解析PHP语言goto混淆代码恢复代码顺序及可读性(PHP)

最新推荐文章于 2024-07-01 15:28:51 发布

YUJIANYUE

最新推荐文章于 2024-07-01 15:28:51 发布

阅读量302

点赞数

文章标签： php 开发语言

本文链接：https://blog.csdn.net/YUJIANYUE/article/details/130568200

版权

使用用途
安全测试：测试你用网络工具加密的代码是否可以被快速解密。
学习参考：对自己感兴趣的源码解密用于编程学习,或了解加密解密。
安全评估：解密自己用的第三方源码是否有危险行为,比如后门、间谍行为.
不得用于
解密出售：请尊重他人劳动成果，不得公开、盗卖他人知识产权等侵权行为。
黑产：不得用于网络攻击、非法获取网络数据等违反法律法规的用途。
备注说明可解密大部分加密内容(非全)，够你用于网络安全分析及解密思路学习。

<?php
/*

建议用途
1. 安全测试：测试你用网络工具加密的代码是否可以被快速解密。
2. 学习参考：对自己感兴趣的源码解密用于编程学习,或了解加密解密。
3. 安全评估：解密自己用的第三方源码是否有危险行为,比如后门、间谍行为.
不得用于
1. 解密出售：请尊重他人劳动成果，不得公开、盗卖他人知识产权等侵权行为。
2. 黑产：不得用于网络攻击、非法获取网络数据等违反法律法规的用途。
版本说明
1. 非完美解密，仅供参考。很多正则提取替换值得学习。

*/

function logx($sta){
file_put_contents("index.php1.php.log","\r\n\r\n".$sta,FILE_APPEND);
}

function lists($tips,$arr){
if(!is_array($arr)){
echo "<h3>$tips</h3>";
if($arr=="") return false;
echo "<textarea style=\"width:99%;height:60px;\" required>";
echo htmlspecialchars($arr);
echo "</textarea>";
return false;
}
echo "<h3>$tips (".count($arr).")</h3>";
 $text = "";
foreach($arr as $t => $v){
 if(is_array($v)) $v=join("|",$v);
 $text .= "$t => $v \r\n";
}
echo "<textarea style=\"width:99%;height:60px;\" required>";
echo htmlspecialchars($text);
echo "</textarea>";
}

function Titi($str){
 global $log,$fafa;
    preg_match_all('/(\\\x[A-Fa-f0-9]{1,2}|\\\[0-9]{1,3})+/', $str, $ziti);
    $liti =array(); $lita =array();
    foreach($ziti[0] as $tiqu5){
        $lans = strlen($tiqu5); $mdx=md5($tiqu5);
        $liti[$mdx] = $lans; $lita[$mdx] = $tiqu5;
    }
    arsort($liti); $ati = "";
    foreach($liti as $md => $nb){
        $tiquc = $lita[$md]; $tsts="<!--ttss-->";
        eval("\$tsts = \"$tiquc\";");
        $ati .= "\r\n<p>$tsts <= $tiquc</p>";
        $str = str_replace($tiquc, $tsts, $str);
    }
    return $str;
}

// Step 1@read code
$coda = file_get_contents('./we7.txt');//demo/demo5.txt we7.txt
lists("Step 1 get code;","?????");

// Step 2@get all xxx
$labelRegex = '/goto\s+(\w+);/m';
preg_match_all($labelRegex, $coda, $labels);
$labels = $labels[1];
lists("Step 2 all goto xxx;",$labels);

// Step 3.1
$gotoRegex = '/goto\s+(\w+);\s+}\s+goto\s+(\w+);/m';
preg_match_all($gotoRegex, $coda, $gotosMatch);
$gotosMatch = $gotosMatch[0];
$gotos = [];
foreach ($gotosMatch as $goto) {
    preg_match($gotoRegex, $goto, $matches);
    $from = $matches[1];
    $to = $matches[2];
    $gotos[$from] = $to;
}
lists("Step 3.1:goto1 } goto2",$gotos);

// Step 3.2
$code = preg_replace_callback($gotoRegex, function ($matches) {
    $from = $matches[1];
    $to = $matches[2];
    return "goto $to; } goto $from;";
}, $coda);
lists("Step 3.1:goto2 } goto1",$code);

