Tag: encode
Hacking eval and base64 php “encrypt”
by z3n on Nov.17, 2010, under Coding
Problem:
There are some paranoid coders that nest many eval + base64 one inside the other in order to protect the code. This is not a real ecrypt method, just a lame way to avoid users from removing the annyoing banner by the cost or overloading the server.
example of this type of scheme:
<?php eval(gzinflate(base64_decode('DZbHsqRYEkR/pXddZSxINFhPTxlaa81m7CY6E63h6+ftw3xx3CPC//z3P3+mZvqrPED3q37aoerAVv56g7Uk8f8VZT4W5a+/hQggyx6r7LFHVJLJeq5/q2LyaNXPeiQZG214mBKO3/XtUwEMwzvsJCYDd3EFYHIps+NByYiC7k3fNEOA249etYeRYNjt+/bqV9PH9t4SodpQemOi7fJHwyoCI5X+5zHNQ1BItfskwcnGsApP0glEui2i0OBZtvL9fqdEsSkSI9zJ29cRLlliDmSc0IS9QSOKolZm4bSxqS1Wo4VXW+vSfpfYxEJxxzMivV7mzr1GeB7zvrLumPQYQ4kryUKsQfqs8t1llujDJGoyfCg1/lfej7S6DZqQm5+5LDL2Ouef5HykumQi9sWi+yVjQKwhMddtzBLBsPo7kKb6M7w56jmKUk4DrO/Mcp2cBI0YpHga8ul2BAT3tkiI9Zr8rfrGjAmIdWW7vltXCL1c/fUD59vFpSNXdHmj5GBrX/nO1ldluWsNguWuJHU+KZRlzIToiZ69RL5mFrt1AxiSxLGRM9UDyP6g/QddWHQ8J9sVq6/2iPFRSBtiV61rIE8kkOvw3Ru04fkTR7qvT23W0hqnqOv3mgCmlpVkXCqDpAOK0qtNN6t7/iThLOJfZUpSuOynLmLlS79cSYyXtOHwrmaHx2o2kpyI/DoHWT0vpJeRahQ588NmBnLFmp27UsekjsYF73nROcey9hkqqf5KtHvlZgMiMSosr/uDko2NHol1TvKFWjTXFkqUnLKLRqG2F90pO4XFglJvX5lnFmJMLX0ToCKNbKnRrNdsZ55fqMm3PdiApfaH2TTF4tn3J1j4cWyDct69BiQyQ+wiuXVRtwb2fOqc+zRKJaExcjud5O51mkggXPqRFsFHfSOHWRDDUJtv/m6S6qU+BBF+Z/dTDtmjRowWMyc4Bm2BtEWng4je1wW55OBR5D2UHO70Kx+Kmw+a1Xn+PQZ2LUWjGNfmxqFQpe/Yelgcl2yhm7nxg7OhaS90rWj0eFxhlHI482DEHdW6+96lYP/q7DsLg0AmhdCDblQqLYDbh5nT1irZlb7E3gaCoJ/QOK8Hy65OtcPVqXzEnkSRK3TkUR1+dv8UHG9JkA7XFi6ax8YU96Ejp97rWIrODdiIJySRdUcVXvVz1smYAl9eoCsZqTcuxsze7hXqqSoFvfzWyuiV4Sh5KJvsYCFg/pBCw0yFaTMPAOFuh7Q2rzPXvoeaxfyR9FkBP2bVtHE90hFP8WBJ5cmX3pHAjH2PBHXp2qIsT2JsVmMxJ/zQYON+MgICkd5D997b90iuEK93/gZQh7SCOLJIC/ipppZJATJ6KOi+onjLBNLDdbYPZNCIW4I89mBRQnUfKCXpO1xLyX2/gdROPTSY7+jRr0UcsukLpRcmh5XvBJjMv9NFBKXs6X7O+tBcBvV6IACC2LP02h81J84ORhZObsOk60rKfbiy1YatyvPQi2Zokc8UxtH1uIO+pq2lHKR/N7NUvsRyAYXXfuIkC8IVweuIOsLkvoa7zjayWoR0rQiXNoSDMmjSIezydb8gqSootA3SiqmdlB4yRaR8H00KNuxf4jNA/gmq8cR6oKz9iL0UvF5AYMjZAfXK9/DKCU+ptYnGn0OXmhSEA9ilPBmU+6U4AFV4N1dQTFIawCknvKdIUqKK6VyypD6o1aKR2DYgyHk6d273dWatnzQOKCAbgdCN9xjWLJtguuklftOlAQ3xGQEIzBUivQNA+zPurDUsWTpczD2xaUHkU5bmZK4hGybrGPu4KpyNoT2PlxzlKpmjwgULrXcWZzLl5Y7XFZGkhpfAr6APSOiOIghWZvzq79f6BMFrFvzogOoblye+tfoxR2Qjby3GTLGzqAY9HMtya+6mICRsEff4beoSnQ+x20XFjJUf/cyGPVWIddtwbEpkYZjxAhEsjwnDkG0olgafeYrJOAzhoYSxTBUarwzhTr5JiBz875cWavW8g5FJFUreiUDqjPZ75Tam/PxDVDdvR6noi3UI8iEToySCtUCItjKkPOLKNX9PkRSoFUs9mgqx7OXLEHUI2ZHLZQyY3QudPX59zdrZ+fvFG0q3+WyRT7fmhZB6Z0LbihCpOp1n4XsbhxOweJkEGYSoRqZyanzVnD2P+OKva1lYLuHOcUXPh6+zR5jc3BzLll0GHnporrjAL+Hq8tDEcF6d9H7rEPFVfa44RRDlB90kBmJM4DkRbD/mnbOJBM+7O2QBi4he6UPmjkLv6yMJekDmSTZD/tCRXoAQiLMlVfhGC8id6mHF72SZf2SnXqZLLEqNznVBc6/L5XFjM5X4hdiv5Nsp9XvzCeOMhE/B3wPWihKIGQwHvZDqm80HLyHrjuYaQqIOOFTr5fgVaqrsZmyOEDn/46AAwxQDwTlcwRgBBQ7Mnf/++/fv37//+evPT4f6Pw=='))); ?>
Solution:
I wrote a little function for this before, to break reviewitonline.net’s “protection”. Now i have a full class with better handling and able to decode subfolders.
There you go:
<?php
// (c) z3n - R1V1@100503 - www.overflow.biz - rodrigo.orph@gmail.com
class eval_hack {
protected $temp;
protected $dest;
protected $tdir = array();
protected $tfile = array();
protected $ext = array("php");
public function __construct($folder, $temp = "temp/", $dest = "decoded/") {
$this->o("(c) z3n - R1V1@100503 - www.overflow.biz - rodrigo.orph@gmail.com");
$this->temp = $temp;
$this->dest = $dest;
if ($this->check())
$this->process($folder);
}
protected function check() {
if (file_exists($this->temp) && is_writable($this->temp)) {
if (file_exists($this->dest) && is_writable($this->dest)) {
return true;
} else {
$this->o("Destination path (".$this->dest.") is not writable / don't exists");
}
} else {
$this->o("Temp path (".$this->temp.") is not writable / don't exists");
}
return false;
}
protected function save($fn, $content) {
$fn = $this->dest . $fn;
@ mkdir (dirname($fn), 0777, true);
return file_put_contents($fn, $content);
}
protected function process($folder) {
if (file_exists($folder) && is_readable($folder)) {
for ($this->tdir[0] = $folder, $i = 0;$i < count($this->tdir);$i++) {
$this->o("Processing: ".$this->tdir[$i]."...");
$this->rddir($this->tdir[$i]);
for ($j = 0,$k = count($this->tfile), $this->o("Found: ".$k." files");$j < $k;$j++) {
$fn = $this->tdir[$i] . "/" . $this->tfile[$j];
if (file_exists($fn) && !is_dir($fn) && filesize($fn) > 0) {
$ext = strtolower(substr($fn,strrpos($fn,".")-strlen($fn)+1));
if (in_array($ext,$this->ext)) {
$this->o("Decoding: ".$fn);
$str = $this->decode(file_get_contents($fn));
if ($str === false) {
$this->o("Error decoding: ".$fn);
} else { // save file to new path
$this->save($fn, $str);
}
}
} elseif (is_dir($fn) && $this->tfile[$j] != "." && $this->tfile[$j] != "..") {
$this->tdir[] = $fn;
}
}
$this->tfile = array();
}
} else {
$this->o("Process path (".$folder.") is invalid");
}
}
protected function rddir($dir) { /* v2.17-OO */
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if ($file != "." && $file != "..") {
if (is_dir($dir . $file))
$this->tdir[] = $dir . $file;
else
$this->tfile[] = $file;
}
}
closedir($dh);
}
}
}
public function decode($x, $cut_crap = true) {
/**
* @param $x string with the file
* @return false | string
*/
for ($i = 0;strpos($x,"eval(") !== false;$i++) {
$this->o(".", false);
file_put_contents($this->temp . "x" . $i . ".php",str_replace("eval(","file_put_contents('".$this->temp."y".$i.".php',",$x));
exec("php ".$this->temp."x".$i.".php");
unlink($this->temp . "x".$i.".php");
if ($i > 0)
unlink($this->temp . "y".($i - 1).".php");
$x = file_get_contents($this->temp . "y".$i.".php");
}
$this->o($i . " nested");
if (file_exists($this->temp . "y". ($i - 1).".php")) {
unlink($this->temp . "y" . ($i - 1) . ".php");
if ($cut_crap) {
if (substr($x, 0, 7) == "?><?php")
$x = substr($x, 2);
if (substr($x, -4) == "?><?")
$x = substr($x, 0, -4);
}
return $x;
} else {
return false;
}
}
private function o($msg, $nl = true) {
echo $msg.($nl ? "\n" : "");
}
}
if (php_sapi_name() != "cli")
die("You must run this on CLI");
if (!isset($argv[1]))
die("Usage: ".$_SERVER['PHP_SELF']." <folder/to/hack/> [temp folder] [destination folder]");
$hack = new eval_hack($argv[1], isset($argv[2]) ? $argv[2] : "temp/", isset($argv[3]) ? $argv[3] : "decoded/");
?>
As for the people who really want to protect their code, you might want to have it on zend or ioncube, although they are also engineering reverible, just a bit harder.
json decode fails on non utf-8
by z3n on Mar.16, 2010, under Coding, Tips & Hints
Problem:
When sending a non utf-8 string as json, the decoding fails.
Solution:
PHP works as utf-8 as default, since i’m using strings with accents (áéíóú..) those are taken as iso-8859-1. Client-side script will not send as utf-8, not even if you force it, so the best solution is convert the json object’s encoding. You may also want to encode your string as plain chars (I use base64) to avoid issues with IE.
Code would look like this:
$json=json_decode(iconv(‘ISO-8859-1′,’UTF-8′,base64_decode($input)),true);
If you’re working with different charsets just change the iso-8859-1, remember that if you’re working with multibyte chars, such as japanese, chinese, etc, you will need to use the mb functions instead.
Sources:
Pablo Viquez (A solution pretty much like mine but for sending data instead)
