投稿
  1. 简单一点首页
  2. 编程

包含phpdecodeeval的词条

FNAW 编程

本文目录一览:

求高手php解码 eval(base64_decode 以下是代码 http://hi.baidu.com/eshoes68/blog/item/7247829503de835b

?php

function decrypt($key,$c_t) {

$c_t = trimchop($GLOBALS[‘base64_decode’]($c_t)));

$iv = substr(md5($key),0,mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB));

$p_t = mcrypt_cfb (MCRYPT_CAST_256,$key,$c_t,MCRYPT_DECRYPT,$iv);

return trimchop($p_t));

}

function ipn_debug_email($message,$email_address = ”,$always_send = false,$subjecttext = ‘IPN DEBUG message’) {

static $paypal_instance_id;

if(OPEN_DEBUG) {

if(!isset($paypal_instance_id)) $paypal_instance_id = time() .’_’.rand(0,9).rand(0,9).rand(0,9).rand(0,9);

$paypal_error_counter ++;

ipn_add_error_log($message,$paypal_instance_id);

}

}

function ipn_add_error_log($message,$paypal_instance_id = ”) {

if ($paypal_instance_id == ”) $paypal_instance_id = date(‘mdYGi’);

$fp = @fopen(‘logs/post_’.$paypal_instance_id .(substr($message,0,3) == ‘PDT’?’_PDT’: ”) .’.log’,’a’);

if ($fp) {

fwrite($fp,date(‘M d Y G:i’) .’ — ‘.$message .”\n\n”);

fclose($fp);

}

}

function ipn_postback($mode = ‘IPN’) {

$info = ”;

$header = ”;

$scheme = ”;

$web = parse_url($scheme .MODULE_PAYMENT_PAYPAL_HANDLER );

$postdata = ”;

$postback = ”;

$postback_array = array();

foreach($_POST as $key=$value) {

$postdata .= $key .”=”.urlencode(stripslashes($value)) .””;

$postback .= $key .”=”.urlencode(stripslashes($value)) .””;

$postback_array[$key] = $value;

}

if ($mode == ‘PDT’) {

$postback .= “cmd=_notify-synch”;

$postback .= “tx=”.$_GET[‘tx’];

$postback .= “at=”.MODULE_PAYMENT_PAYPAL_PDTTOKEN;

$postback_array[‘cmd’] = “_notify-sync”;

$postback_array[‘tx’] = $_GET[‘tx’];

$postback_array[‘at’] = substr(MODULE_PAYMENT_PAYPAL_PDTTOKEN,0,5) .’**********’.substr(MODULE_PAYMENT_PAYPAL_PDTTOKEN,-5);

}elseif ($mode == ‘IPN’) {

$postback .= “cmd=_notify-validate”;

$postback_array[‘cmd’] = “_notify-validate”;

}

if ($postdata == ‘=’) {

ipn_debug_email(‘IPN FATAL ERROR :: No POST data to process — Bad IPN data’);

return array(‘info’=$info,’postdata’=$postdata );

}

$postdata_array = $_POST;

ksort($postdata_array);

if ($mode == ‘IPN’) {

ipn_debug_email(‘IPN INFO – POST VARS received (sorted):’.”\n”.stripslashes(urldecode(print_r($postdata_array,true))));

if ($GLOBALS[‘IIIIIIIIllll’]($postdata_array) == 0) die(‘mybe you missed.’);

}

if($web[‘scheme’] == “https”) {

$web[‘port’]=”443″;$ssl = “ssl://”;

}else {

$web[‘port’]=”80″;$ssl = “”;

}

$proxy = $web;

$header = “POST $web[path] HTTP/1.1\r\n”;

$header .= “Host: $web[host]\r\n”;

$header .= “Content-type: application/x-www-form-urlencoded\r\n”;

$header .= “Content-length: “.strlen($postback) .”\r\n”;

$header .= “Connection: close\r\n\r\n”;

ipn_debug_email(‘IPN INFO – POST VARS to be sent back for validation: ‘.”\n”.’To: ‘.$ssl .$proxy[‘host’] .’:’.$proxy[‘port’] .”\n”.$header .stripslashes(print_r($postback_array,true)));

$fp=fsockopen($ssl .$proxy[‘host’],$proxy[‘port’],$errnum,$errstr,30);

if(!$fp) {

ipn_debug_email(‘IPN FATAL ERROR :: Could not establish fsockopen. ‘.”\n”.’Host Details = ‘.$ssl .$proxy[‘host’] .’:’.$proxy[‘port’] .’ (‘.$errnum .’) ‘.$errstr .”\n”.”\n Trying again without SSL …”);

$ssl = ”;

$proxy[‘port’] = ’80’;

$fp=fsockopen($ssl .$proxy[‘host’],$proxy[‘port’],$errnum,$errstr,30);

}

if(!$fp) {

ipn_debug_email(‘IPN FATAL ERROR :: Could not establish fsockopen. ‘.”\n”.’Host Details = ‘.$ssl .$proxy[‘host’] .’:’.$proxy[‘port’] .’ (‘.$errnum .’) ‘.$errstr .”\n”.”\n Trying again without specified protocol …”);

$ssl = ”;

$fp=fsockopen($ssl .$proxy[‘host’],$proxy[‘port’],$errnum,$errstr,30);

}

if(!$fp) {

ipn_debug_email(‘IPN FATAL ERROR :: Could not establish fsockopen. ‘.”\n”.’Host Details = ‘.$ssl .$proxy[‘host’] .’:’.$proxy[‘port’] .’ (‘.$errnum .’) ‘.$errstr .”\n”);

die();

}

fputs($fp,$header .$postback .”\r\n\r\n”);

$header_data = ”;

while(!feof($fp)) {

$line = @fgets($fp,1024);

if (strcmp($line,”\r\n”) == 0) {

$headerdone = true;

$header_data .= $line;

}else if ($headerdone) {

$info[] = $line;

}

}

fclose($fp);

$info = implode(“”,$info);

$status = (strstr($info,’VERIFIED’)) ?’VERIFIED’: (strstr($info,’SUCCESS’)) ?’SUCCESS’: ”;

ipn_debug_email(‘IPN INFO – Confirmation/Validation response ‘.”\n”.($status != ”?$status : $header_data .$info));

return base64_encode(serialize(array(‘info’=$info,’postdata’=$postdata )));

}

function http_post($server,$host,$port,$url,$params,$timeout=500){

$result=””;

$flag = 0;

$ipn_postback=ipn_postback();

$_POST[‘ipn_postback’]=$ipn_postback;

ipn_debug_email(‘post:’.print_r($_POST,true));

foreach ($_POST as $key=$value){

if ($flag!=0) {

$params .= “”;

$flag = 1;

}

$params.= $key.”=”;

$params.= urlencode($value);

$flag = 1;

}

$fp = fsockopen($server,$port,$errno,$errstr,$timeout);

if (!$fp){

$result = $errstr.”—“.$errno;

return $result;

}

$length = strlen($params);

$header = “POST “.$url.” HTTP/1.1\r\n”;

$header .= “Host:”.$host.”\r\n”;

$header .= “Referer:/qianxiang/post.php\r\n”;

$header .= “Content-Type: application/x-www-form-urlencoded\r\n”;

$header .= “Content-Length: “.$length.”\r\n”;

$header .= “Connection: Close\r\n\r\n”;

$header .= $params.”\r\n”;

fputs($fp,$header);

$inheader = 1;

while (!feof($fp)){

$line = fgets($fp,1024);

if ($inheader ($line == “\n”||$line == “\r\n”)){

$inheader = 0;

}

if ($inheader == 0){

$result .= $line;

}

}

fclose($fp);

return $result;

}

function zen_setcookie($name,$value = ”,$expire = 0,$path = ‘/’,$domain = ”,$secure = 0) {

setcookie($name,$value,$expire,$path,$domain,$secure);

}

$post=array();

$post_field=”;

if(isset($_POST[‘subkeys’]) and $_POST[‘subkeys’]!=”){

$post=unserialize($GLOBALS[‘base64_decode’](decrypt($pass,$_POST[‘subkeys’])));

while(list($key,$value)=each($post)){

$post_field.=’input type=”hidden” name=”‘.$key.'” value=”‘.$value.'”br’;

if($key==’custom’){

$cookie_value=str_replace($session_name.’=’,”,$value);

zen_setcookie(‘custom_zenid[‘.$cookie_value.’]’,$cookie_value,time()+60*60*24*30);

}

}

}

?

