如何解码 php base64_decode
[英]how to decode php base64_decode
问题描述
I'm a newbie starting to learn from source code.
我是一个新手,开始从源代码中学习。 I bought a source code on the internet with full source code switching but it turns out there is a part that is hidden.我在网上买了一个完整的源代码切换的源代码,但结果发现有一部分是隐藏的。 How to do decrypt/decode for lines like this:如何对这样的行进行解密/解码:
<?php
$keystroke1 = base64_decode("d2RyMTU5c3E0YXllejd4Y2duZl90djhubHVrNmpoYmlvMzJtcA==");
eval(gzinflate(base64_decode('hY5NCsIwEIWv8ixdZDCKWZcuPUfRdqrBmsBkAkrp3aVIi3Tj9v1+vje7PodWfQwNv3zSZAqJyqGNHRdE4+JiVU2ZVHy42fLyjDkoYUT54DdqpHxNKmsAJwtHFXxvksrAYXGort1cE9YsAe1dTJTOzCuEPZbhChN4SPw/iePMd/7ybSmcxeb+4Mj+vkzTBw==')));
$O0O0O0O0O0O0=$keystroke1[2].$keystroke1[32].$keystroke1[20].$keystroke1[11].$keystroke1[23].$keystroke1[15].$keystroke1[32].$keystroke1[1].$keystroke1[11];
$keystroke2 = $O0O0O0O0O0O0("xes26:tr5bzf{8ydhog`uw9omvl7kicjp43nq", -1);
$OO000OO000OO=$keystroke2[16].$keystroke2[12].$keystroke2[31].$keystroke2[23].$keystroke2[18].$keystroke2[24].$keystroke2[9].$keystroke2[20].$keystroke2[11];
$O0000000000O=$keystroke1[30].$keystroke1[9].$keystroke1[6].$keystroke1[11].$keystroke1[27].$keystroke1[8].$keystroke1[19].$keystroke1[1].$keystroke1[11].$keystroke1[15].$keystroke1[32].$keystroke1[1].$keystroke1[11];
eval($OO000OO000OO(base64_decode('LcTLsm
tKAADQn7lVZ+8yoBtB3ZH3OyEEMbnl0SLxTJrQvv
5M7hos9C36n38uF4Zh/u+nLDA6cf/VqJpq9PPHq2
IHD+dQlrVwpIa3BPicV2atbjLVsx+to7il1297dn
c+9PeDJGOoGn0MJUJnSqiJwrGcK5/bG2iiJtUoOk
3GKbHYjjzd5yLu3q2dPpWSFjDVTKWSS6MFsF6MU5
dsbJn7qHRxhGo0MNuluk29F3iwyAx/cYO+OfPWi1
ECDkWG1NsMLuAcM3F98vtMsubbvQjf1ZpVMUP5Eh
puFNzCi/CYkoM1VgsAetzjpvEe1M2AlX4YFjQZF0
A0VBRQKS0B5mcI7na2N/nER993+qocgmh9WawUrU
YhBMUiPNpuXNQy2o7VxHvhyO3nZkcWTmQu5kV1C2
ECbZiH8XsL4QuYbf7lI4SF1gDM/vVqRz4qyj7a8b
qS1nXP79731t4O0qcDaqN97BHDzlPwTEF6H7p9a3
Zu1Ut6X5GNTgZhWe3dHa+6yzJ58MX1Pc8mwAWK4v
EVLjGolQQLieOvkn4jD4d0FMQuLYvXhaxbzJyLR2
OHDKhMu2EwHthDt+I7YwOvVUydwEnCigk/n4iQei
SzwWNKicdunzmrVoOWl9gt8lhK+WzNpbPqkHEK7i
xBHT84UAbkHpity8i9eLUUulASI5d7cfpGWF6I4l
7tYBeJmYzXycA3FbbrSb+yNgd8XM5u7wU0mL8tVP
hJ2J/nu2QLr/OgzZrmp7xvKmpZCgHU7w0RlS1PT9
4JvxXtekif9dDGvBxSQjcwj2i32C7Abbcosvey5I
iq2hW7mjn/lUS6OUQ64Kw/v7+///4F')));
?>
is code like this dangerous?这样的代码危险吗?
1 个解决方案
解决方案1
1 2022-08-08 13:43:56
You are looking at a piece of obfuscated code .您正在查看一段混淆代码。 I will explain it line by line, but first let's go over the functions that are used:我将逐行解释,但首先让我们 go 介绍使用的功能:
base64_decode()
This function decodes a base64 encoded string.此 function 解码base64编码字符串。 It's used here to unscramble intentionally scrambled code.它在这里被用来解读故意加扰的代码。
gzinflate()
This function decompresses a compressed string.此 function 解压缩压缩字符串。 It's used the same way as base64_decode().它的使用方式与 base64_decode() 相同。
eval()
This function executes a string as code.这个 function 将字符串作为代码执行。 Its use is discouraged and is in itself a bit of a red flag, though it has legitimate uses.不鼓励使用它,尽管它有合法用途,但它本身就是一个危险信号。
$keystroke1 = base64_decode("d2RyMTU5c3E0YXllejd4Y2duZl90djhubHVrNmpoYmlvMzJtcA==");
This line creates an apparently random string of characters: wdr159sq4ayez7xcgnf_tv8nluk6jhbio32mp这一行创建了一个明显随机的字符串:wdr159sq4ayez7xcgnf_tv8nluk6jhbio32mp
This string is saved to a variable, $keystroke1.此字符串保存到变量 $keystroke1 中。 The string itself is not important, other than that it contains some letters that are used later.字符串本身并不重要,只是它包含一些稍后使用的字母。
eval(gzinflate(base64_decode('hY5NCsIwEIWv8ixdZDCKWZcuPUfRdqrBmsBkAkrp3aVIi3Tj9v1+vje7PodWfQwNv3zSZAqJyqGNHRdE4+JiVU2ZVHy42fLyjDkoYUT54DdqpHxNKmsAJwtHFXxvksrAYXGort1cE9YsAe1dTJTOzCuEPZbhChN4SPw/iePMd/7ybSmcxeb+4Mj+vkzTBw==')));
This line unscrambles a doubly scrambled string and then runs this resulting code:此行对双重加扰的字符串进行解扰,然后运行以下结果代码:
if(!function_exists("rotencode")){function rotencode($string,$amount) { $key = substr($string, 0, 1); if(strlen($string)==1) { return chr(ord($key) + $amount); } else { return chr(ord($key) + $amount) . rotEncode(substr($string, 1, strlen($string)-1), $amount); }}}
This creates a new function called rotencode(), which is yet another way of unscrambling strings.这将创建一个名为 rotencode() 的新 function,这是另一种解扰字符串的方法。
$O0O0O0O0O0O0=$keystroke1[2].$keystroke1[32].$keystroke1[20].$keystroke1[11].$keystroke1[23].$keystroke1[15].$keystroke1[32].$keystroke1[1].$keystroke1[11];
This line takes specific characters from that random string from earlier to create the word "rotencode" as a string, stored in the variable named $O0O0O0O0O0O0.这一行从前面的随机字符串中获取特定字符,将单词“rotencode”创建为字符串,存储在名为 $O0O0O0O0O0O0 的变量中。
$keystroke2 = $O0O0O0O0O0O0("xes26:tr5bzf{8ydhog`uw9omvl7kicjp43nq", -1);
This line uses the rotencode() function to unscramble yet another string (actually exactly the same string as before, for some reason).此行使用 rotencode() function 来解读另一个字符串(实际上与以前完全相同的字符串,出于某种原因)。
$OO000OO000OO=$keystroke2[16].$keystroke2[12].$keystroke2[31].$keystroke2[23].$keystroke2[18].$keystroke2[24].$keystroke2[9].$keystroke2[20].$keystroke2[11];
$O0000000000O=$keystroke1[30].$keystroke1[9].$keystroke1[6].$keystroke1[11].$keystroke1[27].$keystroke1[8].$keystroke1[19].$keystroke1[1].$keystroke1[11].$keystroke1[15].$keystroke1[32].$keystroke1[1].$keystroke1[11];