// Step 4
$matches = [];
preg_match_all('/(\w+):(\s+(\w+):)+/m', $code, $matches);
$matches = $matches[0];
foreach ($matches as $match) {
    preg_match_all('/(\w+):/m', $match, $index);
    $index = $index[0];
    foreach ($index as $x) {
        $z = str_replace(":", "", $x);
        $y = "goto $z; $z: ";
        $code = str_replace($x, $y, $code);
    }
}
lists("Step 4:duo xxx: xxx:",$code);

// Step 5.1
$labelCodex = '/(\w+):(.*?)goto\s+(\w+);/m';
preg_match_all($labelCodex, $code, $labelCodesMatch);
$labelCodes = [];
foreach ($labelCodesMatch[0] as $labelCode) {
    preg_match($labelCodex, $labelCode, $matches);
    $from = $matches[1];
    $codeline = $matches[2];
    $labelCodes[$from] = $codeline;
}
lists("Step 5.1:label:code ",$labelCodes);

// Step 5.2
preg_match_all($labelCodex, $code, $labelgogoxMatch);
$labelgogok = [];
foreach ($labelgogoxMatch[0] as $gogoCode) {
    preg_match($labelCodex, $gogoCode, $matches);
    $from = $matches[1];
    $to = $matches[3];
    $labelgogok[$from] = $to;
}

$labelgogos = $labelgogok; $lasde = end($labelgogok);
lists("Step 5.2:label:gogo ",$labelgogok);
lists("Step 5.2:label:gogo ",json_encode($labelgogok));

// Step 6.1
$current = $labels[0];
$labelCodas= $labelCodes; $t6 = []; 
while ($current && isset($labelCodas[$current])) { 
 $t6[] = $current;  unset($labelCodas[$current]);
 $current = $labelgogos[$current];
}
lists("Step 6.1:goto shun.xu1",$t6);

// Step 6.2
$tbs = array();
$jieguo = "|".join("|",$t6)."|";
lists("Step 6.1:goto shun.jieguo",$jieguo);
foreach ($gotos as $from => $to) {
    $current = $from; $tr = ["$current"]; 
    while ($current && isset($labelCodas[$current])) {
        unset($labelCodas[$current]); 
        $current = $labelgogos[$current];  $tr[] = $current;
    }
$lian = $tr[count($tr) - 1]; unset($tr[count($tr) - 1]);
$tbs[$lian] = $tr;
}
lists("Step 6.2:goto shun.xu2",$tbs);

$ii=0;
do {
$jixu = "F"; $ii++;
foreach ($tbs as $laste => $vals) {
if (stristr($jieguo, "|$laste|") !== false) {
if(count($vals)>1){ $vale = "|".join("|",$vals); }else{ $vale=""; }
$jieguo = str_replace("|$laste|", "$vale|ChaLiDe|$laste|", $jieguo);
$jixu = "Y"; unset($tbs[$laste]);
//echo "|$laste|==>$vale|ChaLiDe|$laste|<br>";
}
}
//echo "===> $jixu@{$ii}@Yu".count($tbs)."<br>";
} while (!empty($tbs) && $jixu != "F"); // 

$t6 = explode("|",Trim($jieguo,"|"));
lists("Step 7.1:goto shun.xu7",$t6);

// Step 8
$codenew = '';
foreach ($t6 as $label) {
    if ($labelCodes[$label]) {
        $codenew .= Trim($labelCodes[$label])."//{$label}\n";
    } elseif ($label=="ChaLiDe") {
        $codenew .= "}\n";
    } else {
        $codenew .= "";
    }
  unset($labelCodes[$label]);
}

preg_match_all('/;\s+(\w+):/m', $coda, $labelall);
$labelend = end($labelall[0]);
$etxt = explode($labelend,$coda);
$codenew .= "\r\n//".$labelend."\r\n". $etxt[1];
$codenew .= "\r\n\r\n/*\r\n";
foreach($labelCodes as $t=>$v) $codenew .= "\r\n$t => $v => ".$labelgogok[$v]; 
$codenew .= "\r\n*/\r\n";

lists("Step 8: newcode",$codenew);

$codenow = Titi($codenew);
$codenow = preg_replace('/(^\s+|\s+$|^\n+|\n+)+/m', "\r\n", $codenow);
lists("Step 9: escape",$codenow);