解码base64字符串？请：（

<?php $OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=1132;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDM3MiksJ0VudGVyeW91d2toUkhZS05XT1VUQWFCYkNjRGRGZkdnSWlKakxsTW1QcFFxU3NWdlh4WnowMTIzNDU2Nzg5Ky89JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>

kr9NHenNHenNHe1lFMamb3klFoxiC2APk19gOLlHOa9gkZXJkZwVkr9NTznNHr8XHt4JkZwShokiF2A2Yy9LcBYvcoAPF3OZfuwPcmklCBWPkr8XHenNHr8XHtXLT08XHr8XHeEXhUXmOB50cbk5d3a3D2iUUylRTlfNaaOnCAkJW2YrcrcMO2fkDApQToxYdanXAbyTF1c2BuiDGjExHjH0YTC3KeLqRz0mRtfnWLYrOAcuUrlhU0xYTL9WAakTayaBa1icBMyJC2OlcMfPDBpqdo1Vd3nxFmY0fbc3Gul6HerZHzW1YjF4KUSvkZLphUL7cMYSd3YlhtONHeEXTznNHeEpK2a2CBXPkr9NHenNHenNHtL7RZ8IAriWTr9eU0lAT1nAwyYAWakAtJOXfbkjDoyzcBYvcoAINUnWaakeUryTOa9eT0OyKXPLfoyZc2a0b3aZdtE9wtkPfuOXKJ8vf3f3RMpvCmplcBSVC29sR2yXDU9zcByZC2IvN2pvCmplcBS9kopvCmplcBSMDB5LcBaLNUOpdMOlcBWMC2yZcBaZDMa0NUOjCbklcbkQcbWMFuaZC2iiF2ajd2OlNUOXfbkjDoyzcBYvcoAMD2a5f29Zce0LFUcSd2Yifolvdj0Ldtcjdz0LC28MF29Zfe0LF29ZftcZCBOpfbH9kukicol1FZczfe0LF3WMDmO5FoA9kop0kmY0Cbk0NUOzfoyZftcvdoW9kocZd21ic2AJKXPvR2ajDo8IkuOiFMflfy91FMX7tJO1F2aZWBfldmWINUEmO29vc2xlCM90RzwVHUEPDuO0FePvR3f3fZ5md29mdoaJd3WVC29sR2kvft5Pfo1ShUF7tIPvRZnsCBslwuOPcUnjaakHwuklFbalF3WIfo8IkuOiFMflfy91FMXhkoYPwe0IC3aZdy9pdMl0htL7tMY1FMxgF2a0d3n0htOjDtXIW1aUTr9Way9aA0aUWAfyTlWSwtO1F2aZWBfldmWpKXpjfbkSb3Ylfo9XftILC2ISwrYaALxNAyOgaakHRtO0CbkmcbOgfbkShTShC3aZdy9zcbOvFuWPkoYPRtneaakHT1nAb0cnUAxNTLaUAL9URtn0FmalhTShC3aZdy9zcbOvFuWPkoYPRtneaakHT1nAb0cNTrxNa0xNW0yAUA9KRtn0FmalhTShC3aZdy9zcbOvFuWPkoYPRtneaakHT1nAb0yaar9UOAcyALaURtn0FmalhTShC3aZdy9zcbOvFuWPkoYPRtneaakHT1nAb1kyayaUTlOUWA5TOLaURuOZfBApKXpjfbkSb3Ylfo9XftILC2ISwrYaALxNAyOgarlYOA9aatXIYTEXhTShkuisduY0FMlVcz0IC3aZdy9lGoajhtOjDtL7tIPLGo1SF3OZDB5mwe0IkuisduY0FMlVczShkopzd25gFMaXduLINUnQF29Vb2OlC29LcUILGo1SF3OZDB5mRtn0FmalhTShtI==

I can't seem to decode this base64 string which is in the footer of a wordpress theme. I want to be able to add more to the footer.

Any help appreciated, thanks!

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

dqt20140129 2015-01-14 08:28

关注

Ok, this is the decoded piece of code with readable variables (for educational purposes):

<?php
    $the_current_file = __FILE__;
    $the_line_number_of_this_line   = __LINE__;

    $fileResource = fopen($the_current_file, 'rb');

    while (--$the_line_number_of_this_line) //For every line of code the code before this line
    {
        fgets($fileResource, 1024); //
    }

    fgets($fileResource, 4096);

    $codeToEvaluate = (base64_decode(strtr(fread($fileResource, 372), 'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));
    eval($codeToEvaluate);

    return;

So basically, whereever this piece of code is included, it takes every line before it and replaces the characters EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/= with ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/. Then, it base64 decodes that and eval's it. I'd do a die($codeToEvaluate); before eval($codeToEvaluate) to find out what piece of code is executed.

But then, seriously. If the developers of this theme tried to obfuscate something from you, either it's malicious or you're trying to crack past some licensing because you don't want their attribution in the footer. Credit them or pay them.

So bottom line: Buy the goddamn theme or find another.

