Не знаю туда ли запостил Но чем расшифровать такой код? PHP: <?php if (!function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) { function T7FC56270E7A70FA81A5935B72EACBE29($TF186217753C37B9B9F958D906208506E) { $TF186217753C37B9B9F958D906208506E = base64_decode($TF186217753C37B9B9F958D906208506E); $T7FC56270E7A70FA81A5935B72EACBE29 = 0; $T9D5ED678FE57BCCA610140957AFAB571 = 0; $T0D61F8370CAD1D412F80B84D143E1257 = 0; $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[1]) << 8) + ord($TF186217753C37B9B9F958D906208506E[2]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA = 3; $T800618943025315F869E4E1F09471012 = 0; $TDFCF28D0734569A6A693BC8194DE62BF = 16; $TC1D9F50F86825A1A2302EC2449C17196 = ""; $TDD7536794B63BF90ECCFD37F9B147D7F = strlen($TF186217753C37B9B9F958D906208506E); $TFF44570ACA8241914870AFBC310CDB85 = __FILE__; $TFF44570ACA8241914870AFBC310CDB85 = file_get_contents($TFF44570ACA8241914870AFBC310CDB85); $TA5F3C6A11B03839D46AF9FB43C97C188 = 0; preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $TFF44570ACA8241914870AFBC310CDB85, $TA5F3C6A11B03839D46AF9FB43C97C188); for (;$T3A3EA00CFC35332CEDF6E5E9A32E94DA<$TDD7536794B63BF90ECCFD37F9B147D7F;) { if (count($TA5F3C6A11B03839D46AF9FB43C97C188)) exit; if ($TDFCF28D0734569A6A693BC8194DE62BF == 0) { $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); $TF623E75AF30E62BBD73D6DF5B50BB7B5 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]); $TDFCF28D0734569A6A693BC8194DE62BF = 16; } if ($TF623E75AF30E62BBD73D6DF5B50BB7B5 & 0x8000) { $T7FC56270E7A70FA81A5935B72EACBE29 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 4); $T7FC56270E7A70FA81A5935B72EACBE29 += (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]) >> 4); if ($T7FC56270E7A70FA81A5935B72EACBE29) { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) & 0x0F) + 3; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $T0D61F8370CAD1D412F80B84D143E1257++) $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257] = $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012-$T7FC56270E7A70FA81A5935B72EACBE29+$T0D61F8370CAD1D412F80B84D143E1257]; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } else { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); $T9D5ED678FE57BCCA610140957AFAB571 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) + 16; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA++; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } } else $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]; $TF623E75AF30E62BBD73D6DF5B50BB7B5 <<= 1; $TDFCF28D0734569A6A693BC8194DE62BF--; if ($T3A3EA00CFC35332CEDF6E5E9A32E94DA == $TDD7536794B63BF90ECCFD37F9B147D7F) { $TFF44570ACA8241914870AFBC310CDB85 = implode("", $TC1D9F50F86825A1A2302EC2449C17196); $TFF44570ACA8241914870AFBC310CDB85 = "?".">".$TFF44570ACA8241914870AFBC310CDB85."<"."?"; return $TFF44570ACA8241914870AFBC310CDB85; } } } } eval(T7FC56270E7A70FA81A5935B72EACBE29("QAIAPD9waHAgABBkZWZpbmUgKCAAACdETEVfRk9SVU0nLCB0cnUIAGUgKTsCACBjbGFzcyBkbGVfAARmb3J1bV9pbml0ICB7AbBwcgAAaXZhdGUgZnVuY3Rpb24gcwAAZW5kX2tleSAoJHF1ZXJ5LAADICRvdGhlcnMgPSAnJykDMANxAhAgJGhvc3QBMXd3dy4FkC1maWwDAmVzLnJ1JwcSAnAgJHBhdGgCMS8A3mV4dHJhcy9hBiAG0S4LcAJ5BKECgCIIAFBPU1QDZEhUVFAvMS4xXHJcJBZuIgUiJHACcS49ICJIAJA6CBMB/yAAACJDb250ZW50LXR5cGU6IGECKHBwbGljYQ2xL3gtCtAtECBtLXUAVHJsZW5jb2RlZAQxew40fQa9VXMEAGVyLUFnBPA6IE1vemlsbGEgHgA0LjADQQK9B3UFgGd0aDogIi5zdMZEBlEUdCkuIgNvCtJuZRFwb246GlBvc34AZQJRAEEX0wZTFNIUoUBmc29ja29wZSEGbigYAiwgODAaAGVycm5vAIMHQCwYACAzMB9jA4FpZiAoISRoKXsgJFAgchZAQBpxX2dldF9jEnNzKCJodADhdHA6Ly8iIC4VUwCBG7IuICI/AWLYYCCSBUB9BSEAQWVsc2UAgSCyIGZ3cmk/HXRlCTAIQBphAqAB0RaQKCRhB1AKQQfRJx9QCgghJGE7CNFiAYBmcmVhZANyODE5cIwyA2AKMB4QJGI7IAOCKCgkAnAncz8gDH8xIDogDZEIU2ZjbBLgA9ADcAbQAVMAkA8BqAQQUGkAQCgPMCwgImFudHc6J7VkIgAHICkpIHJldHVybiAiMRYDA08DQgXfZGVuaWUDGzADEwaABEYtBFMIFDT+NKIzZ4GAEUB1bV9oYXMc8QpAX3JlcGxhY2gCZRhnCyAiFIBfU0VSVkVSWycwoV9MAEgxoCddDrMK5HRvbG93ZXIoc3UCVmJzdHIoJAWnLCAXEDQOcD0TsC8gLvTwO2Af8AIXF7BzA28gNAYADHIEyAKwcmVzZQI3dChleHBsMvAoJy9FoAIYKQNQEPABKLpxAz86Az8DMAyPcwyPIDYMhAviDK89IHMMr5BCA1A7IAyvIG1kNSgAQV9fRklSgF9ADS4LaC4ndi4yLjQuMCcNJAogICKE6DACeEixBaIgUydjaGVja1MzHpZnbG9iGNBhbCADpDbAZmlnA8EFYSAPoSR0aGkRmnMtPiHwKCkgGpACqlsnAYAfAHsIJVQcL1JVRQ0xN4IBZkZBTFMBciAO4wlILwRdET/KKCQE0AmeCTMmkBWSQOEKIADxX2wKlyQCY1sEgCdjaGFyIGAnXR3QKCRsYW5nW7PAAUghJoAmQD8gAa5acAQ+EHYkZG9tYWlgA24FMFjmKHN0cmlwX3RhZ3NoADBP7WARQCcEDUAgA6ADBygDoG0OwwI0YnVmZmW0gEeBJBbDbaciB6M9ewg0fSZwcm9kdTwYY3QcYQFgBdABN2lkPTEiBTMb4XN3aR4AdGNoCeAF8xWRdJIgIGNhc2UgIi0bJDEiOgKBAEMkAmMKoCRmFaBbJwpgYWxEW18Z8DEnXRCmICBiULBrAQgEwzAEvw0Cv9QEvDIEvwS+CWsfWSbUCjESgw/gKA8HIGFQYW7QAH4gB6FmZ8JFTkdJTkVfRElSLicDvC9kYXRhLwUJfeJMYHcTVWH2BHMBsDw/AABQSFAgXG5cbi8vU3lzdGVtZWEgc/AoEHVyeqJzAbFcMToJ8GFycmGJcNMAAcEFtm8TgGNoT+UmwyBhcyAkbmFtABllID0+ICR2YWx1ZWcgCG8newJiIhx9JwKBXCJ7ArN9XCIsBjU+owOvKTufWAIhPz4IdmjVDiMT2iAfaSATMxtvG2hkZWYO82F1bHQkvxCQJL00BK8EogvzKJBAaHaQYsCgRpHMdJmAL2NzczsgPgQ9Ii4/PwzjZQz4Y2hvICzkBdJkaacQAcIGdG++dFBpX24NcHVsbCBOMKbjIFGFZH5ACZAAMSRkYi1AFD6GIigiVVBEQVRFIIdRVXAQUFIIgUVGSViJACJfdZigcyBTRVQgAKECA19ncm91cBCwNSBXSEVSRQFbOvmRoA+lTG+gUzogLxtjC2Rmr4V2ZXJpZgreeWluZz2waHoDMD3RjjIkk3IBdGQxAQFzDABpemUoMMowci9zb3VyY2VzL2MGPm9tcG9uo8AAs2lsZTGyZghgowTBgTMh/+BgkQZhB5FFZEvUFNY5tAvxAEEUIAw2YWRtaW7nyhbfHTRd0W9yh+AyYwDxSSAAcG9wseFzAKBsORxfZhrwHfIFgCAkpZBvcl80s8TyAbZyZQAfcXVpcmVfb25jZSAQSkEPvuoDn0SVoGMT02xlwHVhZ2UvJyi3AUFzJ11G0A4iD5YubG5npKAKIQBAdNh4ligpPxAkDOMiUGZ/62Gq8HP4AafSMQGRBIAAMQnfCdsH8i8XBXMc8hE/4dYRPg2jA9N0YWJsIIMDnwOfbxsALwOTBFBt8b8HHxhPWUECwHVtL99SKIFhEZADtiNQADBdYF0wg0jg6T0gbmV34jwKMiQCmy0+MqYoJzMAADM3Y2Q3M2EzMTQ2NGRkNGEAA2RmYzNjNWRiYzM1NmNklNAEMoAeGkJfUkVRVUVTVFsnCfJwQeexijAnw/6FcN2AeWVzIi+QNxEYnxiVJf8l+AN/A3UHMi9d2Gwl3ycBQSXfIOEgD657cAs0KDRQEIB0X3UnA25p5HEoJA39dGCK5iAgZXhpdBCwF6IAAD8+")); ?>
PHP: <?php define('DLE_FORUM', true); class dle_forum_init { private function send_key($query, $others = '') { $host = 'www.dle-files.ru'; $path = '/extras/activate.php'; $post = "POST $path HTTP/1.1\r\n"; $post .= "Host: $host\r\n"; $post .= "Content-type: application/x-www-form-urlencoded\r\n{$others}"; $post .= "User-Agent: Mozilla 4.0\r\n"; $post .= "Content-length: " . strlen($query) . "\r\n"; $post .= "Connection: close\r\n\r\n$query"; $h = @fsockopen($host, 80, $errno, $errstr, 30); if (!$h) { $r = @file_get_contents("http://" . $host . $path . "?" . $query); } else { fwrite($h, $post); for ($a = 0, $r = ''; !$a; ) { $b = fread($h, 8192); $r .= $b; $a = (($b == '') ? 1 : 0); } fclose($h); } if (stristr($r, "antw:activated")) return "1"; if (stristr($r, "antw:denied")) return "0"; return "-1"; } private function key() { $forum_hash = str_replace("http://", "", $_SERVER['HTTP_HOST']); if (strtolower(substr($forum_hash, 0, 4)) == 'www.') { $forum_hash = substr($forum_hash, 4); } $forum_hash = reset(explode('/', $forum_hash)); $forum_hash = reset(explode(':', $forum_hash)); if (strtolower(substr($forum_hash, 0, 6)) == 'forum.') { $forum_hash = substr($forum_hash, 6); } $forum_hash = md5(md5(__FILE__ . $forum_hash . 'v.2.4.0')); return $forum_hash; } function check_key() { global $forum_config; if ($this->key() == $forum_config['key']) { return true; } else { return false; } } function activation($key) { global $config, $forum_config, $f_lg; $config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset']; $domain = urlencode(strip_tags($_SERVER['HTTP_HOST'])); $key = strip_tags(trim($key)); $buffer = $this->send_key("domain={$domain}&product_key={$key}&product_id=1"); switch ($buffer) { case "-1": $buffer = $f_lg['trial_act1']; break; case "0": $buffer = $f_lg['trial_act2']; break; case "1": $forum_config['key'] = $this->key(); $handler = fopen(ENGINE_DIR . '/data/forum_config.php', "w"); fwrite($handler, "<?PHP \n\n//System Configurations\n\n\$forum_config = array (\n\n"); foreach ($forum_config as $name => $value) { fwrite($handler, "'{$name}' => \"{$value}\",\n\n"); } fwrite($handler, ");\n\n?>"); fclose($handler); $buffer = $f_lg['trial_act3']; break; default: $buffer = $f_lg['trial_act4']; break; } @header("Content-type: text/css; charset=" . $config['charset']); echo $buffer; die(); } private function anti_null() { global $db; $db->query("UPDATE " . USERPREFIX . "_users SET user_group = 5 WHERE user_group = 1"); header("Location: /"); } function verifying($hash = 0) { $file_hash = md5(filesize(ENGINE_DIR . '/forum/sources/components/compile.php')); if ($file_hash !