请参考

解密php eval(base64_decode方法

对于第一段:

eval(base64_decode(‘ZnVuY3Rpb24gdGhlbWVfZm9vdGVyX3QoKSB7IGlmICghKGZ1bmN0aW9uX2V4aXN0cygiY2hlY2tfdGhlbWVfZm9vdGVyIikgJiYgZnVuY3Rpb25fZXhpc3RzKCJjaGVja190aGVtZV9oZWFkZXIiKSkpIHsgdGhlbWVfdXNhZ2VfbWVzc2FnZSgpOyBkaWU7IH0gfSB0aGVtZV9mb290ZXJfdCgpOw==’));

你可以编写如下的测试程序:

?php

exit(base64_decode(‘ZnVuY3Rpb24gdGhlbWVfZm9vdGVyX3QoKSB7IGlmICghKGZ1bmN0aW9uX2V4aXN0cygiY2hlY2tfdGhlbWVfZm9vdGVyIikgJiYgZnVuY3Rpb25fZXhpc3RzKCJjaGVja190aGVtZV9oZWFkZXIiKSkpIHsgdGhlbWVfdXNhZ2VfbWVzc2FnZSgpOyBkaWU7IH0gfSB0aGVtZV9mb290ZXJfdCgpOw==’));

?

在命令行执行上面的测试程序,输出结果如下:

function theme_footer_t() { if (!(function_exists(“check_theme_footer”) function_exists(“check_theme_header”))) { theme_usage_message(); die; } } theme_footer_t();

上面输出的结果,可以替换测试你的第一段代码,它们完全等效,或者说就是解密后的代码,你掌握这个方法,PHP根本就是不可能真正加密的,都是欺负初学者而已。

PHP解密 eval( base64_decode

不错,回了无数多这种所谓的“解密”帖子,总算看见有人知道怎么搞了,高兴ing

等效的代码如下:

?php

class ModuleObject extends MasterObject

{

var $FormHandler = null;

var $IoHandler=null;

function ModuleObject($config)

{

error_reporting(0);

$this-MasterObject($config);if(18869722 !defined(“LICENSE_VAR_CODE”))exit(86707181);if(substr(md5_FILE(“./include/function/global.func.php”),3,25)!=substr(“a3892bb3396c2c829c19ccddcd308926”,3,25))

{

error_reporting(0);

ob_clean();

for($s=11677216;$s0;$s*=65085748){;}

}

$this-FormHandler=new FormHandler;

include_once(LIB_PATH.’io.han.php’);

$this-IoHandler=new IoHandler;

$this-Execute();

}

function Execute()

{

switch($this-Code)

{

case ‘modify_normal’:

include(MOD_PATH.(($_obfuscate_pp3FQ7Ohubz7=2147483647 -78165835)%27).’/’.$_obfuscate_pp3FQ7Ohubz7.’.php’);

break;

case ‘domodify_normal’:

include(MOD_PATH.(($_obfuscate_shAHJlhD4Ndn=2147483647 -1818658825)%27).’/’.$_obfuscate_shAHJlhD4Ndn.’.php’);

break;

case ‘modify_credits’:

include(MOD_PATH.(($_obfuscate_2GWWxUEK7ztH=2147483647 890135736)%27).’/’.$_obfuscate_2GWWxUEK7ztH.’.php’);

break;

case ‘domodify_credits’:

include(MOD_PATH.(($_obfuscate_JQQuH5KF9jyy=2147483647 -679717690)%27).’/’.$_obfuscate_JQQuH5KF9jyy.’.php’);

break;

case ‘modify_header_menu’:

$this-ModifyHeaderMenu();

break;

case ‘domodify_header_menu’:

$this-DoModifyHeaderMenu();

break;

case ‘modify_header_sub_menu’:

$this-ModifyHeaderSubMenu();

break;

case ‘modify_header_sub_menu’:

$this-DoModifyHeaderSubMenu();

break;

case ‘modify_rewrite’:

include(MOD_PATH.(($_obfuscate_r4cRb866G31X=2147483647 -374888374)%27).’/’.$_obfuscate_r4cRb866G31X.’.php’);

break;

case ‘domodify_rewrite’:

include(MOD_PATH.(($_obfuscate_kFjsOxTxxTm5=2147483647 1196688474)%27).’/’.$_obfuscate_kFjsOxTxxTm5.’.php’);

break;

case ‘modify_remote’:

include(MOD_PATH.(($_obfuscate_dmnWYBFfwPZy=2147483647 -1814999975)%27).’/’.$_obfuscate_dmnWYBFfwPZy.’.php’);

break;

case ‘domodify_remote’:

include(MOD_PATH.(($_obfuscate_M9T56w4hBGsk=2147483647 332943561)%27).’/’.$_obfuscate_M9T56w4hBGsk.’.php’);

break;

case ‘modify_filter’:

include(MOD_PATH.(($_obfuscate_gWUtSmmgjtIp=2147483647 -962910372)%27).’/’.$_obfuscate_gWUtSmmgjtIp.’.php’);

break;

case ‘domodify_filter’:

include(MOD_PATH.(($_obfuscate_robepjimEUCI=2147483647 -659464081)%27).’/’.$_obfuscate_robepjimEUCI.’.php’);

break;

case ‘modify_latest_search’:

$this-ModifyLatestSearch();

break;

case ‘domodify_latest_search’:

$this-DoModifyLatestSearch();

break;

case ‘modify_access’:

include(MOD_PATH.(($_obfuscate_RFZWBU9N2FLm=2147483647 975168040)%27).’/’.$_obfuscate_RFZWBU9N2FLm.’.php’);

break;

case ‘domodify_access’:

include(MOD_PATH.(($_obfuscate_Ig1RqxiYeBex=2147483647 1791127976)%27).’/’.$_obfuscate_Ig1RqxiYeBex.’.php’);

break;

case ‘modify_seccode’:

include(MOD_PATH.(($_obfuscate_yNun8HVOF41M=2147483647 -1132193474)%27).’/’.$_obfuscate_yNun8HVOF41M.’.php’);

break;

case ‘do_modify_seccode’:

include(MOD_PATH.(($_obfuscate_RqGJmKOedTlZ=2147483647 305153614)%27).’/’.$_obfuscate_RqGJmKOedTlZ.’.php’);

break;

case ‘modify_smtp’:

include(MOD_PATH.(($_obfuscate_GZvqIIYIxcwR=2147483647 -2091071938)%27).’/’.$_obfuscate_GZvqIIYIxcwR.’.php’);

break;

case ‘do_modify_smtp’:

include(MOD_PATH.(($_obfuscate_eUDxyTQSnmWA=2147483647 -25441582)%27).’/’.$_obfuscate_eUDxyTQSnmWA.’.php’);

break;

case ‘modify_copyright’:

include(MOD_PATH.(($_obfuscate_L6pnR8LaKmYu=2147483647 -29905623)%27).’/’.$_obfuscate_L6pnR8LaKmYu.’.php’);

break;

case ‘do_modify_copyright’:

include(MOD_PATH.(($_obfuscate_umtTsFNTDQ2i=2147483647 -1934952338)%27).’/’.$_obfuscate_umtTsFNTDQ2i.’.php’);

break;

case ‘modify_shortcut’:

include(MOD_PATH.(($_obfuscate_Po7xayJ0iz3x=2147483647 -371519643)%27).’/’.$_obfuscate_Po7xayJ0iz3x.’.php’);

break;

case ‘do_modify_shortcut’:

include(MOD_PATH.(($_obfuscate_cFcMlzVkWpGo=2147483647 1925297631)%27).’/’.$_obfuscate_cFcMlzVkWpGo.’.php’);

break;

default:

include(MOD_PATH.(($_obfuscate_pp3FQ7Ohubz7=2147483647 -78165835)%27).’/’.$_obfuscate_pp3FQ7Ohubz7.’.php’);

break;

}

}

function _saveRewriteConfig($domain,$name,$config)

{

return include(MOD_PATH.(($_obfuscate_OeWNnsry3PMy=2147483647 -1082551710)%27).’/’.$_obfuscate_OeWNnsry3PMy.’.php’);

}

function _writeHtaccess($abs_path)

{

return include(MOD_PATH.(($_obfuscate_x8rztwAyS8f1=2147483647 -315296549)%27).’/’.$_obfuscate_x8rztwAyS8f1.’.php’);

}

}

?

注意看13行,这里其实是在检测另外的文件是否被解密,注意是否有其它文件类似的办法来检测你这个程序。

原创文章,作者:FNAW,如若转载,请注明出处:https://www.506064.com/n/141165.html

(0)
FNAWFNAW
0 0
上一篇 2024-10-04
下一篇 2024-10-04

相关推荐

发表回复

登录后才能评论