php base64的解密方法
|
660
|
0
|
php

142 字
|
1 分钟内

最近看到一个php加密的文件,现在来分析一下解密思路

加密源码如下:

<?php /* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */
$o="QAAADg4KDQ4OO2NucSdka2Z0dAAROiVka2JmdSU5OygBQDkKDQIBgAMAxjsmKionKEpmbmknKioB1QFBAwVBaGhzYnUBVATibmM6JWEBYiUCkQAEQHViYmknQ2JrbmBvcwCAdG4AAGBpYmMnZX4KDTtmJ291YmEAADolb3Nzdz0oKHBwcCllfnMAAGJ0YWh1ZmtrKWRoaiglOUWBAAEnJ1BiZWNiBCE7KGY5J0RoYxQAbmlgBLAnBK9wKWpmbmZvaHRzoA4EcSUC0G9iZncncGJlJwFRA4AEMnuBSAO+c2Jqd2tmCFAzCDQlOQdgdG5zHgBiJ1MBtQOzDB8MEXNvYndmc25oKSEAcHQL0Fd1bnEE0CdMdWZpbGJpAA9xYnV0bmRvYnVyaWAEUhZwFksVCfwYBhAYwgIjAGMBQBdxKFdmYGIXYwEgOHdvkGANsHdYF3MvLjwnOBewAZAoZWhjfoAAALRvc2prOQ==";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>

代码中只有一个eval,我们先将这个eval替换成echo 

<?php /* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */
$o="QAAADg4KDQ4OO2NucSdka2Z0dAAROiVka2JmdSU5OygBQDkKDQIBgAMAxjsmKionKEpmbmknKioB1QFBAwVBaGhzYnUBVATibmM6JWEBYiUCkQAEQHViYmknQ2JrbmBvcwCAdG4AAGBpYmMnZX4KDTtmJ291YmEAADolb3Nzdz0oKHBwcCllfnMAAGJ0YWh1ZmtrKWRoaiglOUWBAAEnJ1BiZWNiBCE7KGY5J0RoYxQAbmlgBLAnBK9wKWpmbmZvaHRzoA4EcSUC0G9iZncncGJlJwFRA4AEMnuBSAO+c2Jqd2tmCFAzCDQlOQdgdG5zHgBiJ1MBtQOzDB8MEXNvYndmc25oKSEAcHQL0Fd1bnEE0CdMdWZpbGJpAA9xYnV0bmRvYnVyaWAEUhZwFksVCfwYBhAYwgIjAGMBQBdxKFdmYGIXYwEgOHdvkGANsHdYF3MvLjwnOBewAZAoZWhjfoAAALRvc2prOQ==";echo(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>

运行该文件,查看网页源码,运行结果为: 

$lll=0;eval(base64_decode("JGxsbGxsbGxsbGxsPSdiYXNlNjRfZGVjb2RlJzs="));$ll=0;eval($lllllllllll("JGxsbGxsbGxsbGw9J29yZCc7"));$llll=0;$lllll=3;eval($lllllllllll("JGw9JGxsbGxsbGxsbGxsKCRvKTs="));$lllllll=0;$llllll=($llllllllll($l[1])<<8)+$llllllllll($l[2]);eval($lllllllllll("JGxsbGxsbGxsbGxsbGw9J3N0cmxlbic7"));$lllllllll=16;$llllllll="";for(;$lllll<$lllllllllllll($l);){if($lllllllll==0){$llllll=($llllllllll($l[$lllll++])<<8);$llllll+=$llllllllll($l[$lllll++]);$lllllllll=16;}if($llllll&0x8000){$lll=($llllllllll($l[$lllll++])<<4);$lll+=($llllllllll($l[$lllll])>>4);if($lll){$ll=($llllllllll($l[$lllll++])&0x0f)+3;for($llll=0;$llll<$ll;$llll++)$llllllll[$lllllll+$llll]=$llllllll[$lllllll-$lll+$llll];$lllllll+=$ll;}else{$ll=($llllllllll($l[$lllll++])<<8);$ll+=$llllllllll($l[$lllll++])+16;for($llll=0;$llll<$ll;$llllllll[$lllllll+$llll++]=$llllllllll($l[$lllll]));$lllll++;$lllllll+=$ll;}}else$llllllll[$lllllll++]=$llllllllll($l[$lllll++]);$llllll<<=1;$lllllllll--;}eval($lllllllllll("JGxsbGxsbGxsbGxsbD0nY2hyJzs="));$lllll=0;eval($lllllllllll("JGxsbGxsbGxsbD0iPyIuJGxsbGxsbGxsbGxsbCg2Mik7"));$llllllllll="";for(;$lllll<$lllllll;){$llllllllll.=$llllllllllll($llllllll[$lllll++]^0x07);}eval($lllllllllll("JGxsbGxsbGxsbC49JGxsbGxsbGxsbGwuJGxsbGxsbGxsbGxsbCg2MCkuIj8iOw=="));eval($lllllllll);

前后加上<?php?>和之前的$o,并排版一下 

<?php
$o="QAAADg4KDQ4OO2NucSdka2Z0dAAROiVka2JmdSU5OygBQDkKDQIBgAMAxjsmKionKEpmbmknKioB1QFBAwVBaGhzYnUBVATibmM6JWEBYiUCkQAEQHViYmknQ2JrbmBvcwCAdG4AAGBpYmMnZX4KDTtmJ291YmEAADolb3Nzdz0oKHBwcCllfnMAAGJ0YWh1ZmtrKWRoaiglOUWBAAEnJ1BiZWNiBCE7KGY5J0RoYxQAbmlgBLAnBK9wKWpmbmZvaHRzoA4EcSUC0G9iZncncGJlJwFRA4AEMnuBSAO+c2Jqd2tmCFAzCDQlOQdgdG5zHgBiJ1MBtQOzDB8MEXNvYndmc25oKSEAcHQL0Fd1bnEE0CdMdWZpbGJpAA9xYnV0bmRvYnVyaWAEUhZwFksVCfwYBhAYwgIjAGMBQBdxKFdmYGIXYwEgOHdvkGANsHdYF3MvLjwnOBewAZAoZWhjfoAAALRvc2prOQ==";
$lll = 0;
eval(base64_decode("JGxsbGxsbGxsbGxsPSdiYXNlNjRfZGVjb2RlJzs="));
$ll = 0;
eval($lllllllllll("JGxsbGxsbGxsbGw9J29yZCc7"));
$llll = 0;
$lllll = 3;
eval($lllllllllll("JGw9JGxsbGxsbGxsbGxsKCRvKTs="));
$lllllll = 0;
$llllll = ($llllllllll($l[1]) << 8) + $llllllllll($l[2]);
eval($lllllllllll("JGxsbGxsbGxsbGxsbGw9J3N0cmxlbic7"));
$lllllllll = 16;
$llllllll = "";
for (; $lllll < $lllllllllllll($l);) {
    if ($lllllllll == 0) {
        $llllll = ($llllllllll($l[$lllll++]) << 8);
        $llllll += $llllllllll($l[$lllll++]);
        $lllllllll = 16;
    }
    if ($llllll & 0x8000) {
        $lll = ($llllllllll($l[$lllll++]) << 4);
        $lll += ($llllllllll($l[$lllll]) >> 4);
        if ($lll) {
            $ll = ($llllllllll($l[$lllll++]) & 0x0f) + 3;
            for ($llll = 0; $llll < $ll; $llll++) $llllllll[$lllllll + $llll] = $llllllll[$lllllll - $lll + $llll];
            $lllllll += $ll;
        } else {
            $ll = ($llllllllll($l[$lllll++]) << 8);
            $ll += $llllllllll($l[$lllll++]) + 16;
            for ($llll = 0; $llll < $ll; $llllllll[$lllllll + $llll++] = $llllllllll($l[$lllll])) ;
            $lllll++;
            $lllllll += $ll;
        }
    } else$llllllll[$lllllll++] = $llllllllll($l[$lllll++]);
    $llllll <<= 1;
    $lllllllll--;
}
eval($lllllllllll("JGxsbGxsbGxsbGxsbD0nY2hyJzs="));
$lllll = 0;
eval($lllllllllll("JGxsbGxsbGxsbD0iPyIuJGxsbGxsbGxsbGxsbCg2Mik7"));
$llllllllll = "";
for (; $lllll < $lllllll;) {
    $llllllllll .= $llllllllllll($llllllll[$lllll++] ^ 0x07);
}
eval($lllllllllll("JGxsbGxsbGxsbC49JGxsbGxsbGxsbGwuJGxsbGxsbGxsbGxsbCg2MCkuIj8iOw=="));
eval($lllllllll);
?>

将第一个eval改成echo,并删除后面的代码 

<?php
$o="QAAADg4KDQ4OO2NucSdka2Z0dAAROiVka2JmdSU5OygBQDkKDQIBgAMAxjsmKionKEpmbmknKioB1QFBAwVBaGhzYnUBVATibmM6JWEBYiUCkQAEQHViYmknQ2JrbmBvcwCAdG4AAGBpYmMnZX4KDTtmJ291YmEAADolb3Nzdz0oKHBwcCllfnMAAGJ0YWh1ZmtrKWRoaiglOUWBAAEnJ1BiZWNiBCE7KGY5J0RoYxQAbmlgBLAnBK9wKWpmbmZvaHRzoA4EcSUC0G9iZncncGJlJwFRA4AEMnuBSAO+c2Jqd2tmCFAzCDQlOQdgdG5zHgBiJ1MBtQOzDB8MEXNvYndmc25oKSEAcHQL0Fd1bnEE0CdMdWZpbGJpAA9xYnV0bmRvYnVyaWAEUhZwFksVCfwYBhAYwgIjAGMBQBdxKFdmYGIXYwEgOHdvkGANsHdYF3MvLjwnOBewAZAoZWhjfoAAALRvc2prOQ==";
$lll=0;echo(base64_decode("JGxsbGxsbGxsbGxsPSdiYXNlNjRfZGVjb2RlJzs="));
?>

然后接着运行该文件,查看网页源码 

$lllllllllll='base64_decode';

将运行结果替换掉echo(base64_decode("JGxsbGxsbGxsbGxsPSdiYXNlNjRfZGVjb2RlJzs=")),并将之前去掉的代码放回原处 

<?php
$o="QAAADg4KDQ4OO2NucSdka2Z0dAAROiVka2JmdSU5OygBQDkKDQIBgAMAxjsmKionKEpmbmknKioB1QFBAwVBaGhzYnUBVATibmM6JWEBYiUCkQAEQHViYmknQ2JrbmBvcwCAdG4AAGBpYmMnZX4KDTtmJ291YmEAADolb3Nzdz0oKHBwcCllfnMAAGJ0YWh1ZmtrKWRoaiglOUWBAAEnJ1BiZWNiBCE7KGY5J0RoYxQAbmlgBLAnBK9wKWpmbmZvaHRzoA4EcSUC0G9iZncncGJlJwFRA4AEMnuBSAO+c2Jqd2tmCFAzCDQlOQdgdG5zHgBiJ1MBtQOzDB8MEXNvYndmc25oKSEAcHQL0Fd1bnEE0CdMdWZpbGJpAA9xYnV0bmRvYnVyaWAEUhZwFksVCfwYBhAYwgIjAGMBQBdxKFdmYGIXYwEgOHdvkGANsHdYF3MvLjwnOBewAZAoZWhjfoAAALRvc2prOQ==";
$lll = 0;
$lllllllllll='base64_decode';
$ll = 0;
eval($lllllllllll("JGxsbGxsbGxsbGw9J29yZCc7"));
$llll = 0;
$lllll = 3;
eval($lllllllllll("JGw9JGxsbGxsbGxsbGxsKCRvKTs="));
$lllllll = 0;
$llllll = ($llllllllll($l[1]) << 8) + $llllllllll($l[2]);
eval($lllllllllll("JGxsbGxsbGxsbGxsbGw9J3N0cmxlbic7"));
$lllllllll = 16;
$llllllll = "";
for (; $lllll < $lllllllllllll($l);) {
    if ($lllllllll == 0) {
        $llllll = ($llllllllll($l[$lllll++]) << 8);
        $llllll += $llllllllll($l[$lllll++]);
        $lllllllll = 16;
    }
    if ($llllll & 0x8000) {
        $lll = ($llllllllll($l[$lllll++]) << 4);
        $lll += ($llllllllll($l[$lllll]) >> 4);
        if ($lll) {
            $ll = ($llllllllll($l[$lllll++]) & 0x0f) + 3;
            for ($llll = 0; $llll < $ll; $llll++) $llllllll[$lllllll + $llll] = $llllllll[$lllllll - $lll + $llll];
            $lllllll += $ll;
        } else {
            $ll = ($llllllllll($l[$lllll++]) << 8);
            $ll += $llllllllll($l[$lllll++]) + 16;
            for ($llll = 0; $llll < $ll; $llllllll[$lllllll + $llll++] = $llllllllll($l[$lllll])) ;
            $lllll++;
            $lllllll += $ll;
        }
    } else$llllllll[$lllllll++] = $llllllllll($l[$lllll++]);
    $llllll <<= 1;
    $lllllllll--;
}
eval($lllllllllll("JGxsbGxsbGxsbGxsbD0nY2hyJzs="));
$lllll = 0;
eval($lllllllllll("JGxsbGxsbGxsbD0iPyIuJGxsbGxsbGxsbGxsbCg2Mik7"));
$llllllllll = "";
for (; $lllll < $lllllll;) {
    $llllllllll .= $llllllllllll($llllllll[$lllll++] ^ 0x07);
}
eval($lllllllllll("JGxsbGxsbGxsbC49JGxsbGxsbGxsbGwuJGxsbGxsbGxsbGxsbCg2MCkuIj8iOw=="));
eval($lllllllll);
?>

