stackoom
  简体   繁体   中英

problem with php code not working. or i am doing something wrong

 原文  2011-04-06 00:47:31       php/ obfuscation

Question

I am trying to have this php code return the output of the second file.

File 1 

<?
$fin=fopen(__FILE__,'rb');
fread($fin,0x47a);
$code=base64_decode(strtr(fread($fin,0x17c),
    'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=',
    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'));
eval($code);
?>

Second File. 

kr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLT09NHeEXHr8XhtONT08XHeEXHr8Pkr8XTzEXT08XHtILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==tmklFbapFMagd25jcUEPwtwVRJ9jd25MDBFVFoiXwJLIKXppcJEPwolVfucidtEPwtOgA0aTA0lNTlSJdo9mDB5gCBOsDB5gDBWJbUEpwe09weEIhWp7tMilCBOlFJEPwtkSd2YifolvdjppdMOlGt5XDuEJhUE7tMa4DbWIhtEpweShgWpZcby1Dbklb29VC2AIhtEJRJ4vC2xiF3YlFZ9sDbYjRMc1dMHVFoiXwJLIKXpZcby1Dbklb29VC2AIhtEJRJ4vC2xiF3YlFZ9sCB5pFuaSCbOlRmnPFtwpweShkoOiforINUnVcbFIOoy0CA1idMlXfBxifo9ZwtIIhUE7tJO0DbOScUE9wtOLCbOiRT5zcBxlC3WIhtEJA2l0cA1idMymcbwJRtwQwJxiFmkiGUEPwtkTDbOlaMyZDByJdoAJNT4JA2l0cA5idBAJhUEpweShkuOpfoxlwe0IkuOpfoxlBznfweSh

Please help me understand what i am doing wrong and how i can make File 1 parse the data in file 2.

Thanks

1 answers

solution1
 0  2011-04-06 01:07:37

Don't use __FILE__ in the fopen() call -- use the name of the second file. The obfuscated File 1 looks to have some tight tolerances given its reads of 0x47a and 0x17c bytes.

File 1 opens itself, reads the first 0x47a bytes, reads the next 0x17c bytes, tries to match the 'Enter you... string, and the 'ABCDEF... string is interpreted as TRUE so strstr is going to return everything BEFORE the matching string.

It then tries to base64 decode that (offset 0x47a to the start of "Enter you...") and evaluate it as code.

Based on that description, I'd say the code in File 1 has been modified from its original form, since I can't see it as working properly. The file offsets don't make sense, and the matching doesn't make sense either.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Unicode and PHP - am I doing something wrong? Upvote button on website with JavaScript, Php, AJAX, MySql not working. What am I doing wrong? WordPress AuthorBox customization not working. What am I doing wrong? Curl redirection not working. What am I doing wrong? Is PHP usort really so slow or am I doing something wrong? Am I doing something wrong with the PHP SOAP_CLIENT? php foreach loop I am doing something wrong Is this a PHP preg_match bug or am I doing something wrong? Am I doing something wrong or php doesn't support this? Is AES GCM in the latest PHP broken or am I doing something wrong?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM