Of Stack

The encryption method and principle of PHP

  • 2020-05-17 04:56:30
  • OfStack 
 
<?php 
// Variables note the distinction between Numbers  "0"  and   character "O" 
$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64'); 
//  Decode the encoded  URL  string ,  The decoded result is  fg6sbehpra4co_tnd 
$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5}; 
// Then put the   The decoded characters are respectively   achieve  4, 9, 3, 5  Inside the value and join in 1 Well, the result is  base .  
// Same as follows,   The end result is  base64_decode 
$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16}; 
$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5}; 
?> 


 
<?php eval($GLOBALS['OOO0000O0']('JElJSUlJSUlJSUlJST0naGVhZGVyJzskSUlJSUlJSUlJbDExPSdpc19maWxlJzs=')); 
// $GLOBALS  The variables that have been defined, $GLOBALS['OOO0000O0']  The value is  base64_decode,  Then use it to decode the following string, the result   is  $IIIIIIIIIIII='header';$IIIIIIIIIl11='is_file'; eval  Execute the extracted string and get the corresponding variable  
?> 


 
<?php /* */ 
$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15}; 
//  Ditto available  $OOO000O00 = 'fopen' 
$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14}; 
// $O0O000O00 = 'fget' 
$O0O000O0O=$O0O000O00.$OOO000000{11}; 
// $O0O000O0O = 'fgetc' 
$O0O000O00=$O0O000O00.$OOO000000{3}; 
// $O0O000O00 = 'fgets' 
$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16}; 
// $O0O00OO00 = 'fread' 
$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8}; 
// $OOO00000O = 'strtr' 
$OOO0O0O00=__FILE__; 
// Gets the current file path and file name  
$OO00O0000=0x100; 

eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NTI2KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdaQnhMYkZtQzYybHBja1hQYWRyR1VIOTRLN1FOUzVWdlJXenlpL2dPMEFUWU1EcXRvZkVJdStoZTNqd0oxOG5zPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs=')); 
/*  And the answer is  
$O000O0O00=$OOO000O00($OOO0O0O00,'rb');$O0O00OO00($O000O0O00,0x526);$OO00O00O0=$OOO0000O0($OOO00000O($O0O00OO00($O000O0O00,0x17c),'ZBxLbFmC62lpckXPadrGUH94K7QNS5VvRWzyi/gO0ATYMDqtofEIu+he3jwJ18ns=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'));eval($OO00O00O0); 

 It can be obtained by reduction and equivalent substitution  
$fp=fopen(__FILE__,'rb'); 
fread($fp,0x526); 
$buf = fread($fp,0x17c); 
$str=base64_decode(strtr($buf,'ZBxLbFmC62lpckXPadrGUH94K7QNS5VvRWzyi/gO0ATYMDqtofEIu+he3jwJ18ns=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')); 
eval($str); 
*/ 
return;?>eu~fQ\FRCgGpG@Lo`oQ2b8PcLBPcLBPcL+I5C2vSgHoNmFy7rRO4+8mrUfF4+1Opx6O6z3iGu8Pcb1oGIZopz6O6zoiGu8PcLZocb1olxdPGu1ocLZocb102b1oGIZoGu1ocxRiGIZocb1oGIZopxdPGIZoGIZocLZApx5QaOWcKi7DaIKENCByQ+WaK9dEd+H6XGdpk+FXUIH95/24VO/Aph5PcbFU9U+bS4dt7iH25rD07GkT5u0fXmjIPrSM2uFxaudFdi56rUApGb+XG+BdU/kUHH749F/QK92y7mHg7hWAQgDMN9jtSCFESed+5O53V40ocG6IkLUhkIRjlE1OlriAXh7yNm8I7rRiGIZocb1oGIZolGD/5gFMlxdPGIZoGIZoGIZAXo==xzd2rU/2rU/2rU/Mc9oRPrZidufPaiFcU+MOrU/2rU/2rU/2NLbf2+u02hfAKz8yNhjgQ9SqSmWo2EiJxg/g6xRirU/2rU/2rU/2NLFM6Lu8PrBuSOH/laAJ2b5cGu2BGFkN2u/2rU/2rU/2rU/2rr55lx2cNhkW5m/tNy0RQxjoQCZzlGD8xgHMShUlVEdCGb8xaUfG9E52rU/2rU/2rU/2rUiO4rRzGm8yK4dANh3w6m/qSedWNmozlGD8xR==kLHgJcZ[ZM
Related articles: