Page 1 of 1

encoder?

Posted: Sat Nov 25, 2006 6:00 pm
by mrwhitee

Code: Select all

<?php $V22867077047685daaf257241938a3bd3=gzinflate(base64_decode('DdfXYrKKFg much more code here and then the end part +(3+($Vc3d7b499c317359a4032955366c2f835%3)));};eval($Vbfe51500396fd074fca81a221bcf9991); ?>
Can some one tell me what this is likely to be encoded with? I didnt show the whole code as not to upset anyone. I dont believe its just base 64 because I havent been able to decode it with all the base 64 decoders. Before you ask, I did pay for this and its just this one file out of the many I need decoded as it doesnt work worth a flip as it is and the author is not answering my emails to have a change made to it so I need to do it my self. As it stands now I have just wasted my money on this poorly written script although a small change would make it ok.

Posted: Sat Nov 25, 2006 6:03 pm
by brendandonhue
Just change "eval" to "echo" and it will print the code for you.

Posted: Sat Nov 25, 2006 6:19 pm
by mrwhitee
Just did that and it gives me different code like this now.

Code: Select all

$V0418c9bc4ade1c5c9432e3a025c98675='BHa5)c$J a lot more code here and the end  (3+($V8ade34a8146fb6b2fab682ea88957657%3))));};eval(str_replace("====@@@@!!!!====@@@@!!!!","?",str_replace("----____--------____----",">",str_replace("----___--------___----","<","====@@@@!!!!====@@@@!!!!----____--------____----".$V733468844ff030d892019df2e2d8349c."----___--------___----====@@@@!!!!====@@@@!!!!"))));
I tied changing the eval to echo again but didnt work on the second try.

Posted: Sat Nov 25, 2006 6:26 pm
by brendandonhue
Changing eval to echo will give you the code the script is running, if you can post the whole thing I can take a shot at it.

Posted: Sat Nov 25, 2006 6:35 pm
by John Cartwright
now change the next eval to echo, to get the next layer of encoded code. I recently wrote a decryptor to something similar, it wen't along the lines of (untested)

Code: Select all

ob_start();
$file = file_get_contents('/file/to/decrypt.php');

if ($file) {
   do {
      $file = str_replace('eval', 'echo', $file);
      eval($file);      
      $file = ob_get_contents();
      $decrypt = strstr($file, 'eval');
   } while ($decrypt);

   echo $file;
}

Posted: Sat Nov 25, 2006 6:39 pm
by mrwhitee
Yes I tried replacing the next eval with echo and added php tags but it didnt do anything. Actually it just printed ><.

Posted: Sat Nov 25, 2006 6:45 pm
by brendandonhue
From your PM it looks like you might need to only change the last eval() in the script to an echo. Can't really tell from the snippets we've seen.

Posted: Sat Nov 25, 2006 6:50 pm
by mrwhitee
Ill pm you the whole code.

Posted: Sat Nov 25, 2006 7:13 pm
by brendandonhue
Ok, that code checks your domain license and forwards to http://www.bcsengineering.com/violation.php
I'm not so sure that we should be decoding this.

Posted: Sat Nov 25, 2006 7:16 pm
by mrwhitee
Is that all it does? if so I am not in the correct file that I need to modify. I was sure that was the one I needed though. Maybe it is but also does the check like you say.