威盾PHP加密专家解密算法
作者:阿圣(Sfan) 发布于:2010-5-28 15:20 Friday 分类:Web
最近遇到一个加密后的PHP文件...
- <?php //
- $OOO0O0O00=__FILE__;$OOO000000=urldecode('%74%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64%66%70%6e%72');$OO00O0000=49592;$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$O0O0000O0='OOO0000O0';eval(($$O0O0000O0('JE9PME9PMDAwMD0kT09PMDAwMDAwezE3fS4kT09PMDAwMDAwezEyfS4kT09PMDAwMDAwezE4fS4kT09PMDAwMDAwezV9LiRPT08wMDAwMDB7MTl9O2lmKCEwKSRPMDAwTzBPMDA9JE9PME9PMDAwMCgkT09PME8wTzAwLCdyYicpOyRPTzBPTzAwME89JE9PTzAwMDAwMHsxN30uJE9PTzAwMDAwMHsyMH0uJE9PTzAwMDAwMHs1fS4kT09PMDAwMDAwezl9LiRPT08wMDAwMDB7MTZ9OyRPTzBPTzAwTzA9JE9PTzAwMDAwMHsxNH0uJE9PTzAwMDAwMHswfS4kT09PMDAwMDAwezIwfS4kT09PMDAwMDAwezB9LiRPT08wMDAwMDB7MjB9OyRPTzBPTzAwME8oJE8wMDBPME8wMCwxMjUzKTskT08wME8wME8wPSgkT09PMDAwME8wKCRPTzBPTzAwTzAoJE9PME9PMDAwTygkTzAwME8wTzAwLDM4MCksJ0Y4QUUxeHRUQ2lWN2dNd3VkUGYvbjRPWmN2SzMwUTVwcnpvTDZYK0dqc0h5QldScU5ibWVJSlMyYVU5a1loRGw9JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>
- i1hugE8ugE8ugEJeQTip0后面接着..还有一大段看似无意义的代码...
找了一下解密的算法..分享下...
- /***********************************
- *威盾PHP加密专家解密算法 By:Neeao
- *http://Neeao.com
- *2009-09-10
- ***********************************/
- $filename="GlobalAction.class.php";//要解密的文件
- $lines = file($filename);//0,1,2行
- //第一次base64解密
- $content="";
- if(preg_match("/O0O0000O0\('.*'\)/",$lines[1],$y))
- {
- $content=str_replace("O0O0000O0('","",$y[0]);
- $content=str_replace("')","",$content);
- $content=base64_decode($content);
- }
- //第一次base64解密后的内容中查找密钥
- $decode_key="";
- if(preg_match("/\),'.*',/",$content,$k))
- {
- $decode_key=str_replace("),'","",$k[0]);
- $decode_key=str_replace("',","",$decode_key);
- }
- //查找要截取字符串长度
- $str_length="";
- if(preg_match("/,\d*\),/",$content,$k))
- {
- $str_length=str_replace("),","",$k[0]);
- $str_length=str_replace(",","",$str_length);
- }
- //截取文件加密后的密文
- $Secret=substr($lines[2],$str_length);
- //echo $Secret;
- //直接还原密文输出
- echo "<?php\n".base64_decode(strtr($Secret,$decode_key,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'))."?>";
« 时光
|
JS们制造的"无敌"9400GT»
评论:
2010-06-05 11:45