Of Stack

Microshield PHP script encryption expert PHP decryption algorithm

  • 2020-03-31 21:20:49
  • OfStack 
 
<?php 
/*********************************** 
* Wei dong PHP Encryption expert decryption algorithm  By : Neeao 
*http://Neeao.com 
*2009-09-10 
***********************************/ 

$filename="play-js.php";//The file to be decrypted
$lines = file($filename);//0 line

//The first base64 decryption
$content=""; 
if(preg_match("/O0O0000O0('.*')/",$lines[1],$y)) 
{ 
$content=str_replace("O0O0000O0('","",$y[0]); 
$content=str_replace("')","",$content); 
$content=base64_decode($content); 
} 
//Find the key in the content after the first base64 decryption
$decode_key=""; 
if(preg_match("/),'.*',/",$content,$k)) 
{ 
$decode_key=str_replace("),'","",$k[0]); 
$decode_key=str_replace("',","",$decode_key); 
} 
//Find the length of the string to intercept
$str_length=""; 
if(preg_match("/,d*),/",$content,$k)) 
{ 
$str_length=str_replace("),","",$k[0]); 
$str_length=str_replace(",","",$str_length); 
} 
//Intercepts encrypted text from a file
$Secret=substr($lines[2],$str_length); 
//echo $Secret; 

//Restore the ciphertext output directly
echo "<?phpn".base64_decode(strtr($Secret,$decode_key,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'))."?>"; 
?>

Microshield PHP script cracking 
 
<?php 
function get_filetree($path){ 
$tree = array(); 
foreach(glob($path . '/*') as $single){ 
if(is_dir($single)){ 
$tree = array_merge($tree,get_filetree($single)); 
} else { 
$tree[] = $single; 
} 
} 
return $tree; 
} 
function eval_decode($File) 
{ 
$Lines = file($File); 
$Content; 
if(preg_match("/O0O0000O0('.*')/", $Lines[1], $S)){ 
$Content = str_replace("O0O0000O0('", "", $S[0]); 
$Content = str_replace("')", "", $Content); 
$Content = base64_decode($Content); 
} else { 
return "file not encode!"; 
} 
$Key; 
if(preg_match("/),'.*',/", $Content, $K)){ 
$Key = str_replace("),'", "", $K[0]); 
$Key = str_replace("',", "", $Key); 
} else { 
return "not decode key!"; 
} 
$Length; 
if(preg_match("/,d*),/", $Content, $K)){ 
$Length = str_replace("),", "", $K[0]); 
$Length = str_replace(",", "", $Length); 
} else { 
return "not decode base64 string!"; 
} 
$Secret = substr($Lines[2], $Length); 
$Decode = "<?php".base64_decode(strtr($Secret,$Key,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')) ."?>"; 
file_put_contents($File, $Decode); 
return "file decode success!"; 
} 

$filelist = get_filetree("D:/PHPnow/htdocs/1"); 
foreach($filelist as $value){ 
echo $value." :tt".eval_decode($value) . "nr<br>"; 
} 
?>
Related articles: