how to clean the dezended code?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
badobaron
Forum Newbie
Posts: 1
Joined: Thu Aug 02, 2007 7:04 am

how to clean the dezended code?

Post by badobaron »

Hi everyone
i ll be greatfull if some one could give me a hint.
i have dezended some file but when i run the package it gives me the following erroer which i think has to do with the level of obfuscation:

Fatal error: Call to undefined function _obfuscate_CXIZARoUBQt7HD8() in D:\webroot\inc\reg_func.php on line 143

the file that is called is reg_func.php and the code inside that file is:

Code: Select all

<?php


function _obfuscate_ZjBhNBN3Xwÿÿ( $_obfuscate_DQ7w, $_obfuscate_d47ZYoNdPxLfMN8ÿ )
{
    $_obfuscate_d47ZYoNdPxLfMN8ÿ = md5( $_obfuscate_d47ZYoNdPxLfMN8ÿ );
    $_obfuscate_vH4o = 0;
    $_obfuscate_K1iX = "";
    $_obfuscate_lAÿÿ = 0;
    for ( ; $_obfuscate_lAÿÿ < strlen( $_obfuscate_DQ7w ); ++$_obfuscate_lAÿÿ )
    {
        if ( $_obfuscate_vH4o == strlen( $_obfuscate_d47ZYoNdPxLfMN8ÿ ) )
        {
            $_obfuscate_vH4o = 0;
        }
        $_obfuscate_K1iX .= substr( $_obfuscate_DQ7w, $_obfuscate_lAÿÿ, 1 ) ^ substr( $_obfuscate_d47ZYoNdPxLfMN8ÿ, $_obfuscate_vH4o, 1 );
        ++$_obfuscate_vH4o;
    }
    return $_obfuscate_K1iX;
}

function _obfuscate_dHRqMDs9BW4JW2Yv( $_obfuscate_S0oMAwÿÿ, $_obfuscate_NQQbuFsn, $_obfuscate_oGpCIaFf )
{
    global $connection;
    global $TD_COMPANY_NAME;
    global $CODE_FLAG;
    if ( $_obfuscate_NQQbuFsn != $TD_COMPANY_NAME )
    {
        exit( );
    }
    if ( $_obfuscate_NQQbuFsn != "ͨ´ï¿Æ¼¼" )
    {
        exit( );
    }
    switch ( $_obfuscate_S0oMAwÿÿ )
    {
        case "oa_mcode" :
            $_obfuscate_oGpCIaFf = $_ENV['PROCESSOR_REVISION'];
            $_obfuscate_oGpCIaFf .= disk_total_space( "/" );
            $_obfuscate_oGpCIaFf .= "¸ß²¨";
            $_obfuscate_oGpCIaFf = strrev( substr( md5( $_obfuscate_oGpCIaFf ), 0, 12 ) );
            return $_obfuscate_oGpCIaFf;
        case "oa_rcode0" :
            $_obfuscate_l2SkTlUmwQÿÿ = _obfuscate_ZjBhNBN3Xwÿÿ( $_obfuscate_oGpCIaFf, $CODE_FLAG );
            $_obfuscate_l2SkTlUmwQÿÿ = md5( $_obfuscate_l2SkTlUmwQÿÿ );
            $_obfuscate_lAÿÿ = 0;
            for ( ; $_obfuscate_lAÿÿ < strlen( $_obfuscate_l2SkTlUmwQÿÿ ); ++$_obfuscate_lAÿÿ )
            {
                $_obfuscate_bLSN = substr( $_obfuscate_l2SkTlUmwQÿÿ, $_obfuscate_lAÿÿ, 1 );
                $_obfuscate_YINIp6ZhIAÿÿ .= ord( $_obfuscate_bLSN );
            }
            $_obfuscate_YINIp6ZhIAÿÿ = substr( $_obfuscate_YINIp6ZhIAÿÿ, -6 ).substr( $_obfuscate_YINIp6ZhIAÿÿ, 0, 6 );
            $_obfuscate_YINIp6ZhIAÿÿ = str_replace( "4", "1", $_obfuscate_YINIp6ZhIAÿÿ );
            return $_obfuscate_YINIp6ZhIAÿÿ;
        case "oa_rcode1" :
            $_obfuscate_l2SkTlUmwQÿÿ = _obfuscate_ZjBhNBN3Xwÿÿ( $_obfuscate_oGpCIaFf, $CODE_FLAG );
            $_obfuscate_l2SkTlUmwQÿÿ = md5( $_obfuscate_l2SkTlUmwQÿÿ );
            $_obfuscate_lAÿÿ = 0;
            for ( ; $_obfuscate_lAÿÿ < strlen( $_obfuscate_l2SkTlUmwQÿÿ ); ++$_obfuscate_lAÿÿ )
            {
                $_obfuscate_bLSN = substr( $_obfuscate_l2SkTlUmwQÿÿ, $_obfuscate_lAÿÿ, 1 );
                $_obfuscate_YINIp6ZhIAÿÿ .= ord( $_obfuscate_bLSN ) + 1;
            }
            $_obfuscate_YINIp6ZhIAÿÿ = strrev( ( substr( $_obfuscate_YINIp6ZhIAÿÿ, 0, 6 ).substr( $_obfuscate_YINIp6ZhIAÿÿ, -6 ) ) * 2 );
            $_obfuscate_YINIp6ZhIAÿÿ = substr( $_obfuscate_YINIp6ZhIAÿÿ, -6 ).substr( $_obfuscate_YINIp6ZhIAÿÿ, 0, 6 );
            $_obfuscate_YINIp6ZhIAÿÿ = str_replace( "4", "8", $_obfuscate_YINIp6ZhIAÿÿ );
            return $_obfuscate_YINIp6ZhIAÿÿ;
        case "oa_rcode2" :
            $_obfuscate_l2SkTlUmwQÿÿ = _obfuscate_ZjBhNBN3Xwÿÿ( $_obfuscate_oGpCIaFf, $CODE_FLAG );
            $_obfuscate_l2SkTlUmwQÿÿ = md5( $_obfuscate_l2SkTlUmwQÿÿ );
            $_obfuscate_lAÿÿ = 0;
            for ( ; $_obfuscate_lAÿÿ < strlen( $_obfuscate_l2SkTlUmwQÿÿ ); ++$_obfuscate_lAÿÿ )
            {
                $_obfuscate_bLSN = substr( $_obfuscate_l2SkTlUmwQÿÿ, $_obfuscate_lAÿÿ, 1 );
                $_obfuscate_YINIp6ZhIAÿÿ .= ord( $_obfuscate_bLSN ) + 2;
            }
            $_obfuscate_YINIp6ZhIAÿÿ = strrev( ( substr( $_obfuscate_YINIp6ZhIAÿÿ, 0, 6 ).substr( $_obfuscate_YINIp6ZhIAÿÿ, -6 ) ) * 5 );
            $_obfuscate_YINIp6ZhIAÿÿ = substr( $_obfuscate_YINIp6ZhIAÿÿ, -7 ).substr( $_obfuscate_YINIp6ZhIAÿÿ, 0, 5 );
            $_obfuscate_YINIp6ZhIAÿÿ = str_replace( "4", "9", $_obfuscate_YINIp6ZhIAÿÿ );
            return $_obfuscate_YINIp6ZhIAÿÿ;
        case "oa_ccode" :
            $_obfuscate_NkcL94cc = $_obfuscate_oGpCIaFf;
            $_obfuscate_oGpCIaFf = _obfuscate_dHRqMDs9BW4JW2Yv( "oa_mcode", $TD_COMPANY_NAME, "" );
            if ( $_obfuscate_NkcL94cc == _obfuscate_dHRqMDs9BW4JW2Yv( "oa_rcode0", $TD_COMPANY_NAME, $_obfuscate_oGpCIaFf ) )
            {
                return "NO0";
            }
            if ( $_obfuscate_NkcL94cc == _obfuscate_dHRqMDs9BW4JW2Yv( "oa_rcode1", $TD_COMPANY_NAME, $_obfuscate_oGpCIaFf ) )
            {
                return "NO1";
            }
            if ( $_obfuscate_NkcL94cc == _obfuscate_dHRqMDs9BW4JW2Yv( "oa_rcode2", $TD_COMPANY_NAME, $_obfuscate_oGpCIaFf ) )
            {
                return "NO2";
            }
            return "NOX";
        case "oa_wcode" :
            global $ROOT_PATH;
            $_obfuscate_9WZZEfNk = $ROOT_PATH."inc/yoa.php";
            $_obfuscate_YBYÿ = fopen( $_obfuscate_9WZZEfNk, "w" );
            fputs( $_obfuscate_YBYÿ, "{$_obfuscate_oGpCIaFf}\n" );
            fclose( $_obfuscate_YBYÿ );
            return;
        case "oa_iscode" :
            global $ROOT_PATH;
            $_obfuscate_9WZZEfNk = $ROOT_PATH."inc/yoa.php";
            if ( file_exists( $_obfuscate_9WZZEfNk ) )
            {
                $_obfuscate_qcxaZsIÿ = file( $_obfuscate_9WZZEfNk );
                $_obfuscate_NkcL94cc = substr( $_obfuscate_qcxaZsIÿ[0], 0, -1 );
                return _obfuscate_dHRqMDs9BW4JW2Yv( "oa_ccode", $COMPANY_NAME, $_obfuscate_NkcL94cc );
            }
            return "NOX";
    }
}

function _obfuscate_MQs4dBwLGQÿÿ( )
{
    global $_COMPANY_NAME;
    global $_PRODUCT_NAME;
    global $_WEB_SITE;
    global $connection;
    $_obfuscate_BicQwd0QdAÿÿ = $TD_PRODUCT_NAME."Ϊ".$TD_COMPANY_NAME."°æÈ¨ËùÓУ¬ÇëÔÚÈí¼þ×¢²áºóʹÓ㬲¢Çë×ñÑ­Óйط¨ÂÉ£¬Õý°æÏÂÔØÍøÖ·£º".$TD_WEB_SITE;
    $_obfuscate_wjPaKVnnH2SB = date( "Y-m-d H:i:s", time( ) );
    $_obfuscate_ammigv8ÿ = "select * from USER";
    $_obfuscate_dOTbCetx = _obfuscate_IWplIWZuMhNp( $connection, $_obfuscate_ammigv8ÿ );
    while ( $_obfuscate_Bo66 = _obfuscate_O2ZrZHdmeCMoBxN4aCBjPS8ÿ( $_obfuscate_dOTbCetx ) )
    {
        $_obfuscate_Ts2__TrG_Qÿÿ = $_obfuscate_Bo66['USER_ID'];
        $_obfuscate__nyZ6pKp = "insert into SMS(FROM_ID,TO_ID,SMS_TYPE,CONTENT,SEND_TIME,REMIND_FLAG) values ('admin','".$_obfuscate_Ts2__TrG_Qÿÿ."','0','{$_obfuscate_BicQwd0QdAÿÿ}','{$_obfuscate_wjPaKVnnH2SB}','1')";
        _obfuscate_IWplIWZuMhNp( $connection, $_obfuscate__nyZ6pKp );
    }
}

function _obfuscate_IWplIWZuMhNp( $N, $_obfuscate_oQÿÿ )
{
    $_obfuscate_dOTbCetx = _obfuscate_CXIZARoUBQt7HD8ÿ( $_obfuscate_oQÿÿ, $N );
    if ( $_obfuscate_dOTbCetx )
    {
        _obfuscate_KQRlPxNwI2YLIxYÿ( "<b>SQLÓï¾ä:</b> ".$_obfuscate_oQÿÿ );
    }
    return $_obfuscate_dOTbCetx;
}

function _obfuscate_KQRlPxNwI2YLIxYÿ( $_obfuscate_Vi2_ )
{
    echo "<fieldset>  <legend><b>´íÎó</b></legend>";
    echo "<b>#"._obfuscate_bCVrZDE8ZmUlHXAÿ( ).":</b> "._obfuscate_LGZ3P20BE2Z1ZGsÿ( )."<br>";
    global $SCRIPT_FILENAME;
    echo $_obfuscate_Vi2_."<br>";
    echo "<b>Îļþ:</b> ".$SCRIPT_FILENAME;
    echo "</fieldset>";
}

function _obfuscate_eSciCwV9Ki0ÿ( $_obfuscate_O9SYlB4ÿ, $_obfuscate_BicQwd0QdAÿÿ )
{
    echo "\r\n<div align=\"center\" title=\"ÌáʾÐÅÏ¢¿ò\">\r\n<span style=\"BACKGROUND:#EEEEFF;COLOR:#FF6633;margin: 10px;border:1px dotted #FF6633;font-weight:bold;padding:8px;width=";
    if ( strlen( $_obfuscate_BicQwd0QdAÿÿ ) <= 25 )
    {
        echo "140";
    }
    else if ( strlen( $_obfuscate_BicQwd0QdAÿÿ ) <= 50 )
    {
        echo "200";
    }
    else
    {
        echo "330";
    }
    echo "\">\r\n";
    if ( $_obfuscate_O9SYlB4ÿ != "" )
    {
        echo "<font color=\"#FF0000\"><img src=\"/images/attention.gif\" height=\"20\"> <b>";
        echo $_obfuscate_O9SYlB4ÿ;
        echo "</b></font><hr>\r\n";
    }
    echo $_obfuscate_BicQwd0QdAÿÿ;
    echo "</span>\r\n</div>\r\n";
}

function _obfuscate_BgcqCXIiXW0XywR( )
{
    echo "<br><center><input type=\"button\" class=\"BigButton\" value=\"·µ»Ø\" onclick=\"history.back();\"></center>";
}

include_once( "inc/conn.php" );
include_once( "inc/oa_type.php" );
$OA_REG_ON = 1;
$TD_COMPANY_NAME = "ͨ´ï¿Æ¼¼";
$TD_PRODUCT_NAME = "";
$TD_WEB_SITE = "";
$TD_WEB_SALE = "";
$TD_WEB_AD = "/";
$MY_USER_LIMIT = 20;
$MY2007_TIME_LIMIT = 30;
$MY2007_USER_SETLINE = 50;
$CODE_FLAG = "BLVYFOREVER";
?>
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

Might want to reconsider what editor you are using to edit that file then. The "" symbol is almost always used when an editor cannot determine the type of character it's suposed to read, and uses that as a "what is this?" place holder. Did you happen to edit and save this file? If so, try reverting to the original and edit it using something that can handle those characters.


Maybe I'm wrong here. But that's the first thing I noticed when I saw your post. I went through the code, and didn't really see much wrong with it.
Post Reply