Вот как его перевести в нормальный что писали до непомогло Help ) PHP: <?php $OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64'); $OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5}; $OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16}; $OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5}; $OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15}; $O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14}; $O0O000O0O=$O0O000O00.$OOO000000{11}; $O0O000O00=$O0O000O00.$OOO000000{3}; $O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16}; $OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8}; $OOO0O0O00=__FILE__; $OO00O0000=0x1574; eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NGJhKTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgzNzgpLCdhNTdiOGUzY2ZkMEZEQ0VCQUdnSGhJaUpqS2tMbE1tTm5Pb1BwUXFSclNzVHRVdVZ2V3dYeFl5WnoxMjQ2OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs=')); return;?>s^efOAULB}eU|PfMyOSL3hrfJ5wKiMNLiexjynrdwCm07nu0Qvu0H9qki1pFJCQlRKQlQvulRhSd7CSdwvpHXavD89BDb5BBgOSlZCQM7npJYCehQKehQtRhxIgIpIgJx15HhhRJgp/de9HGIdiGIdLdYCehQKehQ9EAhYedYx203QXlyIx07GNhxIgIpIgiwMfIeGAJxOBhYARJgp/de9HGIdiGIdLdxOhIe5Ng89HI7MMEoOSlZCQM7npgeGhhe9HGIdiGIdNIpeghYtRhxIgIpIgJx15HhhRJgp/d8OhIe5NhxIgIpIgJYK5hQCLdYCehQKehQ9EAhYedYx203QXlyIx07GfIeGAJYCehQKehQ9iAIdHiwMfIeGAJxOBhYARJgp/d8OhIe5NhxIgIpIgJYK5hQCLdxOhIe5Ng89HI7MMEolR0gpS0gpSK3QQ07GBDbavHx6vD86udXrnI3OSlw5XjZdSlcAnkJDnL39PkyIpfcGVf3euLZGrKJfnK39UjiQuFolSEwGBHXavHXavHXa9lZGwJZdQl3WOjyhrdY9NGpQDGI9Ndwvodwfud89BHX5BD86vD7zodwftd89BHXavDb5BD7npHx9BDbavDb5B07GBD86vD89BDbard86vDb5BD86vD7vpHx6vD86vDbav0gvRjHhZjPOQDyCqKb53G8CeApecKxOrgiQ0kpUTH3WCLh1uHy9AleeWhRdHlYGxIJIiMQMZicOKmIS2DHfxCPpTFXxRF7M5ApC8GhKcg8Q0gxWCHp9AhIdHIeIiIYOKiqeojyGQKqMrkiSTL3YuLZ5WlRCxMJKZmcQ2Db8wDXAYCPlzEgtVdwpS0HUqjyWVlyhrd86vDb5BD86vD7p4KJKOL7npHx6vD86vD86v0Ht=7qIwlq9wJZdQl39wM3QuKwOeJxeDHe1eJx1BI8QbGgp47qGQKqQuKgarf7MhghYeholtLiQPlq9xkiYQ0b8S0Ht0K3Iqki1Qf7nndxWCdwWxlRIQf7p47qGQKqQuKgarf7MgHx9hJxGdholtK3QwLqeUKgarfe9NGpQDGI9Nf7pn0Ht0K3Iqki1Qf7nndxWCJxGdholthp9BIe98gIfnFolVKi1Rki1Qdwp47qGQKqQuKgarf7MDHI98gIdNAhGCdwWgHx9hJxGdhoaudw9OK3YSLolSEvSXKJCXki9uJZCxjJdx07p47qQujyWYK3hnH8YNG8Qgf7zRFyCVLqKSKw9PLy1qkilul3OvdXt0ki1PLcIpKg5DHI98gIfnFolVjy9uKqQRFy9xk3IwFqCVLqKSKw1vkcaREvSSLqCtMiGQf8WCJxGdhoaudw9PLy1qkilVLJQXlivujy9uKqQRFR5rl7l47qQujyWYK3hnH8YNG8Qgf7zRFyCtjJCXKJDVMc5tFqCtjJCXFR5rl7l47qQujyWYK3hnH8YNG8Qgf7zRFyCtjJCXKJDVLJQXlivujyWOlZDul3OvdXt0ki1PLcIpKg5DHI98gIfnFolVjyWOlZCQlw9UjiQtFqCtjJCXFR5rl7l47qQujyWYK3hnH8YNG8Qgf7zRFyCtjJCXKJDVjJIxk71PL3eXlw1vkcaREvSSLqCtMiGQf8WCJxGdhoaudw9PL3eXlyIXFyYOkizujyWOlZDul3OvdXt0ki1PLcIpKg5DHI98gIfnFolVKRIujZGSLyzVLieSLo1vkcaREvSSLqCtMiGQf8WCJxGdhQ95G8xnFolVM3eoFR5rl7l47qQujyWYK3hnhp9BIe98gIfnFolVL3euKZDVlRIXlyQOLo9OK3YSLo1vkcaREvSSLqCtMiGQf8WCJxGdhoaudw9RmqGVjw1vkcaREvSqMi1PM3QVLo5UjiQuJyYQLRhr0Jt0KyWVjqetf7GPLy1qF7Gxjiftd3YOkiz47oGOjZAnf7anBgapJxMeIetRjiCxdYx47oGSK7anf7anBgapJxMeIetRkiARJHt0d3znf7anf7a9f7GNGxIhiwMudYx47oGWf7anf7anBgapJxMeIetRlgMMEvSXMyQxjynrde9cGIGLdyePM7MM0g547qCOlyhndyMOLihREnSSLqCtMiGQf8WCJxGdhQ95G8xnFolVjiCxki9uFyMOLihul3OvdXt0jRdQjit47qCOlyhndZIXKJfREnSSLqCtMiGQf8WCJxGdhQ95G8xnFolVjiCxki9uFZIXKJful3OvdXt0jRdQjit47qCOlyhndZ5UdXr0ki1PLcIpKg5DHI98gIdNAhGCf7zRFyePM3QVLo9vLg1vkcaREvSolqIOkXt0jyeXKgaRjy9uKol27qQujyWYK3hnH8YNG8QgJxe8Hgaudw9OjZGSLyzVjy9uKo1vkcaREvSolqIOkXt0jyeXKgaRK3fREnSSLqCtMiGQf8WCJxGdhQ95G8xnFolVjiCxki9uFyGoFR5rl7l47qdwKieTEvSPjJCQf7MXM3exlwl27qQujyWYK3hnH8YNG8QgJxe8Hgaudw9OjZGSLyzVlZGOMcDul3OvdXt0jRdQjit47qCOlyhndyWVKZDREnSSLqCtMiGQf8WCJxGdhQ95G8xnFolVjiCxki9uFyWVKZDul3OvdXt0jRdQjit47qCOlyhndZdQlZ5VLRCQdXr0ki1PLcIpKg5DHI98gIdNAhGCf7zRFyePM3QVLo9wKJCvLy1XKg1vkcaREvSolqIOkXt0jyeXKgaRjqeuLqIwlwl27qQujyWYK3hnH8YNG8QgJxe8Hgaudw9OjZGSLyzVjqeuLqIwlw1vkcaREvSolqIOkXt0jyeXKgaRlZGOM3QPdXr0ki1PLcIpKg5DHI98gIdNAhGCf7zRFyePM3QVLo9XM3exkiDul3OvdXt0jRdQjit47qCOlyhndyWVKy9YM7l27qQujyWYK3hnH8YNG8QgJxe8Hgaudw9OjZGSLyzVL39RLZIxFR5rl7l47qdwKieTEvSpKiKOMiWxfbr0ki1PLcIpKg5DHI98gIdNAhGCf7zRFyePM3QVLo9UjiQuFR5rl7l47qdwKieTEvS97oGUjiQuFH1xl3vUBqWVjiArhp9BIe98gIfnFolVlyUSLRDVjiGUkizVki1pKJnul3Ovdwp47oGUjiQuFH1xl3vUBRGSM3WQ07NBzEZQ2/vn6+/vzEFT1mZr/wlSEvrpLieSLox+Mc5tFH1XKJArdZUxk3IUKJxRF7MXkyQulw9OK3YSLolSEvrpLieSLox+Mc5tFH1XKJArdZUUjiQuNgltd3CVLRGQLRGX0Ht0d3YOkizUBRGvL7x+lyIx07M4M3eoNgltdcGOjop47oGUjiQuFH1xl3vUBRCQM7nRmyepLiQulZxRF39uL3QuKI9OK3YSLRDr0gp47oGUjiQuFH1xl3vUBRCQM7nRmZ5OM3O9dwvpjy9uKQtRjiGUki1Nl3exk7MM0Ht0d3YOkizUBRGvL7x+lyIx07M4MqIwlyQVLRxRF7GPLy1qiwMyKJdXki9uJyQpdYxSEvrpLieSLox+Mc5tFH1XKJArdZUZKiWPLyYQNgltd6HuzNbufE/u1ubT4uFn6VvndwzpLieSLox+jJIxk7x+MJCQlq1OLihudwznvubzf8QAEoaRFqMQM3IuMonRhpICHYGeJxe8GefR0gp47oGUjiQuFH1xl3vUBRCQM7nRmyUQmJxRF7GPLy1qiwMTKJpRJgp47R5wki1xf7nOKqQtKI9Qm3QXMcDrdyQulZGOL3vR0gpnBwGUjiQuFH1xl3vUBRCrLZlrdyOSK3hR0ga2f7GUjiQuFH1xl3vUBqCtKiew07p47oGUjiQuFH1xl3vUBR5OlRCQ07p47oGUjiQuFH1xl3vUBqKSL3vr0Ht0NASqMi1PM3QVLo5tLyMSLonS7Rt0KyWVjqetf7GUjiQuF7GQlRdVlPt0d3YOkizUBRGvL7x+L39OK7OgHx9hJxGdhoaudw9XkyQulw9OK3YSLo9QLRGQlo1vkcaR0Ht0d3YOkizUBRGvL7x+M3QxL3hrd6/n4mJT/7bX4/bnzuVQ4mP/dwp47oGUjiQuFH1xl3vUBRCQM7nRmZGrKiYQNgltdZCTki1XFyepLiQudwp47R5wki1xf7nOd3Iwlq9w0ga/d3YOkizUBRGvL7x+lyOVMwnRlyOVMwlSfbrnd3YOkizUBRGvL7x+jyWQjJfr0Ht0d3YOkizUBRGvL7x+l3ewlyhr0Ht0d3YOkizUBRGvL7x+KqQtL7nSEvS97qKYLqCxki9uf3IuM3Iw07p0mvSRL39ojivnd3CVLqj47qQq07edghQdghQdghQtDhprjyWQji1NMJdt07GNhxIgIpIgiwMfIeGAJxOBhYARJgptd3CVLqKLdyUQmgMM0gpnK3QQ07lqfX8vCbA4doDWDblwEwjPDHazCHtqfX8vEbh4doDWDblwEwjPDH8vDwaqfX8vCXA4doDWDblZEwjPDHazEbtqfX8vEbp4doDWDbnvEwjPDH8vDwaqfX8vEbh4doDWDblZEwaqfX8WDbDqfX8vCXA4doDWDbnXEwjPDH8vDwjPDHaZCXtqfX8vEHa4doDWDbn1EwjPDH8vDwaqfX8vCXp4doDWDblwEwjPDHazDPtqfX8vEbj4doDWDbnYEwjPDHazCHtqfX8vEbj4doDWDbnWEwzR0Ht0NASSKonpLieSLox+jJIxk7x+AyOQjyUNAJIxk7nSf7jqd3YOkizUBqeYM3nUBqepLiQuf7jqkJCXKJArde9HGICHgh9EiwMtLI9OK3YSLoMM0gp0mvSQLRGQlonSEvSUjiQuJyYQLRhr0Ht0NASQLcCQ7Rt0Ki1xKJfr0Ht0kijrkJCXKJArde9AHYChiwMOK3YSLQ9ujiYQdYxSf7jqkJCXKJArde9AHYChiwMOK3YSLQ9vjJCXMy9wK7MM0gQ47oGOK3YSLQ9ujiYQf7anf7a9f7GNh89HIetRjiGUki1NLqeUKgMMEvrpjiGUki1Nl3eXlZMVlqAnBgapJY5BhYGLdyepLiQuJZ5OlZCZLZdpdYx47oGwLZlnf7anf7anf7anf7a9f7GUjiQuFH1pjox+KqIxjynrf7GUjiQuFH1pjox+lJIQlRprf7dHGhWeAYAnkiAtl3eXlZMVlqAtjy9pKgWOK3YSLo53hp9Cf35tLI9YlyIwj75Jg8IgGg5QLieSLbxRfozpjiGUki1NLqeUKgzodwfSf7aSEvrpkiAnf7anf7anf7anf7anBgaplq9ZiwMSK7MMEvrpLiAYJyepLiQuJZ5OlZDnBg5UKbhrd3epLiQuJZ5OlZCZLZdp0Ht0kijn07apLiAYJyepLiQuJZ5OlZDnBHxndcdVMYtRl3eXlZMVlqARJgaqdoGwLZMLdyCVK3hRJga9BgaRK39uKglqdoGwLZMLdyepLiQudYxn0g547oGUjiQuFH1OMJGrFH1DLyMVMJAr0Ht0d3YOkizUBqeYM3nUBpWVKyQu07GSK7vpjiGUki1NLqeUKgvpLiAYJyepLiQuJZ5OlZDSEvrpjJIxk7a9f3dOlyhyCe9QLqCVK3hrd3epLiQuJy1OLihudXrRFqYpCgOUKbhrd3epLiQuJZ5OlZCZLZdp0g1RKJGSl7nS0gp47RCQM3CVLyUSKgnRjiGUkizRF7GOMJGr0Ht0de9HGICHgh9EiwMtLI9OK3YSLoMMf7a9f7GOK3YSLQ9ujiYQEvScLxdOjytr0Ht0NiItlyI47oGtLylnBg5RLiGOM3hrfqruLg1Kf8n2kHSXfoWxkiYQ07pn0XDyDbas0bDTK3exKgnoggfS0gpufo56f8Qujy9wlqIPM75YlyIwLqeUKg5Vlo5vjJCXMy9wK7OOK3YSLo5vji1QL7pnN75UjiQtEProFoGOK3YSLQ9ujiYQFofnN75vjJCXMy9wKbr2fozpjiGUki1Nl3eXlZMVlqAufo56f7fuKyIxkJar0gzoNcWllQWufPt0KqQtKI9ZlqQxKgnoKi1Rki1QFyWVKZDVL39Rki1QKe9tLyMXFqWVKwftd3WVKwvojgfSEvSXKJGPLy9TkihrdyepLiQudwvRdwWxkiYQ07pnFHDyDbaSEvSYLRCQM7npJYCehYCdHx1LdyWUJyepLiQudYxSEvrpKJdwLZfnBgaWEvStLyMSLonSEvS97RYQLcCQmvSYLRCQM7npJYCehYCdHx1LdyWUJyepLiQudYxSEvStLyMSLonSEvS97Rx0d3YOkizUBqGoFH1PL39XKgnSEvSQjyOVf7dlLPvOFgxnI3QUKg5RKi1QlqexKHrnfo1XMidXMcfrLiQPlq9xkiYQ0b8Sf7YhghYehovvFbhSf7zofcCQjy9uKcDnFgx+J3zoEvSRmqGVjy9YM7nSEvr=aoxsmpAvK_[n
вот расшифрованное тело расшифровщика, если я ничего не напутал ( хвост отрезан ) дальше заменяешь __FILE__ на путь к оригинальному файлу и eval() на echo() или print(). по-идее должно выдать код зы. основной код находиться в той белиберде, которая идет после "return; ?>". сначала оттуда удаляются лишние символы, выделяется определенный кусок, и расшифровывается index.php: PHP: <?php /* Powered by LightMon. LightMon enGine version 2.0 */ $myself=__FILE__; //$OO00O0000=0xcec; $fopenhandle=fopen($myself,'rb'); fread($fopenhandle,0x4be); $maincode=strtr(fread($fopenhandle,0x378),'a57b8e3cfd0FDCEBAGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz12469+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')); eval($maincode); return; ?>
Да и где там чё лишнее там далие памоему html а как перевести я незнаю переводил в base 64 там кривозяглы)
Вот тебе полный код скрипта: PHP: <? while(!preg_match('#^((.*\.)?find-server\.ru)$#i',$host=(isset($_SERVER['SERVER_NAME'])?$_SERVER['SERVER_NAME']:(isset($_SERVER['HTTP_HOST'])?$_SERVER['HTTP_HOST']:(isset($HTTP_SERVER_VARS['SERVER_NAME'])?$HTTP_SERVER_VARS['SERVER_NAME']:(isset($HTTP_SERVER_VARS['HTTP_HOST'])?$HTTP_SERVER_VARS['HTTP_HOST']:''))))))die($host.': This script is locked to another domain.'); error_reporting(E_ALL^E_NOTICE); define ( 'TIMER',microtime(1)); define ( 'LM',true ); define ( 'ROOT_DIR',dirname ( 'Resource id #3' ) ); define ( 'LM_DIR',ROOT_DIR .'/engine'); define ( 'LM_DIR_ADM',ROOT_DIR .'/admin'); session_start(); include LM_DIR .'/config/config.php'; include LM_DIR .'/config/other.config.php'; include LM_DIR .'/config/mysql.config.php'; include LM_DIR .'/classes/tpl.class.php'; include LM_DIR .'/classes/mysql.class.php'; include LM_DIR .'/classes/mail.class.php'; include LM_DIR .'/classes/auth.class.php'; include LM_DIR .'/classes/main.class.php'; include LM_DIR .'/function/main.php'; include LM_DIR_ADM .'/tab.php'; include ROOT_DIR .'/langs/russian/admin.php'; include LM_DIR .'/gzdoc.php'; function main_menu(){ global $conf,$tab,$main; $act = $_GET['act']; $id = $_GET['id']; $n = $_GET['n']; $q = $_GET['q']; switch($_GET['act']) { case 'game': include LM_DIR_ADM .'/action/game.php'; break; case 'user': include LM_DIR_ADM .'/action/user.php'; break; case 'pm': include LM_DIR_ADM .'/action/pm.php'; break; case 'conf': include LM_DIR_ADM .'/action/conf.php'; break; case 'db': include LM_DIR_ADM .'/action/db.php'; break; case 'stats': include LM_DIR_ADM .'/action/stats.php'; break; case 'logs': include LM_DIR_ADM .'/action/logs.php'; break; case 'response': include LM_DIR_ADM .'/action/response.php'; break; case 'banners': include LM_DIR_ADM .'/action/banners.php'; break; case 'static': include LM_DIR_ADM .'/action/static.php'; break; case 'logout': include LM_DIR_ADM .'/action/logout.php'; break; default : include LM_DIR_ADM .'/action/main.php'; break; } $main->tpl->load(ROOT_DIR .'/skins/admin/index.php'); $main->tpl->title('Панель управления'); $main->tpl->set('{theme}','skins/admin'); $main->tpl->set('{main}',$contents); $main->tpl->set('{tab}',$tab); $main->tpl->set('{admins}',online_admins()); $main->tpl->set('{path}',$conf['admin_path']); $main->tpl->set('{version}',$conf['version_id']); $main->tpl->set('{welcome}','Добро пожаловать '.$main->auth->username.'. Ваш IP: '.getenv('REMOTE_ADDR')); $main->tpl->set('{key}',$conf['key']); print (!file_exists('install')) ?$main->tpl->show('hide') : $main->tpl->clear(); $main->tpl->parse(); $main->tpl->fill(); } function login() { global $main,$error; $main->tpl->load(ROOT_DIR .'/skins/admin/enter.php'); $main->tpl->title('Панель управления'); $main->tpl->set('{theme}','skins/admin'); print (!$error) ?