如何解码此PHP代码？ [英] How to decode this PHP code?

问题描述

我想解码此代码。我不知道它是什么，除了它是某种代码。
有人可以帮我吗？

I want to decode this code. I have no idea what it is, except that it is some kind of code. Can someone help me please?

    <?php    if (!function_exists("T7FC56270E7A70FA81A5935B72EACBE29"))  
{
   function T7FC56270E7A70FA81A5935B72EACBE29($TF186217753C37B9B9F958D906208506E)   
    {   
        $TF186217753C37B9B9F958D906208506E = base64_decode($TF186217753C37B9B9F958D906208506E);
        $T7FC56270E7A70FA81A5935B72EACBE29 = 0;
        $T9D5ED678FE57BCCA610140957AFAB571 = 0;
        $T0D61F8370CAD1D412F80B84D143E1257 = 0;
        $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[1]) << 8) + ord($TF186217753C37B9B9F958D906208506E[2]);
        $T3A3EA00CFC35332CEDF6E5E9A32E94DA = 3;
        $T800618943025315F869E4E1F09471012 = 0;
        $TDFCF28D0734569A6A693BC8194DE62BF = 16;
        $TC1D9F50F86825A1A2302EC2449C17196 = "";
        $TDD7536794B63BF90ECCFD37F9B147D7F = strlen($TF186217753C37B9B9F958D906208506E);
        $TFF44570ACA8241914870AFBC310CDB85 = __FILE__;
        $TFF44570ACA8241914870AFBC310CDB85 = file_get_contents($TFF44570ACA8241914870AFBC310CDB85);
        $TA5F3C6A11B03839D46AF9FB43C97C188 = 0;
        preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $TFF44570ACA8241914870AFBC310CDB85, $TA5F3C6A11B03839D46AF9FB43C97C188);
        for (;$T3A3EA00CFC35332CEDF6E5E9A32E94DA<$TDD7536794B63BF90ECCFD37F9B147D7F;)
        {
            if (count($TA5F3C6A11B03839D46AF9FB43C97C188))
                exit;
            if ($TDFCF28D0734569A6A693BC8194DE62BF == 0)
            {
                $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8);
                $TF623E75AF30E62BBD73D6DF5B50BB7B5 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]);
                $TDFCF28D0734569A6A693BC8194DE62BF = 16;
            }
            if ($TF623E75AF30E62BBD73D6DF5B50BB7B5 & 0x8000)
            {
                $T7FC56270E7A70FA81A5935B72EACBE29 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 4);
                $T7FC56270E7A70FA81A5935B72EACBE29 += (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]) >> 4);
                if ($T7FC56270E7A70FA81A5935B72EACBE29)
                {
                    $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) & 0x0F) + 3;
                    for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $T0D61F8370CAD1D412F80B84D143E1257++)
                        $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257] = $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012-$T7FC56270E7A70FA81A5935B72EACBE29+$T0D61F8370CAD1D412F80B84D143E1257];
                        $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571;
                    }
                else{
                    $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8);
                    $T9D5ED678FE57BCCA610140957AFAB571 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) + 16;
                    for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571;$TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]);       $T3A3EA00CFC35332CEDF6E5E9A32E94DA++; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571;      }     }     else $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++];     $TF623E75AF30E62BBD73D6DF5B50BB7B5 <<= 1;     $TDFCF28D0734569A6A693BC8194DE62BF--;     if ($T3A3EA00CFC35332CEDF6E5E9A32E94DA == $TDD7536794B63BF90ECCFD37F9B147D7F)     {      $TFF44570ACA8241914870AFBC310CDB85 = implode("", $TC1D9F50F86825A1A2302EC2449C17196);      $TFF44570ACA8241914870AFBC310CDB85 = "?".">".$TFF44570ACA8241914870AFBC310CDB85."<"."?";      return $TFF44570ACA8241914870AFBC310CDB85;     }    }   }  }  eval(T7FC56270E7A70FA81A5935B72EACBE29("QAAAPGRpdiBzdHlsZT0iY2xlYQAQcjpib3RoOyI+PC8BoD4NCg1ABQoCMmlkPSJmb290ZXIiAVIJAWIACGNsYXNzPSJiaW5mbwMwYSBoAAByZWY9Ijw/cGhwIGVjaG8gAABnZXRfb3B0aW9uKCdob21lAAwnKTsgPz4vIiB0aXQHQQKzYmwhuG9nBEEoJ25hAkUGgSAAGAKvAqU8L2EAAD4gQWxsIHJpZ2h0cyByZXMEAGVydmVkDDUJRGVzaWduZWQgCABieSA8ClVodHRwOi8vd3d3LgAAd2ViaG9zdGluZ3JhbGx5LgBAY29tL1dlYi1IAVMvQnVzaW4IBWVzcy0BWC5odG1sIiA+AcUgAcBgwCADFAkRLiBDb2QHPwcxbW1vaHV0wAIGYQQARnJlZSBNTU9SUEdzA4EgYAp8Cj8KMGNvbnZleWFuYwpQLhSRcwAKb25zYWxlLmNvLnVrBIBDAhggAGBTb2xpY2l0b3IFPw9ncGhvdG8YkGFkcwQ3HOFpZmkLYEFkA6IuIFBvHCB3ZXIBEBOvE6NvcmRwFwBzLm9yZwtwLyI+VwEAUAEBDLEuI+IkhyFiZG9fYUcEYyEDd3BfJTMhUwLsL2JvZHkmwDwvgAAWoT4="));  ?>

推荐答案

经过模糊处理后的外观就是这样。正如Matti所指出的，这是页脚，哈哈。完成所有这些位移位后，删除了我在代码字符串的末尾用＃替换的不可打印字符。

That's what it looks like when de-obfuscated. As Matti pointed out already, it's a footer, haha. All that bitshifting is done to remove non-printable characters which I have substituted with # in the argument string to the end of the code.

<?php
    if (!function_exists("fn"))  {
        function fn($arg) {
            $arg = base64_decode($arg);
            $fn = 0;

            $x = 0;
            $y = 0;
            $z = (ord($arg[1]) << 8) + ord($arg[2]);
            $i = 3;
            $j = 0;
            $k = 16;
            $str = "";
            $strlen = strlen($arg);
            $file = __FILE__;
            $file = file_get_contents($file);
            $matches = 0;

            preg_match(/(print|sprint|echo)/, $file, $matches);

            for (;$i<$strlen;) {
                // THIS LINE HERE'S HILARIOUS!!!
                // IT TRYS TO PREVENT ONE FROM ECHOING ANYTHING WITHIN THAT CODE
                if (count($matches)) exit;
                if ($k == 0) {
                    $z = (ord($arg[$i++]) << 8);
                    $z += ord($arg[$i++]);
                    $k = 16;
                }

                if ($z & 0x8000) {
                    $fn = (ord($arg[$i++]) << 4);
                    $fn += (ord($arg[$i]) >> 4);

                    if ($fn) {
                        $x = (ord($arg[$i++]) & 0x0F) + 3;

                        for ($y = 0; $y < $x; $y++)
                            $str[$j+$y] = $str[$j-$fn+$y];

                        $j += $x;
                    } else  {
                        $x = (ord($arg[$i++]) << 8);
                        $x += ord($arg[$i++]) + 16;

                        for ($y = 0; $y < $x; $str[$j+$y++] = $arg[$i]); 

                        $i++;
                        $j += $x;
                    }
                } else $str[$j++] = $arg[$i++];

                $z <<= 1;
                $k--;

                if ($i == $strlen) {
                    $file = implode("", $str);
                    $file = "?".">".$file."<"."?";

                    return $file;
                }
            }
        }
    }

    $obfusc = <<<EOT
@##<div style="clea##r:both;"></##>

@#
#2id="footer"#R #b##class="binfo#0a h##ref="<?php echo ##get_option('home##'); ?>/" tit#A##bl!#og#A('na#E## ######</a##> All rights res##erved#5    Designed ##by <
Uhttp://www.##webhostingrally.#@com/Web-H#S/Busin##ess-#X.html" >## ##`# ## #. Cod#?#1mmohut###a##Free MMORPGs## `
|
?
0conveyanc
P.##s#
onsale.co.uk##C## #`Solicitor#?#gphoto##ads#7##ifi#`Ad##. Po# wer######ordp##s.org#p/">W##P####.##$#!bdo_aG#c!#wp_%3!S##/body&#</####>
EOT;
    eval(fn($obfusc));

这篇关于如何解码此PHP代码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！