Common.php
<?php
$l11II1Ill = __FILE__;
$llII1I11l = pack('H*', '34366467656e696163746c5f734462666f');
$l1llI1II1 = $llII1I11l{14} . $llII1I11l{7} . $llII1I11l{12} . $llII1I11l{4} . $llII1I11l{1} . $llII1I11l{0} . $llII1I11l{13} . $llII1I11l{4} . $llII1I11l{8} . $llII1I11l{16} . $llII1I11l{2} . $llII1I11l{4};
eval($l1llI1II1('JEkxbDFsbDFJST0kbGxJSTFJMTFsezE1fS4kbGxJSTFJMTFsezZ9LiRsbElJMUkxMWx7MTB9LiRsbElJMUkxMWx7NH0uJGxsSUkxSTExbHsxMX0uJGxsSUkxSTExbHszfS4kbGxJSTFJMTFsezR9LiRsbElJMUkxMWx7OX0uJGxsSUkxSTExbHsxMX0uJGxsSUkxSTExbHs4fS4kbGxJSTFJMTFsezE2fS4kbGxJSTFJMTFsezV9LiRsbElJMUkxMWx7OX0uJGxsSUkxSTExbHs0fS4kbGxJSTFJMTFsezV9LiRsbElJMUkxMWx7OX0uJGxsSUkxSTExbHsxMn07JEkxMUkxbElsbD0kSTFsMWxsMUlJKCRsMTFJSTFJbGwpO2lmKCFzdHJzdHIoJEkxMUkxbElsbCwnLy_lrpjnvZHvvJp3d3cuYWxpemkubmV0ICDlupfpk7rvvJpodHRwOi8vaGl3ZWIudGFvYmFvLmNvbScpKXtleGl0O30kYWxpemk9c3RydHIoc3RyaXBfdGFncygkSTExSTFsSWxsKSwnNHNiRDZfZWdjYWZub2lkdGwnLCRsbElJMUkxMWwpO2V2YWwoJGwxbGxJMUlJMSgkYWxpemkpKTs'));
return; ?>Ce8qCeAqIOgDh-memO-8mumYv-6LuOWakOWnq-mA_-euluWNf66ul66Qhu6zu-……
某基于TP框架的订单系统公共函数的文件,被加密无法访问。出于出作者知识产权的尊重,这里对破解过程做一分析,不会贴出破解文件。
- l 11 I I 1 I l l 、 l11II1Ill、 l11II1Ill、llII1I11l ……都是混淆变量,对于没耐心和新手来说,或直接方式,替换成自己习惯的变量名称即可;
header("Content-type:text/html;charset=utf-8");
//解决google chrome 输出HTML乱码;
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
$p = __FILE__;
$ncode = pack('H*', '34366467656e696163746c5f734462666f');
$pcode = $ncode{14} . $ncode{7} . $ncode{12} . $ncode{4} . $ncode{1} . $ncode{0} . $ncode{13} . $ncode{4} . $ncode{8} . $ncode{16} . $ncode{2} . $ncode{4};
- 解密eval返回值为明码;
$encodedData = "JEkxbDFsbDFJST0kbGxJSTFJMTFsezE1fS4kbGxJSTFJMTFsezZ9LiRsbElJMUkxMWx7MTB9LiRsbElJMUkxMWx7NH0uJGxsSUkxSTExbHsxMX0uJGxsSUkxSTExbHszfS4kbGxJSTFJMTFsezR9LiRsbElJMUkxMWx7OX0uJGxsSUkxSTExbHsxMX0uJGxsSUkxSTExbHs4fS4kbGxJSTFJMTFsezE2fS4kbGxJSTFJMTFsezV9LiRsbElJMUkxMWx7OX0uJGxsSUkxSTExbHs0fS4kbGxJSTFJMTFsezV9LiRsbElJMUkxMWx7OX0uJGxsSUkxSTExbHsxMn07JEkxMUkxbElsbD0kSTFsMWxsMUlJKCRsMTFJSTFJbGwpO2lmKCFzdHJzdHIoJEkxMUkxbElsbCwnLy_lrpjnvZHvvJp3d3cuYWxpemkubmV0ICDlupfpk7rvvJpodHRwOi8vaGl3ZWIudGFvYmFvLmNvbScpKXtleGl0O30kYWxpemk9c3RydHIoc3RyaXBfdGFncygkSTExSTFsSWxsKSwnNHNiRDZfZWdjYWZub2lkdGwnLCRsbElJMUkxMWwpO2V2YWwoJGwxbGxJMUlJMSgkYWxpemkpKTs";
echo "<hr>";
echo urlsafe_b64decode($encodedData);//函数调用见文末;
- 解密后,查出加密算法
$alizi= strtr(strip_tags($enstr), '4sbD6_egcafnoidtl', $ncode);//加密算法
eval(urlsafe_b64decode($alizi));//解密;
在解密过程中, base64_decode中文容易出现乱码,推荐下面函数除冗。
function urlsafe_b64decode($string)
{
$data = str_replace(array('-', '_'), array('+', '/'), $string);
$mod4 = strlen($data) % 4;
if ($mod4) {
$data .= substr('====', $mod4);
}
return base64_decode($data);
}