解码评估(base64_decode))

2022-01-21 00:00:00 eval decode base64 php

我正在尝试解码此代码.我知道可以通过将 eval 更改为 echo 来完成.但在这种情况下,它不起作用.我有什么错误吗.这是我的encoded_file.php 代码:

我试图将 eval 更改为 echo,但它的文件不起作用.我也试过这个解码器:

但它也不能很好地工作.任何解决方案如何解码或我的解码器代码有什么问题.

解决方案

以下是解码所需的步骤(注意 - 为了清楚起见,我已重命名变量/函数):

1.我们看到这个脚本读取了它自己的内容,所以我们可以假设——我们不能改变这个文件

所以让我们用这个内容创建新文件并更改这个文件:

$encoded=file('another_file.txt');

2. 然后我们可以将第一个 eval 更改为 echo 并且所有其他 eval 都应该被注释:

这是第一行:

<预> <代码>回波BASE64_DECODE( aWYoIWZ1bmN0aW9uX2V4aXN0cygiWWl1bklVWTc2YkJodWhOWUlPOCIpKXtmdW5jdGlvbiBZaXVuSVVZNzZiQmh1aE5ZSU84KCRnLCRiPTApeyRhPWltcGxvZGUoIlxuIiwkZyk7JGQ9YXJyYXkoNjU1LDIzNiw0MCk7aWYoJGI9PTApICRmPXN1YnN0cigkYSwkZFswXSwkZFsxXSk7ZWxzZWlmKCRiPT0xKSAkZj1zdWJzdHIoJGEsJGRbMF0rJGRbMV0sJGRbMl0pO2Vsc2UgJGY9dHJpbShzdWJzdHIoJGEsJGRbMF0rJGRbMV0rJGRbMl0pKTtyZXR1cm4oJGYpO319");

这会给我们:

if(!function_exists("getSubString")){函数 getSubString($g,$b=0){$a=内爆("
",$g);$d=数组(655,236,40);if($b==0) $f=substr($a,$d[0],$d[1]);elseif($b==1) $f=substr($a,$d[0]+$d[1],$d[2]);否则 $f=trim(substr($a,$d[0]+$d[1]+$d[2]));返回 $f;}}

3. 现在我们可以删除第一个 echo/eval 并转到第二个:

这是第二行:

echo base64_decode(getSubString($encoded));

给我们:

if(!function_exists("decodeCode")){函数 decodeCode($a,$h){如果($h==sha1($a)){返回(gzinflate(base64_decode($a)));}别的{echo("错误:文件已修改");}}}

4.我们可以删除它并进入最后一个评估:

这里是:

echo decodeCode(getSubString($encoded,2),getSubString($encoded,1));

我们看到最终代码:

/*** @地点 #####* @版权 2010*/包括'config.php';$id=$_GET['id'];如果(isset($id)){header("内容类型:图片/jpeg");$url='http://#####/siteuploads/thumb/'.$id;$path=pathinfo($url);header('Content-Disposition: attachment; filename="'.$path['basename'].'"');$img=imagecreatefromjpeg($url);$red=imagecolorallocate($img,255,155,255);imagestring($img,2,1,2,$site,$red);回声 imagejpeg($img);}

I am trying to decode this code. I know it can be done by changing eval to echo. But in this case its not working. Is i am making any mistake. This is my encoded_file.php code:

i have tried to change eval to echo but its not working file. I also tried this decoder:

<?php

// Open and read the content of the encoded file into a variable
$file = file_get_contents('encoded_file.php');

// Strip php tags
$file = str_replace('<?php', "", $file);
$file = str_replace('<?', "", $file);
// Make sure to get rid of short tags....
$file = str_replace('?>', "", $file);

 // Strip new lines
$file = str_replace("
", "", $file);

// Add semi colon to get around a parsing issue.
$file = $file.';';

// Change the Eval function
$file = str_replace('eval', 'echo ', $file);

// Function to eval the new string
function deval()
{
global $file;
ob_start();
eval($file);
$contents = ob_get_contents();
ob_end_clean();
return($contents);
}  

// Run the code thru once
$file = deval();

// Counter
$cnt = 1;

// Loop it till it's decoded
while(preg_match('/^?><?php eval/', $file))
{
$file = str_replace('?><?php eval', 'echo', $file);
$file = str_replace('?><?', "", $file);
$file = deval();
  $cnt;
}

//clean up some tags
$file = str_replace('?><?php', "", $file);
$file = str_replace('?><?', "", $file);

echo $cnt,' iterations<br/><br/>';
echo $file;
?>

but it also not working well. Any solution how to decode it or what's wrong in my decoder code.

解决方案

Here are the steps which are needed to decode this (note - I've renamed variables/functions for clarity):

1. We see that this script reads content of itself, so we can assume - we cannot change this file

so lets create new file with this content and change this file:

$encoded=file('another_file.txt');

2. Then we can change first eval to echo and all other evals should be commented:

here is first line:

echo base64_decode("aWYoIWZ1bmN0aW9uX2V4aXN0cygiWWl1bklVWTc2YkJodWhOWUlPOCIpKXtmdW5jdGlvbiBZaXVuSVVZNzZiQmh1aE5ZSU84KCRnLCRiPTApeyRhPWltcGxvZGUoIlxuIiwkZyk7JGQ9YXJyYXkoNjU1LDIzNiw0MCk7aWYoJGI9PTApICRmPXN1YnN0cigkYSwkZFswXSwkZFsxXSk7ZWxzZWlmKCRiPT0xKSAkZj1zdWJzdHIoJGEsJGRbMF0rJGRbMV0sJGRbMl0pO2Vsc2UgJGY9dHJpbShzdWJzdHIoJGEsJGRbMF0rJGRbMV0rJGRbMl0pKTtyZXR1cm4oJGYpO319");

this will give us:

if(!function_exists("getSubString"))
{
    function getSubString($g,$b=0)
    {
        $a=implode("
",$g);
        $d=array(655,236,40);
        if($b==0) $f=substr($a,$d[0],$d[1]);
        elseif($b==1) $f=substr($a,$d[0]+$d[1],$d[2]);
        else $f=trim(substr($a,$d[0]+$d[1]+$d[2]));
        return $f;
    }
}

3. Now we can remove first echo/eval and go to 2nd one:

here is 2nd line:

echo base64_decode(getSubString($encoded));

give us:

if(!function_exists("decodeCode"))
{
    function decodeCode($a,$h)
    {
        if($h==sha1($a))
        {
            return(gzinflate(base64_decode($a)));
        }
        else
        {
            echo("Error: File Modified");
        }
    }
}

4. we can remove it and go to last eval:

here is it:

echo decodeCode(getSubString($encoded,2),getSubString($encoded,1));

and we see final code:

/**
* @site #####
* @copyright 2010
*/
include 'config.php';
$id=$_GET['id'];
if(isset($id))
{
    header("Content-type: image/jpeg");
    $url='http://#####/siteuploads/thumb/'.$id;
    $path=pathinfo($url);
    header('Content-Disposition: attachment; filename="'.$path['basename'].'"');
    $img=imagecreatefromjpeg($url);
    $red=imagecolorallocate($img,255,155,255);
    imagestring($img,2,1,2,$site,$red);
    echo imagejpeg($img);
}

相关文章