解码混淆的PHP源代码
[英]Decode obfuscated PHP source code
问题描述
How can I rewrite each file into readable code? 
如何将每个文件重写为可读代码?
For example in the source code there's variables like this: 例如,在源代码中有这样的变量:
${"\x47\x4c\x4f\x42\x41\x4cS"}["y\x61\x72\x64s\x70\x71"]="va\x6cu\x65";
How can I convert that into readable code such as: 如何将其转换为可读代码,例如:
$somevariable = "somevalue";
5 个解决方案
解决方案1
4 已采纳 2011-11-05 13:33:26
That's not UTF8, that's just some obfuscation someone thought of to make the script less readable. 那不是UTF8,那只是人们为了使脚本的可读性差一点而产生的混淆。 You can convert every string to its character representation. 您可以将每个字符串转换为其字符表示形式。 For instance \\x41 means 'captial A'. 例如, \\x41表示“ \\x41 A”。
You don't have to convert these values yourself. 您不必自己转换这些值。 When you echo the string, it will show its actual value. 当您回显字符串时,它将显示其实际值。
The accolades are just a way to use a string value for a variable name, so ${'foo'} = 10; 赞只是将字符串值用作变量名的一种方法,因此${'foo'} = 10; will set the variable $foo to 10. 将变量$foo设置为10。
In your case, you got a script that's messing with your globals. 就您而言,您的脚本弄乱了您的全局变量。
<pre><?php
//${"\x47\x4c\x4f\x42\x41\x4cS"}["y\x61\x72\x64s\x70\x71"]="va\x6cu\x65";
echo
'It means: ' .
'${"' . "\x47\x4c\x4f\x42\x41\x4cS" .
'"}["' . "y\x61\x72\x64s\x70\x71" . '"]="' .
"va\x6cu\x65" . '";<br>';
// = $GLOBALS['yardspq'] = 'value';
var_dump(${"\x47\x4c\x4f\x42\x41\x4cS"});
?>
解决方案2
4 2011-11-05 13:38:57
Just replace all occurrences of \\xNN with chr(NN) . 只需将所有出现的\\xNN为chr(NN) 。 For example: 例如:
$source = file_get_contents('obfuscated_source.php');
if (preg_match_all('/\\x(..)/', $source, $matches)) {
for ($i = 0, $len = count($matches[0]); $i < $len; ++$i) {
$source = str_replace($matches[0][$i], chr(hexdec($matches[1][$i])), $source);
}
}
file_put_contents('source.php', $source);
解决方案3
2 2011-11-05 13:36:46
Simply make it print out the plain strings, like: 只需使其打印出简单的字符串即可,例如:
<pre><?php
//${"\x47\x4c\x4f\x42\x41\x4cS"}["y\x61\x72\x64s\x70\x71"]="va\x6cu\x65";
print_r(
array(
"\x47\x4c\x4f\x42\x41\x4cS",
"y\x61\x72\x64s\x70\x71",
"va\x6cu\x65",
)
);
?></pre>
To me, it resulted in: 对我来说,它导致:
$GLOBALS["yardspq"]="value";
解决方案4
0 2016-09-21 18:01:51
I would use PHP de-obfuscators (reverse PHP encoding processors)... 我会使用PHP去混淆器(反向PHP编码处理器)...
Searching for "PHP deobfuscator" you may find many, the list grows as it is becoming common to find such in injected files from hacked websites. 在搜索“ PHP deobfuscator”时,您可能会发现很多,随着从被黑网站注入的文件中找到此类漏洞的列表变得越来越普遍,列表也越来越多。
Such injections are usually mass processed, so it may be possible to find solutions by experts for most cases. 此类注射剂通常经过批量处理,因此在大多数情况下,专家可以找到解决方案。
解决方案5
0 2011-11-05 13:30:41
I don't think there is any script that "clean" an obfuscated code. 我认为没有任何脚本可以“清除”混淆的代码。
For your commnent, that line is "equal" to something like 为了您的方便,该行与“
$array["key"] = 'value';
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.