I obfuscated a code with this (I got it from another SO question) via CLI
<?php
$infile=$_SERVER['argv'][1];
$outfile=$_SERVER['argv'][2];
if (!$infile || !$outfile) {
die("Usage: php {$_SERVER['argv'][0]} <input file> <output file>\n");
}
echo "Processing $infile to $outfile\n";
$data="ob_end_clean();?>";
$data.=php_strip_whitespace($infile);
// compress data
$data=gzcompress($data,9);
// encode in base64
$data=base64_encode($data);
// generate output text
$out='<?ob_start();$a=\''.$data.'\';eval(gzuncompress(base64_decode($a)));$v=ob_get_contents();ob_end_clean();?>';
// write output text
file_put_contents($outfile,$out);
The obfuscated code is this
<?php ob_start();$a='eNq1UtFq2zAUfS/0Hy4mUItkrVdIHuaqobCUwdKnPpUxjC1fx6KaZCR5JZTt2ycpspMm开发者_高级运维3d72Zt97zrnnHl1VFSjrggksZUry5e3Nsmu78zPUWulCY6e05XKT/l4Vd+s1yWGCkn3FLdDrzP0ILhEoNFxgsUFbMCUtSmvSxKl8urrisuttEml629mVLCvhKaavjNVpUJhls49kr/am5Ru8Sd/yKU2eEvI6MmpkoVs4nncb6iT/BZNWGet3OJ24CCMrVW8/l7Y87i8ODF1c5DuhA9Cg64TmmYceDRn7c7dbAHBjkPUa3wMtsnHPATauGAcnxggXaHIZCjm43Rqjnn34RrFn1aFM3fI/dqoEZsCl/VmKWPRjCNnNuL9bP66A0qhA4BVZqyB5UJULrwRu4AtqTHLQaHstwQXZvGhuMQ2M2UFs+9VdStHr8OXrFPzfAA9RvrTuWiAdb0djWQ/C1/Msy4hz9Lc3h2A1No6eG1AY3AFCxYfUMKFM9O0QTS+Z5UqeKIRD9XM3QlWlGM483gBNXBiNck/GaZZP+I2jCRd4pLnKdDqe4yUF1upU6Tr2v034dzKNisS7irnuXQ62Tg75v/v68C9fy9vzsz+nc1ZO';eval(gzuncompress(base64_decode($a)));$v=ob_get_contents();ob_end_clean();?>
I ran the code on CLI it responded appropriately, but in my browsers it didn't echo anything, just blank. Both are PHP 5.3.0 from WAMP. Why is it not echoing anything on web?
I also ran it on ideone http://ideone.com/o6PAw and it works properly. What could be the problem?
The reason it doesn't output anything is that you capture all the output into $v
and then do nothing with it.
I'm not sure why it would work from the CLI, though, because it certainly shouldn't. Perhaps, as Frank Farmer suggests, your PHP CLI doesn't have output buffering enabled, and so all the ob_*()
calls are failing silently.
精彩评论