1. 首頁
  2. 問答
  3. 如何解碼這個PHP代碼?

如何解碼這個PHP代碼?

2010-12-06 108 views
0

我想解碼這段代碼。我不知道它是什麼,只是它是某種代碼。 有人可以幫我嗎?如何解碼這個PHP代碼?

<?php if (!function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) 
{ 
    function T7FC56270E7A70FA81A5935B72EACBE29($TF186217753C37B9B9F958D906208506E) 
    { 
     $TF186217753C37B9B9F958D906208506E = base64_decode($TF186217753C37B9B9F958D906208506E); 
     $T7FC56270E7A70FA81A5935B72EACBE29 = 0; 
     $T9D5ED678FE57BCCA610140957AFAB571 = 0; 
     $T0D61F8370CAD1D412F80B84D143E1257 = 0; 
     $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[1]) << 8) + ord($TF186217753C37B9B9F958D906208506E[2]); 
     $T3A3EA00CFC35332CEDF6E5E9A32E94DA = 3; 
     $T800618943025315F869E4E1F09471012 = 0; 
     $TDFCF28D0734569A6A693BC8194DE62BF = 16; 
     $TC1D9F50F86825A1A2302EC2449C17196 = ""; 
     $TDD7536794B63BF90ECCFD37F9B147D7F = strlen($TF186217753C37B9B9F958D906208506E); 
     $TFF44570ACA8241914870AFBC310CDB85 = __FILE__; 
     $TFF44570ACA8241914870AFBC310CDB85 = file_get_contents($TFF44570ACA8241914870AFBC310CDB85); 
     $TA5F3C6A11B03839D46AF9FB43C97C188 = 0; 
     preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $TFF44570ACA8241914870AFBC310CDB85, $TA5F3C6A11B03839D46AF9FB43C97C188); 
     for (;$T3A3EA00CFC35332CEDF6E5E9A32E94DA<$TDD7536794B63BF90ECCFD37F9B147D7F;) 
     { 
      if (count($TA5F3C6A11B03839D46AF9FB43C97C188)) 
       exit; 
      if ($TDFCF28D0734569A6A693BC8194DE62BF == 0) 
      { 
       $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); 
       $TF623E75AF30E62BBD73D6DF5B50BB7B5 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]); 
       $TDFCF28D0734569A6A693BC8194DE62BF = 16; 
      } 
      if ($TF623E75AF30E62BBD73D6DF5B50BB7B5 & 0x8000) 
      { 
       $T7FC56270E7A70FA81A5935B72EACBE29 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 4); 
       $T7FC56270E7A70FA81A5935B72EACBE29 += (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]) >> 4); 
       if ($T7FC56270E7A70FA81A5935B72EACBE29) 
       { 
        $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) & 0x0F) + 3; 
        for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $T0D61F8370CAD1D412F80B84D143E1257++) 
         $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257] = $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012-$T7FC56270E7A70FA81A5935B72EACBE29+$T0D61F8370CAD1D412F80B84D143E1257]; 
         $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; 
        } 
       else{ 
        $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); 
        $T9D5ED678FE57BCCA610140957AFAB571 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) + 16; 
        for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571;$TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]);  $T3A3EA00CFC35332CEDF6E5E9A32E94DA++; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571;  }  }  else $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++];  $TF623E75AF30E62BBD73D6DF5B50BB7B5 <<= 1;  $TDFCF28D0734569A6A693BC8194DE62BF--;  if ($T3A3EA00CFC35332CEDF6E5E9A32E94DA == $TDD7536794B63BF90ECCFD37F9B147D7F)  {  $TFF44570ACA8241914870AFBC310CDB85 = implode("", $TC1D9F50F86825A1A2302EC2449C17196);  $TFF44570ACA8241914870AFBC310CDB85 = "?".">".$TFF44570ACA8241914870AFBC310CDB85."<"."?";  return $TFF44570ACA8241914870AFBC310CDB85;  } } } } eval(T7FC56270E7A70FA81A5935B72EACBE29("QAAAPGRpdiBzdHlsZT0iY2xlYQAQcjpib3RoOyI+PC8BoD4NCg1ABQoCMmlkPSJmb290ZXIiAVIJAWIACGNsYXNzPSJiaW5mbwMwYSBoAAByZWY9Ijw/cGhwIGVjaG8gAABnZXRfb3B0aW9uKCdob21lAAwnKTsgPz4vIiB0aXQHQQKzYmwhuG9nBEEoJ25hAkUGgSAAGAKvAqU8L2EAAD4gQWxsIHJpZ2h0cyByZXMEAGVydmVkDDUJRGVzaWduZWQgCABieSA8ClVodHRwOi8vd3d3LgAAd2ViaG9zdGluZ3JhbGx5LgBAY29tL1dlYi1IAVMvQnVzaW4IBWVzcy0BWC5odG1sIiA+AcUgAcBgwCADFAkRLiBDb2QHPwcxbW1vaHV0wAIGYQQARnJlZSBNTU9SUEdzA4EgYAp8Cj8KMGNvbnZleWFuYwpQLhSRcwAKb25zYWxlLmNvLnVrBIBDAhggAGBTb2xpY2l0b3IFPw9ncGhvdG8YkGFkcwQ3HOFpZmkLYEFkA6IuIFBvHCB3ZXIBEBOvE6NvcmRwFwBzLm9yZwtwLyI+VwEAUAEBDLEuI+IkhyFiZG9fYUcEYyEDd3BfJTMhUwLsL2JvZHkmwDwvgAAWoT4=")); ?>

來源

2010-12-06 rgksugan

+6

這似乎是模糊的PHP,其中大部分的時間是爲了試圖阻止某人在沒有權利時採取和使用信息來源。你試圖去混淆這個的原因是什麼? – Paul 2010-12-06 07:08:09

+1

你從哪裏得到這些代碼?爲什麼它對你感興趣? – 2010-12-06 07:09:33

回答

6

Th at-de-obfuscated時看起來像什麼。正如馬蒂已經指出的那樣,這是一個頁腳,哈哈。所有這些移位操作都是爲了移除我在參數字符串中用代碼#代替的非打印字符。在此

<?php 
    if (!function_exists("fn")) { 
     function fn($arg) { 
      $arg = base64_decode($arg); 
      $fn = 0; 

      $x = 0; 
      $y = 0; 
      $z = (ord($arg[1]) << 8) + ord($arg[2]); 
      $i = 3; 
      $j = 0; 
      $k = 16; 
      $str = ""; 
      $strlen = strlen($arg); 
      $file = __FILE__; 
      $file = file_get_contents($file); 
      $matches = 0; 

      preg_match(/(print|sprint|echo)/, $file, $matches); 

      for (;$i<$strlen;) { 
       // THIS LINE HERE'S HILARIOUS!!! 
       // IT TRYS TO PREVENT ONE FROM ECHOING ANYTHING WITHIN THAT CODE 
       if (count($matches)) exit; 
       if ($k == 0) { 
        $z = (ord($arg[$i++]) << 8); 
        $z += ord($arg[$i++]); 
        $k = 16; 
       } 

       if ($z & 0x8000) { 
        $fn = (ord($arg[$i++]) << 4); 
        $fn += (ord($arg[$i]) >> 4); 

        if ($fn) { 
         $x = (ord($arg[$i++]) & 0x0F) + 3; 

         for ($y = 0; $y < $x; $y++) 
          $str[$j+$y] = $str[$j-$fn+$y]; 

         $j += $x; 
        } else { 
         $x = (ord($arg[$i++]) << 8); 
         $x += ord($arg[$i++]) + 16; 

         for ($y = 0; $y < $x; $str[$j+$y++] = $arg[$i]); 

         $i++; 
         $j += $x; 
        } 
       } else $str[$j++] = $arg[$i++]; 

       $z <<= 1; 
       $k--; 

       if ($i == $strlen) { 
        $file = implode("", $str); 
        $file = "?".">".$file."<"."?"; 

        return $file; 
       } 
      } 
     } 
    } 

    $obfusc = <<<EOT 
@##<div style="clea##r:both;"></##> 

@# 
#2id="footer"#R #b##class="binfo#0a h##ref="<?php echo ##get_option('home##'); ?>/" tit#A##bl!#og#A('na#E## ######</a##> All rights res##erved#5 Designed ##by < 
Uhttp://www.##webhostingrally.#@com/Web-H#S/Busin##ess-#X.html" >## ##`# ## #. Cod#?#1mmohut###a##Free MMORPGs## ` 
| 
? 
0conveyanc 
P.##s# 
onsale.co.uk##C## #`Solicitor#?#gphoto##ads#7##ifi#`Ad##. Po# wer######ordp##s.org#p/">W##P####.##$#!bdo_aG#c!#wp_%3!S##/body&#</####> 
EOT; 
    eval(fn($obfusc));

來源

2010-12-06 07:49:37 aefxx

8

這是一個頁腳,屬於您下載的免費WordPress模板。如果你想要一個沒有頁腳,你有三種選擇:

  1. 找到一個
  2. 讓一個
  3. 購買一個

(我一直覺得這樣的頁腳真的很可愛,因爲他們是所以很容易擺脫 - 但似乎至少有一個人還沒有想到如何做到這一點,甚至試圖阻止我通過積極尋找這樣的嘗試來解碼它)

來源

2010-12-06 07:18:50

0

如果一個WordPress頁腳,

點擊查看源和複製頁腳HTML解碼PHP,然後只需編輯

來源

2010-12-06 08:20:52 Edmhs

相關問題

 相關問題