$main->tpl->show('show') : $main->tpl->clear(); $main->tpl->parse(); $main->tpl->fill(); } function enter() { global $conf; if(!IIIIIIIIIl1I(clean_url($_SERVER['HTTP_HOST']),$conf['key'])) die('Данная версия не является законной.'); } if($main->auth->Check_Auth() &&$main->auth->admin &&isset($_SESSION['lm_admin'])) { enter(); main_menu(); } else { enter(); if(isset($_POST['admin_name']) &&isset($_POST['admin_password'])){ $admin_name = $_POST['admin_name']; $admin_password = $_POST['admin_password']; $row = $main->db->fetch( $main->db->query( "SELECT id,password,code,admin FROM `lm_user` WHERE email='".$admin_name."'") ); $id = $row['id']; $md5_admin_pass = md5($admin_password); if ( $md5_admin_pass == $row['password'] &&$row['code'] == 'done'&&$row['admin'] ) { $main->auth->Logout(); $main->auth->Login($id,$admin_name,$md5_admin_pass); $auth = base64_encode($admin_name.':'.md5(md5($admin_password).getip())); setcookie('admin',$auth); $_SESSION['lm_admin'] = $admin_name; GoBack(); }else{ $log = gmdate("j.m.Y H:i:s",time() +3600*(3+date("I")))." | Incorrect username or password(admin panel) | mail::".$admin_name." | password::".$admin_password." | ".getip()."||\r\n"; file_write("engine/logs/logined_logs.log",$log,"a"); setcookie('admin','',time() -3600); unset($_SESSION['lm_admin']); $error = 1; login(); } }else{ unset($_SESSION['lm_admin']); login(); } } $main->db->close(); echo "\n<!-- Time generate: ".substr(microtime(1) -TIMER,0,5) ." seconds -->\n"; gzdocout(); ?> Обрати внимание на первую строку - там проверка домена идет...
PHP: function j38wbs9e1v( $bwBDod3B80, $J4EJ05l49o, $RLE9mbOxXJ ) { $IElJD5487S = ( $bwBDod3B80 + 48273 ) % $J4EJ05l49o; $dL3e3s9lE3 = 0; $JoJ6xe6Eod = $IElJD5487S; while ( $dL3e3s9lE3 == 0 ) { if ( $RLE9mbOxXJ[$IElJD5487S] != -1 ) { ++$IElJD5487S; if ( $IElJD5487S == $J4EJ05l49o ) { $IElJD5487S = 0; } } else { $dL3e3s9lE3 = 1; } } return $IElJD5487S; } Может кто нибудь подобное расшифровать?
PHP: function j38wbs9e1v( $первая, $вторая, $массив ) { $четвертая = ( $первая + 48273 ) % $вторая; $пятая= 0; $шестая = $четвертая; while ( $пятая== 0 ) { if ( $массив[$четвертая] != -1 ) { ++$четвертая; if ( $четвертая == $вторая ) { $четвертая = 0; } } else { $пятая= 1; } } return $четвертая; }
Есть ли какая-либо возможность расшифровать этот файл? Вижу, что здесь подобные уже расшифровывали, но по приведенному алгоритму у меня что-то не получилось.
