php multi base programming practice for detecting picture trojans
- 2020-06-01 08:25:13
- OfStack
Not long ago, I applied to join an open source organization and they asked me to write a function to check if there is a Trojan script in the picture.
In fact, I did not know anything at the beginning of 1, but later looked up some information on the Internet, found all have made a picture of the Trojan tutorial, and did not find the detection process.
After a few thoughts, decided to make from the principle of the Trojan program to analyze. This trojans program is written in base 106 code, I was inspired to move 1, wrote the following upload class. Finally passed the organization test. Ha ha
Now take it out to share with everyone, what is not good, please correct! anyon@139.com;
In fact, I did not know anything at the beginning of 1, but later looked up some information on the Internet, found all have made a picture of the Trojan tutorial, and did not find the detection process.
After a few thoughts, decided to make from the principle of the Trojan program to analyze. This trojans program is written in base 106 code, I was inspired to move 1, wrote the following upload class. Finally passed the organization test. Ha ha
Now take it out to share with everyone, what is not good, please correct! anyon@139.com;
<?php
/**
+------------------------------------------------------------------------------
* Upload File upload class
+------------------------------------------------------------------------------
* @package Upload
* @author Anyon <Anyon@139.com>
* @version $Id: Upload.class.php 2013-3-20 21:47:23 Anyon $
+------------------------------------------------------------------------------
*/
class Upload {
private static $image = null;
private static $status = 0;
private static $suffix = null;
private static $imageType = array('.jpg', '.bmp','.gif','.png');
private static $message = array(
'0' => ' No error occurred and the file was uploaded successfully. ',
'1' => ' More files have been uploaded php.ini In the upload_max_filesize The value of the option limit. ',
'2' => ' The size of the uploaded file is over HTML In the form MAX_FILE_SIZE The value specified by the option. ',
'3' => ' Only part of the file is uploaded. ',
'4' => ' No file uploaded. ',
'5' => ' Documents that failed the security check. ',
'6' => ' The temporary folder could not be found. ',
'7' => ' File write failed. ',
'8' => ' File types are not supported ',
'9' => ' The uploaded temporary file is missing. ',
);
//@ Start the file upload
public static function start($feild = 'file') {
if (!empty($_FILES)) {
self::$status = $_FILES[$feild]['error'];
if (self::$status > 0)
return array('status' => self::$status, 'msg' => self::$message[self::$status]);
self::$image = $_FILES[$feild]['tmp_name'];
self::$suffix = strtolower(strrchr($_FILES[$feild]['name'], '.'));
return array('status' => self::_upload(), 'path' => self::$image, 'msg' => self::$message[self::$status]);
} else {
return array('status' => self::$status, 'msg' => self::$message[self::$status]);
}
}
//@ private Upload begins
private static function _upload($path = './upload/') {
date_default_timezone_set('PRC');
$newFile = $path . date('Y/m/d/His') . rand(100, 999) . self::$suffix;
self::umkdir(dirname($newFile));
if (is_uploaded_file(self::$image) && move_uploaded_file(self::$image, $newFile)) {
self::$image = $newFile;
if (in_array(self::$suffix, self::$imageType))
return self::checkHex();
else
return self::$status = 0;
} else {
return self::$status = 9;
}
}
//@ private 16 In system testing
private static function checkHex() {
if (file_exists(self::$image)) {
$resource = fopen(self::$image, 'rb');
$fileSize = filesize(self::$image);
fseek($resource, 0);
if ($fileSize > 512) { // Take a head and tail
$hexCode = bin2hex(fread($resource, 512));
fseek($resource, $fileSize - 512);
$hexCode .= bin2hex(fread($resource, 512));
} else { // Take all
$hexCode = bin2hex(fread($resource, $fileSize));
}
fclose($resource);
/* matching 16 In the base <% ( ) %> */
/* matching 16 In the base <? ( ) ?> */
/* matching 16 In the base <script | /script> Case may also */
if (preg_match("/(3c25.*?28.*?29.*?253e)|(3c3f.*?28.*?29.*?3f3e)|(3C534352495054)|(2F5343524950543E)|(3C736372697074)|(2F7363726970743E)/is", $hexCode))
self::$status = 5;
else
self::$status = 0;
return self::$status;
} else {
return self::$status = 9;
}
}
//@ private Create a directory
private static function umkdir($dir) {
if (!file_exists($dir) && !is_dir($dir)) {
self::umkdir(dirname($dir));
@mkdir($dir);
}
}
}