Common.php
<?php $l11II1Ill = __FILE__; $llII1I11l = pack('H*', '34366467656e696163746c5f734462666f'); $l1llI1II1 = $llII1I11l{14} . $llII1I11l{7} . $llII1I11l{12} . $llII1I11l{4} . $llII1I11l{1} . $llII1I11l{0} . $llII1I11l{13} . $llII1I11l{4} . $llII1I11l{8} . $llII1I11l{16} . $llII1I11l{2} . $llII1I11l{4}; eval($l1llI1II1('JEkxbDFsbDFJST0kbGxJSTFJMTFsezE1fS4kbGxJSTFJMTFsezZ9LiRsbElJMUkxMWx7MTB9LiRsbElJMUkxMWx7NH0uJGxsSUkxSTExbHsxMX0uJGxsSUkxSTExbHszfS4kbGxJSTFJMTFsezR9LiRsbElJMUkxMWx7OX0uJGxsSUkxSTExbHsxMX0uJGxsSUkxSTExbHs4fS4kbGxJSTFJMTFsezE2fS4kbGxJSTFJMTFsezV9LiRsbElJMUkxMWx7OX0uJGxsSUkxSTExbHs0fS4kbGxJSTFJMTFsezV9LiRsbElJMUkxMWx7OX0uJGxsSUkxSTExbHsxMn07JEkxMUkxbElsbD0kSTFsMWxsMUlJKCRsMTFJSTFJbGwpO2lmKCFzdHJzdHIoJEkxMUkxbElsbCwnLy_lrpjnvZHvvJp3d3cuYWxpemkubmV0ICDlupfpk7rvvJpodHRwOi8vaGl3ZWIudGFvYmFvLmNvbScpKXtleGl0O30kYWxpemk9c3RydHIoc3RyaXBfdGFncygkSTExSTFsSWxsKSwnNHNiRDZfZWdjYWZub2lkdGwnLCRsbElJMUkxMWwpO2V2YWwoJGwxbGxJMUlJMSgkYWxpemkpKTs')); return; ?>Ce8qCeAqIOgDh-memO-8mumYv-6LuOWakOWnq-mA_-euluWNf66ul66Qhu6zu-…
某基于TP框架的订单系统公共函数的文件,被加密无法访问。出于出作者知识产权的尊重,这里对破解过程做一分析,不会贴出破解文件。
- l 11 I I 1 I l l 、 l11II1Ill、l11II1Ill、llII1I11l ……都是混淆变量,对于没耐心和新手来说,或直接方式,替换成自己习惯的变量名称即可;
header("Content-type:text/html;charset=utf-8"); //解决google chrome 输出HTML乱码; echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />'; $p = __FILE__; $ncode = pack('H*', '34366467656e696163746c5f734462666f'); $pcode = $ncode{14} . $ncode{7} . $ncode{12} . $ncode{4} . $ncode{1} . $ncode{0} . $ncode{13} . $ncode{4} . $ncode{8} . $ncode{16} . $ncode{2} . $ncode{4};
- 解密eval返回值为明码;
$encodedData = "JEkxbDFsbDFJST0kbGxJSTFJMTFsezE1fS4kbGxJSTFJMTFsezZ9LiRsbElJMUkxMWx7MTB9LiRsbElJMUkxMWx7NH0uJGxsSUkxSTExbHsxMX0uJGxsSUkxSTExbHszfS4kbGxJSTFJMTFsezR9LiRsbElJMUkxMWx7OX0uJGxsSUkxSTExbHsxMX0uJGxsSUkxSTExbHs4fS4kbGxJSTFJMTFsezE2fS4kbGxJSTFJMTFsezV9LiRsbElJMUkxMWx7OX0uJGxsSUkxSTExbHs0fS4kbGxJSTFJMTFsezV9LiRsbElJMUkxMWx7OX0uJGxsSUkxSTExbHsxMn07JEkxMUkxbElsbD0kSTFsMWxsMUlJKCRsMTFJSTFJbGwpO2lmKCFzdHJzdHIoJEkxMUkxbElsbCwnLy_lrpjnvZHvvJp3d3cuYWxpemkubmV0ICDlupfpk7rvvJpodHRwOi8vaGl3ZWIudGFvYmFvLmNvbScpKXtleGl0O30kYWxpemk9c3RydHIoc3RyaXBfdGFncygkSTExSTFsSWxsKSwnNHNiRDZfZWdjYWZub2lkdGwnLCRsbElJMUkxMWwpO2V2YWwoJGwxbGxJMUlJMSgkYWxpemkpKTs"; echo "<hr>"; echo urlsafe_b64decode($encodedData);//函数调用见文末;
- 解密后,查出加密算法
$alizi= strtr(strip_tags($enstr), '4sbD6_egcafnoidtl', $ncode);//加密算法 eval(urlsafe_b64decode($alizi));//解密;
在解密过程中, base64_decode中文容易出现乱码,推荐下面函数除冗。
function urlsafe_b64decode($string) { $data = str_replace(array('-', '_'), array('+', '/'), $string); $mod4 = strlen($data) % 4; if ($mod4) { $data .= substr('====', $mod4); } return base64_decode($data); }
