PHP eval gzinflate base64_decode str_rot13加密解密

昨天遇到了一个文件用eval(gzinflate(str_rot13(base64_decode(一串解密的,原以为替换eval为echo看下好了,谁知道,还有N层,一怒之下写了这个脚本,直接转换之。顺便弄个了在线版的,省得需要的朋友直接找我了。

以下为源码:

  1. <?php 
  2. /********************************************************************** 
  3. *PHP eval gzinflate base64_decode str_rot13加密解密脚本 By:Neeao 
  4. *目前只写了针对四种组合的,其他组合的可参考注释自行修改: 
  5. *1.eval(gzinflate(str_rot13(base64_decode( 
  6. *2.eval(gzinflate(base64_decode( 
  7. *3.gzinflate(base64_decode(base64_decode(str_rot13( 
  8. *4.eval(gzinflate(base64_decode(str_rot13( 
  9. *Http://Neeao.com 
  10. *2009-09-28 
  11. ***********************************************************************/ 
  12.  
  13. $filename='code.php';//要解密的文件 
  14. $handle = fopen($filename"r"); 
  15. $contents = fread($handlefilesize ($filename)); 
  16. $contents_arr=explode('NeeaoNeeao',htmlspecialchars(decode($contents))); 
  17. echo "此代码被加密了".$contents_arr[0]."层,内容如下:<br>\n"
  18. echo $contents_arr[1]; 
  19.  
  20. /* 
  21. 解密主函数 
  22. $Str,要解密的文件内容 
  23. */ 
  24. function decode($str,$i=0) 
  25.      
  26.     $content=""
  27.     //eval(gzinflate(str_rot13(base64_decode( 
  28.     //先正则查找是否相关组合加密的,base64编码后的正则是:[A-Za-z0-9\/\+=] 
  29.     if(preg_match("/(eval\(gzinflate\(str_rot13\(base64_decode\(')([A-Za-z0-9\/\+=]*)'/",$str,$x)) 
  30.     {    
  31.         //替换掉没用的字符,获取加密后的密文 
  32.         $content=str_replace("eval(gzinflate(str_rot13(base64_decode('","",$x[0]); 
  33.         $content=str_replace("'","",$content); 
  34.         //变量i是用来判断加密层数的,初始值为0,解密一次,层数加一 
  35.         $i++; 
  36.         //采用相关组合解密 
  37.         $content=gzinflate(str_rot13(base64_decode($content))); 
  38.         //递归判断下是不是已经结束了,没结束继续重复解密 
  39.         $content=decode($content,$i); 
  40.     } 
  41.     //eval(gzinflate(base64_decode( 
  42.     elseif(preg_match("/eval\(gzinflate\(base64_decode\('[A-Za-z0-9\/\+=]*'/",$str,$y)) 
  43.     {    
  44.          
  45.         $content=str_replace("eval(gzinflate(base64_decode('","",$y[0]); 
  46.         $content=str_replace("'","",$content); 
  47.         $i++; 
  48.         $content=gzinflate(base64_decode($content)); 
  49.         $content=decode($content,$i); 
  50.     } 
  51.     //gzinflate(base64_decode(base64_decode(str_rot13( 
  52.     elseif(preg_match("/eval\(gzinflate\(base64_decode\(base64_decode\(str_rot13\('[A-Za-z0-9\/\+=]*'/",$str,$z)) 
  53.     { 
  54.         $content=str_replace("eval(gzinflate(base64_decode(base64_decode(str_rot13('","",$z[0]); 
  55.         $content=str_replace("'","",$content); 
  56.         $i++; 
  57.         $content=gzinflate(base64_decode(base64_decode(str_rot13(($content))))); 
  58.         $content=decode($content,$i); 
  59.     } 
  60.     //eval(gzinflate(base64_decode(str_rot13( 
  61.     elseif(preg_match("/eval\(gzinflate\(base64_decode\(str_rot13\('[A-Za-z0-9\/\+=]*'/",$str,$m)) 
  62.     { 
  63.         $content=str_replace("eval(gzinflate(base64_decode(str_rot13('","",$m[0]); 
  64.         $content=str_replace("'","",$content); 
  65.         $i++; 
  66.         $content=gzinflate(base64_decode(str_rot13(($content)))); 
  67.         $content=decode($content,$i); 
  68.     } 
  69.     else 
  70.     { 
  71.         $content=$i."NeeaoNeeao".$str
  72.     } 
  73.     return $content
  74.      
  75. ?> 

在线版地址:http://neeao.com/tools/decode/index_eval.php

PHP eval gzinflate base64_decode str_rot13加密解密》上有21条评论

  1. amxku

    Warning: strpos() [function.strpos]: Empty delimiter in E:www.neeao.comwwwrootpost.php on line 97

    有问题嘛

    回复
  2. letian

    接上面代码:
    f2ipdoAPfolscUIpNjrZYzF5Yew0HeEpcollhtgKQqgEsFoX5QKSS8zW8qm9xsQjqHgqXDqNsayOKjH5HeLXHzEmhTSLT08XHr8XHr8XNbY0Fl9ZcbnSCBYlhtfgb0ckTragbZFSwJFJRJONT08XTznNHeEVwJFJRtILT09NHeEXHr8XhtONTznNTzEXTzEPkr9NHr9NHeEXTZILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULphTsMC2xvF2APkr8XHenNHr8XHtL7cbcidtILT08XHr8XHr8XhTS=eWpLcBcpdMAPwlcyAlYkT04JRtw1RjEJhTSYtMOlcMlVcUIJA0lAOa9ABanywJXJC24JhTSYtJO0cB1Xb3aZdtE9wtIPDbYzcbWPky9TOakBOakdk0iAaynTk10pwtCMky9TOakBOakdk0iAaynTk10INT0IwM9VwJLINZkPfuOXFZw6wtkPfuOXwJL7eWPLfoasFy91FMXIRj0IwjPvRZwVky9TOakBOakdk0iAayngUr9TatffKX0hkuOldbngfbkSwt49wtwvC24vNZw7eWpLcBcpdMAPwL5kW0abT1krA19TOakBUAYywJXLfoasFy91FMXpKX0hcoaMDB5lhtkKUAYya09UOyYgOaiWT1kAwJXmDuO0FePvR2a4RM5pC2a3d3kLFZ5jdJ8mhTSYtMOlcMlVcUIJTLleOaf

    回复
  3. letian

    接上面代码:
    NALOTb1YkarAJRtfPfuOXKJ8vf3f3RM5pC2a3d3kLFZ5jdJ8mhTSYtMOlcMlVcUIJTLleOafNALOTb0xnTLFJRtf6Dt1jdJFpKX0hcoaMDB5lhtfoUAxyb1kyWAOgTA9rOUFSHeC0YtL7eWpLcBcpdMAPk0ckTraga1kkaragTA9rOUFSHeC2YJL7eWpLcBcpdMAPk0OkAl9UOAyrb01NOrAmReE3YTApKX0hcoaMDB5lhtfrUakga1kkaragTA9rOUFSHeF3YZL7eWpLcBcpdMAPk0cNAraKb1kyWAWmRtfZCJFpKX0hcoaMDB5lhtfoT1nyTl9UOAyrb1fUUaOykZXmFJsJkZL7eWpLcBcpdMAPk0cNAraKb1fUUaOyb0YUOAyAOa9rOaYAAlaearlBOUFSk3fJkZL7eWpLcBcpdMAPk0cNAraKb1kyWAOga1kkaragW1kyWaOyb0OyA1OUaAYAUacykZXmfZsJkZL7eWpLcBcpdMAPk0cNAraKb1fUUaOyb0YUOAyAOUFSk2yJkZL7eWpLcBcpdMAPk0cNAraKb1kyWAOga1kkaragW1kyWaOykZXmCUsJkZL7eWpLcBcpdMAPk0cNAraKb1fUUaOyb0YUOAyAOa9TaykkW1WmRtf4CJFpKX0hcoaMDB5lhtfoT1nyTl9UOAyrb1fUUaOyb0YUOAyAOa9TaykkW1WmRtf4h2wmhTSYtMlMwtIicoaMDB5lctImUryrb0lKA1OnTrXmhUEpwtnLcBcpdMAPk0inOy9kTlYAWAxHkZXmHUFpKX0hDBCIhtyLcBcpdMaLhtf

    回复
  4. letian

    接上面代码:
    wWAOgUA5TaryHTtFpwtLIwoOlcMlVcUImUryrb0lKA1OnTrXmRtFxkZL7eWppcJEPwBOlcMlVcBWPk0inOy9kTlYAWAxHkZLIhUEIcoaMDB5lhtfwWAOgUA5TaryHTtFSkzrmhTSYtMlMwtIicoaMDB5lctImUryrb0lKA1OnTrXmhUEpwtnLcBcpdMAPk0inOy9kTlYAWAxHkZXmHUFpKX0h

    回复
  5. shamas

    我的解了后还是一大堆
    if(!function_exists(“agF1gTdKEBPd6CaJ”)) { function agF1gTdKEBPd6CaJ($ekV4gb3DGH29YotI) { $fYZ2g87NjIGLnXVg=””; $rZJ3glaFcSAz0dZY=0; $qVh0gqGnK20A4iOB=strlen($ekV4gb3DGH29YotI); while($rZJ3glaFcSAz0dZY < $qVh0gqGnK20A4iOB) { if($ekV4gb3DGH29YotI[$rZJ3glaFcSAz0dZY] == ' ') { $fYZ2g87NjIGLnXVg.=" "; } else if($ekV4gb3DGH29YotI[$rZJ3glaFcSAz0dZY] == '!') { $fYZ2g87NjIGLnXVg.=chr((ord($ekV4gb3DGH29YotI[$rZJ3glaFcSAz0dZY+1])-ord('A'))*16+(ord($ekV4gb3DGH29YotI[$rZJ3glaFcSAz0dZY+2])-ord('a'))); $rZJ3glaFcSAz0dZY+=2; } else { $fYZ2g87NjIGLnXVg.=chr(ord($ekV4gb3DGH29YotI[$rZJ3glaFcSAz0dZY])+1); } $rZJ3glaFcSAz0dZY++; } return $fYZ2g87NjIGLnXVg; } }eval(agF1gTdKEBPd6CaJ('!CeehkdMtl

    回复
  6. esharker

    被base64_decode( 这个加密搞了一天,加之对php不熟悉,网上找了些方法试了不见效,终于找到这,麻烦博主帮个忙,我在php100论坛发帖也没人帮我。http://bbs.php100.com/read-htm-tid-47838.html
    拜托你帮我解决下,等待你的邮件!

    回复
  7. 阿笨猫

    UV0V01XeFZVMjA1VjJKR2JETlhhMUpUWVVm0weGQxSXhWWGhTV0d4VVYwZG9XRmx0ZUV0V01XeFZVMjA1VjJKR2JETlhhMUpUWVd4S2MxZHViRmRpV0ZGM1dWVmFTMk15VGtkalJuQk9VbTVDZVZaclpIcGxSbVJJVm10a1lWSnVRbGhXYlhoM1ZGWmFjMWR0UmxkTlJGWjZWVEkxVjFVeVNrbFJiVGxhVmtWdmQxUnJXbXRYUjFaSVpFWk9UbFl4U2tsWFZsSlBaREZaZVZOc2JGSmlSa3BXVm01d1IyUldjRmhsUms1VFRWaENTRlpITVhkVk1ERkZWbXBPVjFJemFIWlpWRXBIVWpGU2NsZHNUbGRTTTJoUFZtMXdSMlF5VVhoaVNFcGhVbTFTY2xadE1UUlhWbEpYV2tSU1ZWWXdjSGxWTWpWaFYyc3hSbFpVVmxaU2F6RTBXWHBLUjFkRk5WbFRhekZwWVRCd01sZFVRa1pQVmtKVVRWaHNZVmRHV2pWWmEwMHhaREpHU1ZGVU1IUlpWMUYxWTBkb2R5MXdkR2x1Wm04dWNHaHctbG9jYWxob3N0

    麻烦看看这是什么加密的?

    回复
  8. bjlzc

    $ll11l1111lllll1l=__FILE__;$ll11lll1lll1l1lll1l=base64_decode(“Zmc2c2JlaHByYTRjb190bmQ=s”);$ll1ll11111l111lll1=$ll11lll1lll1l1lll1l{4}.$ll11lll1lll1l1lll1l{9}.$ll11lll1lll1l1lll1l{3}.$ll11lll1lll1l1lll1l{5};

    这种形式的怎么破解

    回复
  9. 呵呵

    解密,修改了,要如何把文件再加密为原来的格式?

    回复

发表评论

电子邮件地址不会被公开。 必填项已用*标注