso I have some PHP that I'm working with for a client. The last guy to make his site encoded all his PHP to make it difficult for guys like me to come in and make changes. I have no idea what this is.

Ok so it started off as this:

<?php $OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$O0O000O0O=$O0O000O00.$OOO000000{11};$O0O000O00=$O0O000O00.$OOO000000{3};$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0xa68;eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NTU0KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdmaFY2THhOT01GUlgwZXZjK3lTOEhXdHNZcUpuUUNQVEJacGszb0VnQXU5YjI1MW1Jai9yYTRHemxkRFU3S3dpPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='));return;?>~DFLKc06hc06hc064rCOFTQEWInNxkqSBgs4KNSHjxs47gXVMgMpl38aKc0L7I8rfIXpMgMpI38aKc06fI0L7IRVyc8a7I06fI0L7AFL7I8rfI8a7I0VB38rfI0L7I8rfIXVyc8rfI8rfI06fuXVCEJxYG8OZv8a4NHoBIqsqkRzo8vLZsCOeqQHu1HHe+WLFJQN2rnaWg+sHdYkM40t4FJpK/Y8yOPEj3yxHzSzCucSQ2FaxV+ayxy3CMSHuX8L4v84hyHoeHWWqstxoJYtFkqNWEqGZuJE52ntdmQOx/Qzy4CgClPsAI08Mre6HGerBdR/7gRS3uvGqknNKrqSB38rfI0L7I8rfIR85oCEx2RVyc8rfI8rfI8rfuvI==VEe2YserMNxrnHjunE2RPIurCNxaJt0BqgW1YzyunGlBYzFoYsyoHGWZQEeAWsF2MVB3nzFuqGo1YtjWQEIuVg2RFNK/JtCunEx2WsF2M6aBCOFunSB3nzFuqGo1YtjWQEIuvIA3Yt4DWsF2+EoaQ/fKMOhZQgeoszW/nVB3nzFuqGo1YtjWQEIuvIA3Yt4DHGeAqt4oM6aBFNx5PoW/nLFuCOenFzekJNW5qSCCvIA3Yt4DSNKrCVfKMVyZnsuWQEjVJsyrt/CAnzeaF4aUVpyZnsuLnG4ZJtlBcSf3Yt4DHGeAqt4oXpQDX/7gXpyZnsuMnzeavIuIYsFrqWKrCOMAFNx5PoW/nLFuCOenFzx4qsFdF4a2FNx5PohZQEx5Q/3UVpyZnsu+YsyA+EoaQ/fKMNWlQNjmqNHAF/7gXVyZnsuWQEjVJsyrt/CIYsyAF4auvIA3Yt4DHNxaJLx/QExdM6aBYsF/Ys3AR82RqEK/qtxkJVfAFNx5PohZCNZVJsyrMNxrMVyIYsyA+EoaRShUVpyIYsyA+EoaM6aBCOFunSB3QNxaJLFuCV3UVEoEMVZrCtFrCOMAFOhZCNZVJs+20VIrRSfKcSfgQEWEF/3BPIA3Yt4DHNx/Yt4rt/C/qtYgsSfKMVyIYsyA+EoavIuKqtjrqShuqpfAMtW5QOydRVyIYsyA+EoaRS3BPIA3Yt4DHNxaJLx/QExdt4aBcSf3QNxaJLFuC62RT+uKVpyZnsu+YsFZnsenFzhZCNBgsSfKMNo5QNjmqNHAF/7gXVyZnsu+YsyA+sF/Ys3uvIA3Yt4DHNxaJVfKMVZuQzeoCVB3Yt4DHNx/Yt4rt/CIYsyAF4auMVYEMtW5QOydRVyZnsu+YsFZnsenFzhZCNBgsS3uVk7gX/Q1FNx5PohZQEx5Q42gQNxaJVCCM6ABF/7gvIA3Yt4DHEWEM6aBRNorQGWaRVyZnsu+YsFZnsenFzFoqpCCRSfEFpxonshaPSB3Yt4DHNx/Yt4rt/C/qtYgsS3uVk7gX/Q1FNx5PohZQEx5Q42gQEWEF4aBvpfgFr2RFNx5PohZQEx5QaK4CVfKMNx/QExdRV3UVpyZnsu+YsFZnsecCsynFGooF4aBcSfAJserqs+AFNx5PohZQEx5Q42gJtHgsS3BFpYZqt4ICO3AFNx5PohZQEx5Q42gJtHgsS3uVk73Yt4DHNx/Yt4rt/CuqSCCM6ABF4WHykBgvIA3CNo5qseaYsfBcShaJt4oRV3UVpy/Ytd3nG48qtemnEyrM6aBQEx1qVB4X60IR82RFNx5PohZQEx5QaK4Cx2gQto3F4aBcSf3CNo5qseaYsfBXSy/Ytd3nG48qtemnEyrvIA3Yt4DHNx/Yt4r8zWat/CrQpCCM6aBRNorQGWaRVyZnsu+YsFZnsenFze/F4auMVYEMtW5QOydRVyZnsu+YsFZnsenFze/F4auR+AiFNx5PohZQEx5Q42gQzMgsSfDMVQgvIA3Yt4DHNx/Yt4r8zWat/CbqsoznzF3Q/CCM6aBRNorQGWaRVyZnsu+YsFZnsenFG5oPsCmQEyrF4auMVYEMtW5QOydRVyZnsu+YsFZnsenFG5oPsCmQEyrF4auR+AiFNx5PohZQEx5Q42gJGWdCGK/qO0gsSfDMVQgvIA3Yt4DyNWrCNo1YsyunGlBcSf3Yt4DyNK5Yto1MVl3Yt4DHNxaJVf1FNx5PoFoqk2RFNx5P3yoQzyunExaJtK1MVlKMVQiF/dACOyIsGF4Jtj3szx4qsFdRVyZnsu+YsFZnsecCs+uvIu/qsy4QElBFNx5P3yoQzyunExaJtK1vIuKVEq4nEeaJtK1MNe2Jteb+GK4ng+BRVy2JtdbRShUVpyAJsyknzW1CNW/M6aBF/l1X/Q1FNjunE2BXpQmJNoaYGK4ngyoQpdZQGagvIuoYGZmMVF6nzW1CNW/MLqunNHDMNZuCNemCtdaqsMpvIuknNWZQgeaYsykYteAqSBuvIA3nNKkJaemCtdaM6aB062RJtYBRNqunNWTqsZuQzyrRVyAJsyknzW1CNW/RS3BPIA3qEBBcShEnzhonpB3JNoaYGK4ngyoQpIgQp2gR82RCGZunNHA0S3BPIuuqpfAqEjmYG2AFNqAXLjc+a5TyWBuRShUVpypCtqEqsMBcShkJNKIRNq/qtx3RVyEJVjEJtjoQGoDqSB3JNoaYGK4ngyoQp3uR82RFNF4qEqoQp2bvIu/qsCunE+AFNqAR82RqgC/JsyoRVyEJVI3YgWEqEW/R82RqEq2CseARVyEJV3UVEqaQgW1YGxaqSB3qEB2qgyonNIAFNqARS3UVEq2nGebRVyEJVj08aeXs4WvR82RYgFoYt2UVg4onOeoMO2RFNjmYG56nzW1CV2bvIurnNWoQVBjR82RT+uuqpfAFNjmYG56nzW1CVfwcSf4RShUVEF/qtxbvIuKVgaRTtW2QGHBPIA3qEBBcShEnzhonpB3JNoaYGK4ngyoQpIgC/2gR82RqgC/JsyoRVyEJVIp0SMuvIA3YgWEqEW/cSMjMk2RT+uEYGjmQGHAFNqAR82RT+uKVpyZQG48qtx/YGZWQEIBcShZQG40JtdbvkukQEWZCNW8qtx/YGZWQEIAFN4dnNo1JGyoQz+uvIAUalVnRPIq

I then decoded it into this:

<?php $O000O0O00 = $OOO000O00($OOO0O0O00, 'rb');
$O0O00OO00($O000O0O00, 0x554);
$OO00O00O0 = $OOO0000O0($OOO00000O($O0O00OO00($O000O0O00, 0x17c), 'fhV6LxNOMFRX0evc+yS8HWtsYqJnQCPTBZpk3oEgAu9b251mIj/ra4GzldDU7Kwi=', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'));
eval($OO00O00O0); ?>

However I have not gotten any further. Any idea on how to work with this?

写回答
好问题 0 提建议
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
duankui6150 2014-09-20 05:40
关注
Ooh, a puzzle! I like puzzles.

This decoder has two stages.

The first one assigns a number of strings, then decodes and evaluates the second stage. Here it is with some of the bad formatting and variable names removed:

$map=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64'); $base64_decode=$map{4}.$map{9}.$map{3}.$map{5}; $base64_decode.=$map{2}.$map{10}.$map{13}.$map{16}; $base64_decode.=$base64_decode{3}.$map{11}.$map{12}.$base64_decode{7}.$map{5}; $fopen=$map{0}.$map{12}.$map{7}.$map{5}.$map{15}; $fgets=$map{0}.$map{1}.$map{5}.$map{14}; $fgetc=$fgets.$map{11}; $fgets=$fgets.$map{3}; $fread=$map{0}.$map{8}.$map{5}.$map{9}.$map{16}; $strtr=$map{3}.$map{14}.$map{8}.$map{14}.$map{8}; $filename=__FILE__; $hex_a68=0xa68; eval($base64_decode(another base64 blob -- the second stage))

Each of the strings, besides $map and $filename, ends up getting assigned its name as contents.

