十六进制解码-如何解码此字符串?
[英]HEX decode - how to decode this string?
问题描述
How i can Decode strings like this? 
我如何解码这样的字符串?
<?php ${"G\x4c\x4f\x42\x41\x4c\x53"}["\x79\x76\x77\x63\x61\x61"]="chec\x6b\x5f\x6c";${"\x47\x4c\x4f\x42AL\x53"}["\x77\x68\x79\x72\x71\x78\x77\x63\x7a"]="\x75\x73e\x72\x69\x64";${"G\x4c\x4f\x42\x41\x4c\x53"}["\x6a\x71\x67\x72\x6f\x76\x72h\x6f\x73\x65"]
It just part of my code and i can't place whole code. 它只是我的代码的一部分,我无法放置整个代码。
2 个解决方案
解决方案1
3 2014-06-12 18:16:09
In this specific case where the only encoding consists of hexadecimal escape sequences ('\\x' followed by two hexadecimal characters), and there is no '%' sign or single quote, the "decoding" is easy enough to achieve with the printf command-line tool that you will find in any decent Unix-like operating systems. 在这种唯一的编码由十六进制转义序列('\\ x'后跟两个十六进制字符)组成并且没有'%'符号或单引号的特定情况下,使用printf命令可以轻松实现“解码”在线工具,您可以在任何类似Unix的操作系统中找到它。 printf uses the same kind of escaping. printf使用相同的转义。 Hence (truncated for easier display): 因此(为了方便显示而被截断):
$ printf '<?php ${"G\x4c\x4f\x42\x41\x4c\x53"}["\x79\x76\x77\x63\x61\x61"]'
<?php ${"GLOBALS"}["yvwcaa"]
If you want to indulge into reverse-engineering of malware, then some experience in such command-line tools is very handy. 如果您想沉迷于恶意软件的逆向工程,那么使用此类命令行工具的一些经验将非常方便。 On Windows, you may want to install Cygwin . 在Windows上,您可能需要安装Cygwin 。
解决方案2
2 2014-06-12 17:59:49
You can often decode such things by modifying the PHP code itself to echo. 您通常可以通过修改PHP代码本身以进行回显来对这些内容进行解码。
$ php -r 'echo "G\x4c\x4f\x42\x41\x4c\x53";'
GLOBALS
$
The stuff is designed to be executable PHP, you just need to defang it and it'll tell you everything. 这些东西被设计为可执行的PHP,您只需对其进行defang,它就会告诉您所有信息。
I will warn you, that looks like standard malware, so a) be careful where you execute it and b) be aware a lot of the strings will be garbage; 我会警告您,它看起来像是标准的恶意软件,因此a)请注意在执行该恶意软件的位置,b)请注意很多字符串将是垃圾; the code is designed to be not easily readable once you decode it. 该代码被设计为一旦解码就不容易阅读。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.