2014-06-01 00:45
浏览 330


I am trying to decode this code. I know it can be done by changing eval to echo. But in this case its not working. Is i am making any mistake. This is my encoded_file.php code:

i have tried to change eval to echo but its not working file. I also tried this decoder:


// Open and read the content of the encoded file into a variable
$file = file_get_contents('encoded_file.php');

// Strip php tags
$file = str_replace('<?php', "", $file);
$file = str_replace('<?', "", $file);
// Make sure to get rid of short tags....
$file = str_replace('?>', "", $file);

 // Strip new lines
$file = str_replace("
", "", $file);

// Add semi colon to get around a parsing issue.
$file = $file.';';

// Change the Eval function
$file = str_replace('eval', 'echo ', $file);

// Function to eval the new string
function deval()
global $file;
$contents = ob_get_contents();

// Run the code thru once
$file = deval();

// Counter
$cnt = 1;

// Loop it till it's decoded
while(preg_match('/^\?><\?php eval/', $file))
$file = str_replace('?><?php eval', 'echo', $file);
$file = str_replace('?><?', "", $file);
$file = deval();

//clean up some tags
$file = str_replace('?><?php', "", $file);
$file = str_replace('?><?', "", $file);

echo $cnt,' iterations<br/><br/>';
echo $file;

but it also not working well. Any solution how to decode it or what's wrong in my decoder code.

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongmei1988 2014-06-01 01:11

    Here are the steps which are needed to decode this (note - I've renamed variables/functions for clarity):

    1. We see that this script reads content of itself, so we can assume - we cannot change this file

    so lets create new file with this content and change this file:


    2. Then we can change first eval to echo and all other evals should be commented:

    here is first line:

    echo base64_decode("aWYoIWZ1bmN0aW9uX2V4aXN0cygiWWl1bklVWTc2YkJodWhOWUlPOCIpKXtmdW5jdGlvbiBZaXVuSVVZNzZiQmh1aE5ZSU84KCRnLCRiPTApeyRhPWltcGxvZGUoIlxuIiwkZyk7JGQ9YXJyYXkoNjU1LDIzNiw0MCk7aWYoJGI9PTApICRmPXN1YnN0cigkYSwkZFswXSwkZFsxXSk7ZWxzZWlmKCRiPT0xKSAkZj1zdWJzdHIoJGEsJGRbMF0rJGRbMV0sJGRbMl0pO2Vsc2UgJGY9dHJpbShzdWJzdHIoJGEsJGRbMF0rJGRbMV0rJGRbMl0pKTtyZXR1cm4oJGYpO319");

    this will give us:

        function getSubString($g,$b=0)
            if($b==0) $f=substr($a,$d[0],$d[1]);
            elseif($b==1) $f=substr($a,$d[0]+$d[1],$d[2]);
            else $f=trim(substr($a,$d[0]+$d[1]+$d[2]));
            return $f;

    3. Now we can remove first echo/eval and go to 2nd one:

    here is 2nd line:

    echo base64_decode(getSubString($encoded));

    give us:

        function decodeCode($a,$h)
                echo("Error: File Modified");

    4. we can remove it and go to last eval:

    here is it:

    echo decodeCode(getSubString($encoded,2),getSubString($encoded,1));

    and we see final code:

    * @site #####
    * @copyright 2010
    include 'config.php';
        header("Content-type: image/jpeg");
        header('Content-Disposition: attachment; filename="'.$path['basename'].'"');
        echo imagejpeg($img);
    打赏 评论

相关推荐 更多相似问题