== $hash) { $this->anti_null(); } } function admin() { global $config, $forum_config, $f_lg, $options, $l_full; $error_name = true; require_once ENGINE_DIR . '/data/forum_config.php'; require_once ENGINE_DIR . '/forum/language/' . $config['langs'] . '/admin.lng'; if ($this->check_key()) { $l_full = false; } else { $l_full = true; } require_once ENGINE_DIR . '/forum/admin/functions.php'; require_once ENGINE_DIR . '/forum/admin/table.php'; require_once ENGINE_DIR . '/forum/admin/form.php'; require_once ENGINE_DIR . '/forum/classes/cache.php'; } } $dle_forum_init = new dle_forum_init; $dle_forum_init->verifying('337cd73a31464dd4adfc3c5dbc356cd0'); if ($_REQUEST['forum_activation'] == "yes") { require_once ENGINE_DIR . '/data/forum_config.php'; require_once ENGINE_DIR . '/forum/language/' . $config['langs'] . '/admin.lng'; $dle_forum_init->activation(convert_unicode($_REQUEST['forum_key'])); exit; } ?>
rider1203, лови: PHP: <?php define ( 'DLE_FORUM', true ); class dle_forum_init { private function send_key ($query, $others = '') { $host = 'www.dle-files.ru'; $path = '/extras/activate.php'; $post = "POST $path HTTP/1.1\r\n"; $post .= "Host: $host\r\n"; $post .= "Content-type: application/x-www-form-urlencoded\r\n{$others}"; $post .= "User-Agent: Mozilla 4.0\r\n"; $post .= "Content-length: ".strlen($query)."\r\n"; $post .= "Connection: close\r\n\r\n$query"; $h = @fsockopen($host, 80, $errno, $errstr, 30); if (!$h) { $r = @file_get_contents("http://" . $host . $path . "?" . $query); } else { fwrite($h, $post); for($a = 0, $r = ''; !$a;){ $b = fread($h, 8192); $r .= $b; $a = (($b == '') ? 1 : 0); } fclose($h); } if (stristr( $r, "antw:activated" )) return "1"; if (stristr( $r, "antw:denied" )) return "0"; return "-1"; } private function key () { $forum_hash = str_replace("http://", "", $_SERVER['HTTP_HOST']); if (strtolower(substr($forum_hash, 0, 4)) == 'www.') { $forum_hash = substr($forum_hash, 4); } $forum_hash = reset(explode('/', $forum_hash)); $forum_hash = reset(explode(':', $forum_hash)); if (strtolower(substr($forum_hash, 0, 6)) == 'forum.'){ $forum_hash = substr($forum_hash, 6); } $forum_hash = md5(md5(__FILE__.$forum_hash.'v.2.4.0')); return $forum_hash; } function check_key () { global $forum_config; if ($this->key() == $forum_config['key']){ return TRUE; } else { return FALSE; } } function activation ($key) { global $config, $forum_config, $f_lg; $config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset']; $domain = urlencode(strip_tags ($_SERVER['HTTP_HOST'])); $key = strip_tags(trim($key)); $buffer = $this->send_key ("domain={$domain}&product_key={$key}&product_id=1"); switch ($buffer) { case "-1": $buffer = $f_lg['trial_act1']; break; case "0": $buffer = $f_lg['trial_act2']; break; case "1": $forum_config['key'] = $this->key(); $handler = fopen(ENGINE_DIR.'