更新时间:2023-02-23 18:11:13
经过模糊处理后的外观就是这样。正如Matti所指出的,这是页脚,哈哈。完成所有这些位移位后,删除了我在代码字符串的末尾用#
替换的不可打印字符。
That's what it looks like when de-obfuscated. As Matti pointed out already, it's a footer, haha. All that bitshifting is done to remove non-printable characters which I have substituted with #
in the argument string to the end of the code.
<?php
if (!function_exists("fn")) {
function fn($arg) {
$arg = base64_decode($arg);
$fn = 0;
$x = 0;
$y = 0;
$z = (ord($arg[1]) << 8) + ord($arg[2]);
$i = 3;
$j = 0;
$k = 16;
$str = "";
$strlen = strlen($arg);
$file = __FILE__;
$file = file_get_contents($file);
$matches = 0;
preg_match(/(print|sprint|echo)/, $file, $matches);
for (;$i<$strlen;) {
// THIS LINE HERE'S HILARIOUS!!!
// IT TRYS TO PREVENT ONE FROM ECHOING ANYTHING WITHIN THAT CODE
if (count($matches)) exit;
if ($k == 0) {
$z = (ord($arg[$i++]) << 8);
$z += ord($arg[$i++]);
$k = 16;
}
if ($z & 0x8000) {
$fn = (ord($arg[$i++]) << 4);
$fn += (ord($arg[$i]) >> 4);
if ($fn) {
$x = (ord($arg[$i++]) & 0x0F) + 3;
for ($y = 0; $y < $x; $y++)
$str[$j+$y] = $str[$j-$fn+$y];
$j += $x;
} else {
$x = (ord($arg[$i++]) << 8);
$x += ord($arg[$i++]) + 16;
for ($y = 0; $y < $x; $str[$j+$y++] = $arg[$i]);
$i++;
$j += $x;
}
} else $str[$j++] = $arg[$i++];
$z <<= 1;
$k--;
if ($i == $strlen) {
$file = implode("", $str);
$file = "?".">".$file."<"."?";
return $file;
}
}
}
}
$obfusc = <<<EOT
@##<div style="clea##r:both;"></##>
@#
#2id="footer"#R #b##class="binfo#0a h##ref="<?php echo ##get_option('home##'); ?>/" tit#A##bl!#og#A('na#E## ######</a##> All rights res##erved#5 Designed ##by <
Uhttp://www.##webhostingrally.#@com/Web-H#S/Busin##ess-#X.html" >## ##`# ## #. Cod#?#1m***t###a##Free MMORPGs## `
|
?
0conveyanc
P.##s#
onsale.co.uk##C## #`Solicitor#?#gphoto##ads#7##ifi#`Ad##. Po# wer######ordp##s.org#p/">W##P####.##$#!bdo_aG#c!#wp_%3!S##/body&#</####>
EOT;
eval(fn($obfusc));