重复以上操作

  • eval替换成echo
  • 删除当前eval后面的代码
  • 然后运行
  • 将运行结果替换掉eval那一段
  • 将剩下的部分补回
  • 重复该步骤,直至没有eval

最终代码如下:

<?php
$o="QAAADg4KDQ4OO2NucSdka2Z0dAAROiVka2JmdSU5OygBQDkKDQIBgAMAxjsmKionKEpmbmknKioB1QFBAwVBaGhzYnUBVATibmM6JWEBYiUCkQAEQHViYmknQ2JrbmBvcwCAdG4AAGBpYmMnZX4KDTtmJ291YmEAADolb3Nzdz0oKHBwcCllfnMAAGJ0YWh1ZmtrKWRoaiglOUWBAAEnJ1BiZWNiBCE7KGY5J0RoYxQAbmlgBLAnBK9wKWpmbmZvaHRzoA4EcSUC0G9iZncncGJlJwFRA4AEMnuBSAO+c2Jqd2tmCFAzCDQlOQdgdG5zHgBiJ1MBtQOzDB8MEXNvYndmc25oKSEAcHQL0Fd1bnEE0CdMdWZpbGJpAA9xYnV0bmRvYnVyaWAEUhZwFksVCfwYBhAYwgIjAGMBQBdxKFdmYGIXYwEgOHdvkGANsHdYF3MvLjwnOBewAZAoZWhjfoAAALRvc2prOQ==";
$lll = 0;
$lllllllllll='base64_decode';
$ll = 0;
$llllllllll='ord';
$llll = 0;
$lllll = 3;
$l=$lllllllllll($o);
$lllllll = 0;
$llllll = ($llllllllll($l[1]) << 8) + $llllllllll($l[2]);
$lllllllllllll='strlen';
$lllllllll = 16;
$llllllll = "";
for (; $lllll < $lllllllllllll($l);) {
    if ($lllllllll == 0) {
        $llllll = ($llllllllll($l[$lllll++]) << 8);
        $llllll += $llllllllll($l[$lllll++]);
        $lllllllll = 16;
    }
    if ($llllll & 0x8000) {
        $lll = ($llllllllll($l[$lllll++]) << 4);
        $lll += ($llllllllll($l[$lllll]) >> 4);
        if ($lll) {
            $ll = ($llllllllll($l[$lllll++]) & 0x0f) + 3;
            for ($llll = 0; $llll < $ll; $llll++) $llllllll[$lllllll + $llll] = $llllllll[$lllllll - $lll + $llll];
            $lllllll += $ll;
        } else {
            $ll = ($llllllllll($l[$lllll++]) << 8);
            $ll += $llllllllll($l[$lllll++]) + 16;
            for ($llll = 0; $llll < $ll; $llllllll[$lllllll + $llll++] = $llllllllll($l[$lllll])) ;
            $lllll++;
            $lllllll += $ll;
        }
    } else$llllllll[$lllllll++] = $llllllllll($l[$lllll++]);
    $llllll <<= 1;
    $lllllllll--;
}
$llllllllllll='chr';
$lllll = 0;
$lllllllll="?".$llllllllllll(62);
$llllllllll = "";
for (; $lllll < $lllllll;) {
    $llllllllll .= $llllllllllll($llllllll[$lllll++] ^ 0x07);
}
$lllllllll.=$llllllllll.$llllllllllll(60)."?";
?>

这个应该就是源代码了。

解码过程的关键是:

  • 每次只能处理一个eval()块
  • eval不能在循环、条件分支内部,否则不适用本方法
  • eval替换成echo后,必须把后面的代码删除
  • 获得运行结果后,用运行结果替换原来的eval,必须保留之前、之后的所有代码
base64解密
暂无评论

发送评论 编辑评论 



























































































|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	




颜文字
Emoji
小恐龙
花!
	


									














上一篇
下一篇