The second stage, which is decoded from a Base64 blob, consists of the second part you already discovered, which I've treated similarly below:

$fh = $fopen($filename, 'rb'); $fread($fh, 0x554); $data = $base64_decode($strtr( $fread($fh, 0x17c), 'fhV6LxNOMFRX0evc+yS8HWtsYqJnQCPTBZpk3oEgAu9b251mIj/ra4GzldDU7Kwi=', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' )); eval($data);

This reads some encoded data from the current PHP file, modifies it using strtr(), Base64 decodes it, then evaluates that. The results of this decoding appear to be somewhat corrupted (possibly you've omitted part of the input?), but include this readable fragment of PHP code:

class asmLink { static function createSearchUrl ($originalUrl) { $originalUrl = trim($originalUrl); $amzUrlBits = parse_url($originalUrl); $amzScheme = $amzUrlBits['

As an aside: Your client would be well advised to consider reading their contract with the previous developer very carefully, and may want to consider legal proceedings — that developer has deliberately taken steps to prevent your client from having their site maintained by anyone else.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

JS使用encodeURIComponent 编码，PHP进行解码
2021-09-27 14:12

nsy1989的博客 <script> var uri="php_is a pro..."; var str = encodeURIComponent(uri); document.write(str); //输出：...// php urldecode解码 $url ="php_is%20a%20pro..."; echo urldecode($url); //输.
PHP的进制转换与字符串的编码解码
2020-07-24 10:40

ppxin的博客相关函数有dechex, hexdec, decbin, bindec,bin2hex, hex2bin, pack, 和 unpack，下面我们举例彻底搞清楚这些函数的使用方法。... * PHP进制转换函数 * 十进制 88 = 十六进制 58 = 二进制 1011000 */ $d.
PHP怎么对URL编码和解码
2020-07-15 10:49

@日月空@的博客 login.php?name=test&password=123456 而且如果在参数中带有空格，则用 URL 传递参数时就会发生错误，而用 URL编码后，空格转换成%20等。这样错误就不会发生了。对中文进行编码也是同样的情况，因此，我们需要...
PHP2（phps）- URL编码解码原理
2023-03-15 23:08

My6n的博客 PHP2、phps文件 URL解码、URL编码、代码审计、脚本编写、 ASCII与16进制见的相互转换
百度解码php解密,百度,解码_解码问题，百度,解码,php - phpStudy
2021-03-18 12:02

杀死约拿的博客解码问题想通过来源获取关键词：...ix=358%25%258d%255d%2529 百度后台解码是 “鹅”想知道这个是怎么解码的？php/pyton 如何实现解码？以下是百度的部分加密js。i = encodeURIComponent(i);i = i.replace(/%(.{2})...
php将所有提交参数url编码与解码
2019-06-24 11:37

flysnownet的博客前后端分离项目中，授权时不用session实现将前端提交的参数在多个页面跳转处理业务，完成后携带token调回前端所需函数 http_build_query（）将数组拼接成url参数 //a=1&b=2 urlencode（）url编码 url...
php代码在线base64解码,Base64在线编码解码实现代码演示与下载
2021-04-21 06:48

weixin_39609527的博客在线演示地址：gb2312版本 http://tools.jb51.net/tools/base64_decode-gb2312.phputf8版本 http://tools.jb51.net/tools/base64_decode-utf8.phpheader('Content-Type: text/html; charset=gb2312');$txt1 = ...
php解析url编码,php对URL传参进行编码和解码解析
2021-03-23 16:55

苑强的博客 1. 对URL 传递的参数...因此，这一章会针对该问题讲述一种 URL 的编码方式，对 URL 传递的参数进行编码。URL 编码是一种浏览器用来打包表单输入数据的格式，是对用地址栏传递参数进行的一种编码规则。如在参数中带...
PHP伪协议详解
2021-10-11 01:08

Snakin_ya的博客 PHP伪协议详解 php支持的伪协议 1 file:// — 访问本地文件系统 2 http:// — 访问 HTTP(s) 网址 3 ftp:// — 访问 FTP(s) URLs 4 php:// — 访问各个输入/输出流（I/O streams） 5 zlib:// — 压缩流 6 data:// — ...
php指令字符编码,如何在命令行上编码和解码percent-encoded字符串？
2021-04-27 08:53

瓜呼呼的博客问题描述如何在命令行上编码和解码percent-encoded(URL编码)字符串？我正在寻找可以做到这一点的解决方案：$ percent-encode "ændrük"%C3%A6ndr%C3%BCk$ percent-decode "%C3%A6ndr%C3%BCk"ændrük最佳解决思路...
没有解决我的问题, 去提问

解码这个PHP？

1条回答 默认 最新

1条回答默认最新