发表新帖
发表新帖

decoding eval(base64_decode))

后端 未结
关注
1 1623
清酒与你
清酒与你 2021-01-17 08:22

I am trying to decode this code. I know it can be done by changing eval to echo. But in this case its not working. Is i am making any mistake. This is my encoded_file.php co

相关标签:
1条回答
  • 不要未来只要你来
    2021-01-17 08:34

    Here are the steps which are needed to decode this (note - I've renamed variables/functions for clarity):

    1. We see that this script reads content of itself, so we can assume - we cannot change this file

    so lets create new file with this content and change this file:

    $encoded=file('another_file.txt');

    2. Then we can change first eval to echo and all other evals should be commented:

    here is first line:

    echo base64_decode("aWYoIWZ1bmN0aW9uX2V4aXN0cygiWWl1bklVWTc2YkJodWhOWUlPOCIpKXtmdW5jdGlvbiBZaXVuSVVZNzZiQmh1aE5ZSU84KCRnLCRiPTApeyRhPWltcGxvZGUoIlxuIiwkZyk7JGQ9YXJyYXkoNjU1LDIzNiw0MCk7aWYoJGI9PTApICRmPXN1YnN0cigkYSwkZFswXSwkZFsxXSk7ZWxzZWlmKCRiPT0xKSAkZj1zdWJzdHIoJGEsJGRbMF0rJGRbMV0sJGRbMl0pO2Vsc2UgJGY9dHJpbShzdWJzdHIoJGEsJGRbMF0rJGRbMV0rJGRbMl0pKTtyZXR1cm4oJGYpO319");

    this will give us:

    if(!function_exists("getSubString"))
{
    function getSubString($g,$b=0)
    {
        $a=implode("\n",$g);
        $d=array(655,236,40);
        if($b==0) $f=substr($a,$d[0],$d[1]);
        elseif($b==1) $f=substr($a,$d[0]+$d[1],$d[2]);
        else $f=trim(substr($a,$d[0]+$d[1]+$d[2]));
        return $f;
    }
}

    3. Now we can remove first echo/eval and go to 2nd one:

    here is 2nd line:

    echo base64_decode(getSubString($encoded));

    give us:

    if(!function_exists("decodeCode"))
{
    function decodeCode($a,$h)
    {
        if($h==sha1($a))
        {
            return(gzinflate(base64_decode($a)));
        }
        else
        {
            echo("Error: File Modified");
        }
    }
}

    4. we can remove it and go to last eval:

    here is it:

    echo decodeCode(getSubString($encoded,2),getSubString($encoded,1));

    and we see final code:

    /**
* @site #####
* @copyright 2010
*/
include 'config.php';
$id=$_GET['id'];
if(isset($id))
{
    header("Content-type: image/jpeg");
    $url='http://#####/siteuploads/thumb/'.$id;
    $path=pathinfo($url);
    header('Content-Disposition: attachment; filename="'.$path['basename'].'"');
    $img=imagecreatefromjpeg($url);
    $red=imagecolorallocate($img,255,155,255);
    imagestring($img,2,1,2,$site,$red);
    echo imagejpeg($img);
}
    0 讨论(0)
 看不清?
提交回复
热议问题