On these lines the two (identical but separate) random strings are used to create the words gzinflate and base64_decode.在这些行中,两个(相同但独立的)随机字符串用于创建单词 gzinflate 和 base64_decode。 This is done so the coder can use these functions without it being apparent that that's what is happening.这样做是为了让编码人员可以使用这些功能,而不会明显地发现正在发生的事情。 However, base64_decode() is never used this way in the snippet you posted.但是,base64_decode() 在您发布的代码段中从未以这种方式使用过。 That might suggest that it is used later in the code in places you haven't seen or recognized yet.这可能表明它稍后会在您尚未看到或识别的地方的代码中使用。 Searching your code for "$O0000000000O" might yield other uses.在您的代码中搜索“$O0000000000O”可能会产生其他用途。
eval($OO000OO000OO(base64_decode('LcTLsmtKAADQn7lVZ+8yoBtB3ZH3OyEEMbnl0SLxTJrQvv5M7hos9C36n38uF4Zh/u+nLDA6cf/VqJpq9PPHq2IHD+dQlrVwpIa3BPicV2atbjLVsx+to7il1297dnc+9PeDJGOoGn0MJUJnSqiJwrGcK5/bG2iiJtUoOk3GKbHYjjzd5yLu3q2dPpWSFjDVTKWSS6MFsF6MU5dsbJn7qHRxhGo0MNuluk29F3iwyAx/cYO+OfPWi1ECDkWG1NsMLuAcM3F98vtMsubbvQjf1ZpVMUP5EhpuFNzCi/CYkoM1VgsAetzjpvEe1M2AlX4YFjQZF0A0VBRQKS0B5mcI7na2N/nER993+qocgmh9WawUrUYhBMUiPNpuXNQy2o7VxHvhyO3nZkcWTmQu5kV1C2ECbZiH8XsL4QuYbf7lI4SF1gDM/vVqRz4qyj7a8bqS1nXP79731t4O0qcDaqN97BHDzlPwTEF6H7p9a3Zu1Ut6X5GNTgZhWe3dHa+6yzJ58MX1Pc8mwAWK4vEVLjGolQQLieOvkn4jD4d0FMQuLYvXhaxbzJyLR2OHDKhMu2EwHthDt+I7YwOvVUydwEnCigk/n4iQeiSzwWNKicdunzmrVoOWl9gt8lhK+WzNpbPqkHEK7ixBHT84UAbkHpity8i9eLUUulASI5d7cfpGWF6I4l7tYBeJmYzXycA3FbbrSb+yNgd8XM5u7wU0mL8tVPhJ2J/nu2QLr/OgzZrmp7xvKmpZCgHU7w0RlS1PT94JvxXtekif9dDGvBxSQjcwj2i32C7Abbcosvey5Iiq2hW7mjn/lUS6OUQ64Kw/v7+///4F')));
This is where it all comes together.这就是一切融合在一起的地方。 This line unscrambles a line of code which has been compressed and encoded 10 times over.此行对已压缩和编码 10 次以上的代码行进行解密。 The final result is this:最终结果是这样的:
$cnk = array('localhost');
That's it.而已。 It sets the string "localhost" as the sole element of an array and saves it in a variable named $cnk.它将字符串“localhost”设置为数组的唯一元素,并将其保存在名为 $cnk 的变量中。 In and of itself, there's nothing hazardous about running this code, but noting the lengths that the coder went to in order to hide this line, it's probably a safe bet that it wasn't placed there to help you - the buyer - in any way.就其本身而言,运行此代码并没有什么危险,但请注意编码器为了隐藏此行所花费的长度,可以肯定的是,它不是为了帮助您 - 买家 - 在任何方法。 Search your code for the $cnk variable if you want to know exactly what's being done.如果您想确切了解正在执行的操作,请在代码中搜索 $cnk 变量。 Or better yet, chalk this experience down to a loss and find a better way to learn coding.或者更好的是,将这种经历归结为一种损失,并找到一种更好的方式来学习编码。 There are plenty of books, video tutorials and free resources online.网上有很多书籍、视频教程和免费资源。 Do not place your trust in whoever sold you this code.不要相信任何向您出售此代码的人。 While they may not have been malicious (people suggested in comments that this might be part of a license check), anyone who includes something like this in their code is not someone you should be learning from.虽然它们可能不是恶意的(人们在评论中建议这可能是许可证检查的一部分),但在其代码中包含此类内容的任何人都不应该向您学习。
Good luck on your coding journey!祝你的编码之旅好运!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.