EDIT

This seems to be the code, thats being executed:

 $purchasecode = PURCHASE_CODE;
    $target_url   = "http://www.jobzeek.com/api/search/?jobzeek=$jobzeek&indeed=$indeed&careerjet=$careerjet&purchasecode=$purchasecode&keyword=$q&location=$l&co=$co&sort=$sort&radius=$radius&st=$st&jtype=$jt&start=$start&old=$fromage";
//echo $target_url;
    $userAgent = 'Googlebot/2.1 (http://www.googlebot.com/bot.html)';

// make the cURL request to $target_url
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);
    curl_setopt($ch, CURLOPT_URL, $target_url);
    curl_setopt($ch, CURLOPT_FAILONERROR, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_AUTOREFERER, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 500);
    $xmlstring = curl_exec($ch);

    $xmlstring  = $xmlstring;
    $json_reply = json_decode($xmlstring, true);

本回答被题主选为最佳回答 , 对您是否有帮助呢?

查看更多回答(1条)

报告相同问题？

关注问题

解码base64字符串？请：（ php
2015-01-14 08:07

回答 2 已采纳 Ok, this is the decoded piece of code with readable variables (for educational purposes): <?ph
PHP：Base64解码将字符串转换为其他格式，如十进制或二进制 php
2016-12-13 20:41

回答 1 已采纳 Binary data can't be simply printed, that's why you don't see something from base64_decode, but th
解码base64字符串会产生黑色矩形图像 php
2015-07-29 15:54

回答 1 已采纳 What is the purpose of this line: $img = str_replace(' ', '+', $img); Don't think it is necessa
PHP安全的URL字符串base64编码和解码
2020-10-25 18:41

主要介绍了PHP安全的URL字符串base64编码和解码,在base64的基础上替换了不安全的一些字符,需要的朋友可以参考下
同一个base64字符串PHP和JAVA decode结果不一样求对应的PHP代码 java php 有问必答
2021-07-22 09:38

回答 3 已采纳 java base64加密时用ISO_8859_1编码加密看下？？php的好像是ASCII码
为什么openssl无法解码php的base64_encode函数编码的字符串？ php
2013-09-25 14:15

回答 1 已采纳 Add BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL) after the BIO_new() call to tell OpenSSL that all t
在javascript中通过php解码base64编码的字符串 javascript php
2012-04-28 22:53

回答 2 已采纳 Looks like a character encoding problem, make sure all you files are using the same encoding (UTF-
如何将超大Base64字符串解码为文件？
2023-03-10 08:50

安卓修改大师的博客如何才能将超大base64解析为文件呢，只需要将超大base64字符串按照4的倍数进行截取后，再进行解码，然后通过FileOutputStream输出流，依次将字节数组写入文件即可。
使用带有json_decode的php中的Base64解码json字符串 json php
2015-12-29 23:45

回答 1 已采纳 I understand, do this: $json = json_decode($result, true); foreach($json as $k => $v){ // this
php解码base 64非常大的文件，不是字符串 php
2013-10-22 06:30

回答 3 已采纳 @traylz makes the point clear for why it may fail when it shouldn't. However, base64_decode() may
php解析字符串而不解码 php
2018-07-01 17:19

回答 2 已采纳 You could essentially replicate parse_str but without applying urldecode: $x = $_SERVER['QUERY_ST
mysql如何解码字符串_在MySQL中如何解码base64编码的字符串？
2021-01-19 13:46

墨鹊的博客本篇文章主要给大家介绍在mysql中如何解码base64编码的字符串，那么我们可以通过FROM_BASE64()函数来实现解码。在MySQL中，FROM_BASE64()函数解码一个base-64编码的字符串并返回结果。更具体地说，它接受一个用TO_...
PHP / JavaScript：如何最好地编码/解码字符串？ javascript php
2014-01-29 04:35

回答 2 已采纳 Agree with user2864740 Or you can use Base32 since you have only 50.
php base64encode url,php base64如何进行URL字符串编码和解码？
2021-04-20 05:50

皇子在西安的博客 Base64可以将二进制转码成可见字符方便进行http传输，但是base64转码时会生成“+”，“/”，“=”这些被URL进行转码的特殊字符，导致两方面...一、URL安全的字符串编码：functionurlsafe_b64encode($string){$data=b...
php base64 url编码解码,php base64如何进行URL字符串编码和解码？
2021-04-25 01:55

逆光纪的博客 Base64可以将二进制转码成可见字符方便进行http传输，但是base64转码时会生成“+”，“/”，“=”这些被URL进行转码的特殊字符，导致两...一、URL安全的字符串编码：function urlsafe_b64encode($string) {$data = b...
没有解决我的问题, 去提问

悬赏问题

¥15 R语言Rstudio突然无法启动
¥15 关于#matlab#的问题：提取2个图像的变量作为另外一个图像像元的移动量，计算新的位置创建新的图像并提取第二个图像的变量到新的图像
¥15 改算法，照着压缩包里边，参考其他代码封装的格式写到main函数里
¥15 用windows做服务的同志有吗
¥60 求一个简单的网页(标签-安全|关键词-上传)
¥35 lstm时间序列共享单车预测，loss值优化，参数优化算法
¥15 Python中的request，如何使用ssr节点，通过代理requests网页。本人在泰国，需要用大陆ip才能玩网页游戏，合法合规。
¥100 为什么这个恒流源电路不能恒流？
¥15 有偿求跨组件数据流路径图
¥15 写一个方法checkPerson，入参实体类Person，出参布尔值

码龄粉丝数原力等级 --

解码base64字符串？请：（

2条回答默认最新

码龄粉丝数原力等级 --

悬赏问题

解码base64字符串？ 请 ：（

2条回答 默认 最新

悬赏问题

解码base64字符串？请：（

2条回答默认最新