开发者

What does this PHP do? Is it an encoder/decoder?

开发者 https://www.devze.com 2023-01-19 07:11 出处:网络
I don\'t know PHP at all; this is more of a question of curiosity. Following the PHP function below in the text file are a few thousand characters of text, such as:

I don't know PHP at all; this is more of a question of curiosity.

Following the PHP function below in the text file are a few thousand characters of text, such as:

xnEFstUhSNWGSx5zTq4X/AUw/rtism+klrBETWg0xE1uwb49rnRxrgrgY5EEp3Y0uvTcvLqhUFOP
4n7LDLQpQ9UACTyuUjGBKmUScQCYLCP08u06t0K3nWTNiM7Q6bQMk/iZBE+UK1ywbVC1Lzr9OOEK

Does this php function encode the random-looking text into php? Can the encryption scheme be figured out from this?

EDIT: The client says he has full ownership and rights to the code, developed by someone else. How would it be decoded? Does it require a password?

<?php //003ac
if (!extension_loaded('ionCube Loader')) {
    $__oc = strtolower(substr(php_uname(), 0, 3));
    $__ln = 'ioncube_loader_' . $__oc . '_' . substr(phpversion(), 0, 3) . (($__oc == 'win') ? '.dll' : '.so');
    @dl($__ln);
    if (function_exists('_il_exec开发者_如何学运维')) {
        return _il_exec();
    }
    $__ln   = '/ioncube/' . $__ln;
    $__oid  = $__id = realpath(ini_get('extension_dir'));
    $__here = dirname(__FILE__);
    if (strlen($__id) > 1 && $__id[1] == ':') {
        $__id   = str_replace('\\', '/', substr($__id, 2));
        $__here = str_replace('\\', '/', substr($__here, 2));
    }
    $__rd = str_repeat('/..', substr_count($__id, '/')) . $__here . '/';
    $__i  = strlen($__rd);
    while ($__i--) {
        if ($__rd[$__i] == '/') {
            $__lp = substr($__rd, 0, $__i) . $__ln;
            if (file_exists($__oid . $__lp)) {
                $__ln = $__lp;
                break;
            }
        }
    }
    @dl($__ln);
} else {
    die('The file ' . __FILE__ . " is corrupted.\n");
}
if (function_exists('_il_exec')) {
    return _il_exec();
}
echo ('Site error: the file <b>' . __FILE__ . '</b> requires the ionCube 
PHP Loader ' . basename($__ln) . '  to be installed by the site administrator.');
exit(199);
?>


It's practically ioncube-encoded PHP, or obfuscated if you like. Ioncube is a non-free obfuscated-bytecode execution engine and the ioncube loader is the library which handles the obfuscated code.

Worth to mention that the 'deobfuscator' is a free library, and it's loaded in most of the PHP installations I've seen.


It's encrypted by ionCube. The ionCube extension will handle the decryption of the code. It's probably possible to decode it by yourself, but check your license agreement with the developer because it's not certain that it's legal to do so.

That part of the code will only check if the ionCube extension is installed on your server. It is not involved in the decryption of the file (I think, it's not easy to read obfuscated code :-)).


Here is the code formatted:

<?php
  //003ac
  if (!extension_loaded('ionCube Loader')) {
      $__oc = strtolower(substr(php_uname(), 0, 3));
      $__ln = 'ioncube_loader_' . $__oc . '_' . substr(phpversion(), 0, 3) . (($__oc == 'win') ? '.dll' : '.so');
      @dl($__ln);
      if (function_exists('_il_exec')) {
          return _il_exec();
      }
      $__ln = '/ioncube/' . $__ln;
      $__oid = $__id = realpath(ini_get('extension_dir'));
      $__here = dirname(__FILE__);
      if (strlen($__id) > 1 && $__id[1] == ':') {
          $__id = str_replace('\\', '/', substr($__id, 2));
          $__here = str_replace('\\', '/', substr($__here, 2));
      }
      $__rd = str_repeat('/..', substr_count($__id, '/')) . $__here . '/';
      $__i = strlen($__rd);
      while ($__i--) {
          if ($__rd[$__i] == '/') {
              $__lp = substr($__rd, 0, $__i) . $__ln;
              if (file_exists($__oid . $__lp)) {
                  $__ln = $__lp;
                  break;
              }
          }
      }
      @dl($__ln);
  } else {
      die('The file ' . __FILE__ . " is corrupted.\n");
  }
  if (function_exists('_il_exec')) {
      return _il_exec();
  }
  echo('Site error: the file <b>' . __FILE__ . '</b> requires the ionCube 
PHP Loader ' . basename($__ln) . '  to be installed by the site administrator.');
  exit(199);
?>

It looks like this checks for the ionCube Loader and decodes the encrypted php by various methods if the extension is found. Otherwise, it lets the admin know he/she needs to install the extension.

edit: looks like you formatted the text while I was answering.


According to this site, it is an encoder. I guess it is for code obfuscation.

http://www.ioncube.com/


Yes, it's to encrypt / decript PHP source. You can see at the bottom it refers to ionCube products.

0

精彩评论

暂无评论...
验证码 换一张
取 消