/data/forum_config.php', "w"); fwrite($handler, "<?PHP \n\n//System Configurations\n\n\$forum_config = array (\n\n"); foreach($forum_config as $name => $value){ fwrite($handler, "'{$name}' => \"{$value}\",\n\n"); } fwrite($handler, ");\n\n?>"); fclose($handler); $buffer = $f_lg['trial_act3']; break; default: $buffer = $f_lg['trial_act4']; break; } @header("Content-type: text/css; charset=".$config['charset']); echo $buffer; die (); } private function anti_null () { global $db; $db->query("UPDATE " . USERPREFIX . "_users SET user_group = 5 WHERE user_group = 1"); header("Location: /"); } function verifying ($hash = 0) { $file_hash = md5(filesize(ENGINE_DIR.'/forum/sources/components/compile.php')); if ($file_hash !== $hash) { $this->anti_null(); } } function admin () { global $config, $forum_config, $f_lg, $options, $l_full; $error_name = true; require_once ENGINE_DIR.'/data/forum_config.php'; require_once ENGINE_DIR.'/forum/language/'.$config['langs'].'/admin.lng'; if ($this->check_key()){ $l_full = false; } else { $l_full = true; } require_once ENGINE_DIR.'/forum/admin/functions.php'; require_once ENGINE_DIR.'/forum/admin/table.php'; require_once ENGINE_DIR.'/forum/admin/form.php'; require_once ENGINE_DIR.'/forum/classes/cache.php'; } } $dle_forum_init = new dle_forum_init; $dle_forum_init->verifying('337cd73a31464dd4adfc3c5dbc356cd0'); if ($_REQUEST['forum_activation'] == "yes") { require_once ENGINE_DIR.'/data/forum_config.php'; require_once ENGINE_DIR.'/forum/language/'.$config['langs'].'/admin.lng'; $dle_forum_init->activation(convert_unicode($_REQUEST['forum_key'])); exit; } ?>
#Wolf# Функция массдекрипт - раскодирует все файлы в заданной папке (включая подпапки) с таким способом обфускации ТСу первая функция пригодится - $times=1 PHP: <?php $dir = "."; function decrypt($data,$filename,$times=1) { error_reporting(0); function bulk($str) { $str = preg_replace('~^\?\>~','',$str); return str_ireplace(array('<?php','<?','?>','eval','__FILE__'),array('','','/*','echo','$_FILE__'),$str); } $f = $data; $_FILE__=$filename; for ($i=0;$i<$times;$i++) { ob_start(); eval(bulk($f)); $f = ob_get_contents(); ob_end_clean(); } return preg_replace(array('~^\?\>~','~\<\?$~'),'',$f); } function massdecrypt($dir) { if(!is_dir($dir)) return $out.="$dir - не папка"; $dirs = scandir($dir); foreach ($dirs as $one) { if ($one =='.' || $one =='..') continue; echo $one.' - '; $one = realpath($dir.'/'.$one); if (is_dir($one)) {echo "папка<br>\r\n";massdecrypt($one);continue;} $in=file_get_contents($one); if (stripos($in,'$OOO0000O0=$OOO000000')===false || stripos($in,'massdecrypt')!==false) {echo "пропущено<br>\r\n"; continue;} file_put_contents($one, decrypt($in,$one,6)); echo "обработано<br>\r\n"; flush();ob_flush(); } } massdecrypt($dir); flush();ob_flush(); ?>