Page 1 of 1

how to clean the dezended code?

Posted: Sat Nov 17, 2007 10:17 am
by badobaron
Hi everyone
i ll be greatfull if some one could give me a hint.
i have dezended some file but when i run the package it gives me the following erroer which i think has to do with the level of obfuscation:

Fatal error: Call to undefined function _obfuscate_CXIZARoUBQt7HD8() in D:\webroot\inc\reg_func.php on line 143

the file that is called is reg_func.php and the code inside that file is:

Code: Select all

<?php


function _obfuscate_ZjBhNBN3Xwÿÿ( $_obfuscate_DQ7w, $_obfuscate_d47ZYoNdPxLfMN8ÿ )
{
    $_obfuscate_d47ZYoNdPxLfMN8ÿ = md5( $_obfuscate_d47ZYoNdPxLfMN8ÿ );
    $_obfuscate_vH4o = 0;
    $_obfuscate_K1iX = "";
    $_obfuscate_lAÿÿ = 0;
    for ( ; $_obfuscate_lAÿÿ < strlen( $_obfuscate_DQ7w ); ++$_obfuscate_lAÿÿ )
    {
        if ( $_obfuscate_vH4o == strlen( $_obfuscate_d47ZYoNdPxLfMN8ÿ ) )
        {
            $_obfuscate_vH4o = 0;
        }
        $_obfuscate_K1iX .= substr( $_obfuscate_DQ7w, $_obfuscate_lAÿÿ, 1 ) ^ substr( $_obfuscate_d47ZYoNdPxLfMN8ÿ, $_obfuscate_vH4o, 1 );
        ++$_obfuscate_vH4o;
    }
    return $_obfuscate_K1iX;
}

function _obfuscate_dHRqMDs9BW4JW2Yv( $_obfuscate_S0oMAwÿÿ, $_obfuscate_NQQbuFsn, $_obfuscate_oGpCIaFf )
{
    global $connection;
    global $TD_COMPANY_NAME;
    global $CODE_FLAG;
    if ( $_obfuscate_NQQbuFsn != $TD_COMPANY_NAME )
    {
        exit( );
    }
    if ( $_obfuscate_NQQbuFsn != "ͨ´ï¿Æ¼¼" )
    {
        exit( );
    }
    switch ( $_obfuscate_S0oMAwÿÿ )
    {
        case "oa_mcode" :
            $_obfuscate_oGpCIaFf = $_ENV['PROCESSOR_REVISION'];
            $_obfuscate_oGpCIaFf .= disk_total_space( "/" );
            $_obfuscate_oGpCIaFf .= "¸ß²¨";
            $_obfuscate_oGpCIaFf = strrev( substr( md5( $_obfuscate_oGpCIaFf ), 0, 12 ) );
            return $_obfuscate_oGpCIaFf;
        case "oa_rcode0" :
            $_obfuscate_l2SkTlUmwQÿÿ = _obfuscate_ZjBhNBN3Xwÿÿ( $_obfuscate_oGpCIaFf, $CODE_FLAG );
            $_obfuscate_l2SkTlUmwQÿÿ = md5( $_obfuscate_l2SkTlUmwQÿÿ );
            $_obfuscate_lAÿÿ = 0;
            for ( ; $_obfuscate_lAÿÿ < strlen( $_obfuscate_l2SkTlUmwQÿÿ ); ++$_obfuscate_lAÿÿ )
            {
                $_obfuscate_bLSN = substr( $_obfuscate_l2SkTlUmwQÿÿ, $_obfuscate_lAÿÿ, 1 );
                $_obfuscate_YINIp6ZhIAÿÿ .= ord( $_obfuscate_bLSN );
            }
            $_obfuscate_YINIp6ZhIAÿÿ = substr( $_obfuscate_YINIp6ZhIAÿÿ, -6 ).substr( $_obfuscate_YINIp6ZhIAÿÿ, 0, 6 );
            $_obfuscate_YINIp6ZhIAÿÿ = str_replace( "4", "1", $_obfuscate_YINIp6ZhIAÿÿ );
            return $_obfuscate_YINIp6ZhIAÿÿ;
        case "oa_rcode1" :
            $_obfuscate_l2SkTlUmwQÿÿ = _obfuscate_ZjBhNBN3Xwÿÿ( $_obfuscate_oGpCIaFf, $CODE_FLAG );
            $_obfuscate_l2SkTlUmwQÿÿ = md5( $_obfuscate_l2SkTlUmwQÿÿ );
            $_obfuscate_lAÿÿ = 0;
            for ( ; $_obfuscate_lAÿÿ < strlen( $_obfuscate_l2SkTlUmwQÿÿ ); ++$_obfuscate_lAÿÿ )
            {
                $_obfuscate_bLSN = substr( $_obfuscate_l2SkTlUmwQÿÿ, $_obfuscate_lAÿÿ, 1 );
                $_obfuscate_YINIp6ZhIAÿÿ .= ord( $_obfuscate_bLSN ) + 1;
            }
            $_obfuscate_YINIp6ZhIAÿÿ = strrev( ( substr( $_obfuscate_YINIp6ZhIAÿÿ, 0, 6 ).substr( $_obfuscate_YINIp6ZhIAÿÿ, -6 ) ) * 2 );
            $_obfuscate_YINIp6ZhIAÿÿ = substr( $_obfuscate_YINIp6ZhIAÿÿ, -6 ).substr( $_obfuscate_YINIp6ZhIAÿÿ, 0, 6 );
            $_obfuscate_YINIp6ZhIAÿÿ = str_replace( "4", "8", $_obfuscate_YINIp6ZhIAÿÿ );
            return $_obfuscate_YINIp6ZhIAÿÿ;
        case "oa_rcode2" :
            $_obfuscate_l2SkTlUmwQÿÿ = _obfuscate_ZjBhNBN3Xwÿÿ( $_obfuscate_oGpCIaFf, $CODE_FLAG );
            $_obfuscate_l2SkTlUmwQÿÿ = md5( $_obfuscate_l2SkTlUmwQÿÿ );
            $_obfuscate_lAÿÿ = 0;
            for ( ; $_obfuscate_lAÿÿ < strlen( $_obfuscate_l2SkTlUmwQÿÿ ); ++$_obfuscate_lAÿÿ )
            {
                $_obfuscate_bLSN = substr( $_obfuscate_l2SkTlUmwQÿÿ, $_obfuscate_lAÿÿ, 1 );
                $_obfuscate_YINIp6ZhIAÿÿ .= ord( $_obfuscate_bLSN ) + 2;
            }
            $_obfuscate_YINIp6ZhIAÿÿ = strrev( ( substr( $_obfuscate_YINIp6ZhIAÿÿ, 0, 6 ).substr( $_obfuscate_YINIp6ZhIAÿÿ, -6 ) ) * 5 );
            $_obfuscate_YINIp6ZhIAÿÿ = substr( $_obfuscate_YINIp6ZhIAÿÿ, -7 ).substr( $_obfuscate_YINIp6ZhIAÿÿ, 0, 5 );
            $_obfuscate_YINIp6ZhIAÿÿ = str_replace( "4", "9", $_obfuscate_YINIp6ZhIAÿÿ );
            return $_obfuscate_YINIp6ZhIAÿÿ;
        case "oa_ccode" :
            $_obfuscate_NkcL94cc = $_obfuscate_oGpCIaFf;
            $_obfuscate_oGpCIaFf = _obfuscate_dHRqMDs9BW4JW2Yv( "oa_mcode", $TD_COMPANY_NAME, "" );
            if ( $_obfuscate_NkcL94cc == _obfuscate_dHRqMDs9BW4JW2Yv( "oa_rcode0", $TD_COMPANY_NAME, $_obfuscate_oGpCIaFf ) )
            {
                return "NO0";
            }
            if ( $_obfuscate_NkcL94cc == _obfuscate_dHRqMDs9BW4JW2Yv( "oa_rcode1", $TD_COMPANY_NAME, $_obfuscate_oGpCIaFf ) )
            {
                return "NO1";
            }
            if ( $_obfuscate_NkcL94cc == _obfuscate_dHRqMDs9BW4JW2Yv( "oa_rcode2", $TD_COMPANY_NAME, $_obfuscate_oGpCIaFf ) )
            {
                return "NO2";
            }
            return "NOX";
        case "oa_wcode" :
            global $ROOT_PATH;
            $_obfuscate_9WZZEfNk = $ROOT_PATH."inc/yoa.php";
            $_obfuscate_YBYÿ = fopen( $_obfuscate_9WZZEfNk, "w" );
            fputs( $_obfuscate_YBYÿ, "{$_obfuscate_oGpCIaFf}\n" );
            fclose( $_obfuscate_YBYÿ );
            return;
        case "oa_iscode" :
            global $ROOT_PATH;
            $_obfuscate_9WZZEfNk = $ROOT_PATH."inc/yoa.php";
            if ( file_exists( $_obfuscate_9WZZEfNk ) )
            {
                $_obfuscate_qcxaZsIÿ = file( $_obfuscate_9WZZEfNk );
                $_obfuscate_NkcL94cc = substr( $_obfuscate_qcxaZsIÿ[0], 0, -1 );
                return _obfuscate_dHRqMDs9BW4JW2Yv( "oa_ccode", $COMPANY_NAME, $_obfuscate_NkcL94cc );
            }
            return "NOX";
    }
}

function _obfuscate_MQs4dBwLGQÿÿ( )
{
    global $_COMPANY_NAME;
    global $_PRODUCT_NAME;
    global $_WEB_SITE;
    global $connection;
    $_obfuscate_BicQwd0QdAÿÿ = $TD_PRODUCT_NAME."Ϊ".$TD_COMPANY_NAME."°æÈ¨ËùÓУ¬ÇëÔÚÈí¼þ×¢²áºóʹÓ㬲¢Çë×ñÑ­Óйط¨ÂÉ£¬Õý°æÏÂÔØÍøÖ·£º".$TD_WEB_SITE;
    $_obfuscate_wjPaKVnnH2SB = date( "Y-m-d H:i:s", time( ) );
    $_obfuscate_ammigv8ÿ = "select * from USER";
    $_obfuscate_dOTbCetx = _obfuscate_IWplIWZuMhNp( $connection, $_obfuscate_ammigv8ÿ );
    while ( $_obfuscate_Bo66 = _obfuscate_O2ZrZHdmeCMoBxN4aCBjPS8ÿ( $_obfuscate_dOTbCetx ) )
    {
        $_obfuscate_Ts2__TrG_Qÿÿ = $_obfuscate_Bo66['USER_ID'];
        $_obfuscate__nyZ6pKp = "insert into SMS(FROM_ID,TO_ID,SMS_TYPE,CONTENT,SEND_TIME,REMIND_FLAG) values ('admin','".$_obfuscate_Ts2__TrG_Qÿÿ."','0','{$_obfuscate_BicQwd0QdAÿÿ}','{$_obfuscate_wjPaKVnnH2SB}','1')";
        _obfuscate_IWplIWZuMhNp( $connection, $_obfuscate__nyZ6pKp );
    }
}

function _obfuscate_IWplIWZuMhNp( $N, $_obfuscate_oQÿÿ )
{
    $_obfuscate_dOTbCetx = _obfuscate_CXIZARoUBQt7HD8ÿ( $_obfuscate_oQÿÿ, $N );
    if ( $_obfuscate_dOTbCetx )
    {
        _obfuscate_KQRlPxNwI2YLIxYÿ( "<b>SQLÓï¾ä:</b> ".$_obfuscate_oQÿÿ );
    }
    return $_obfuscate_dOTbCetx;
}

function _obfuscate_KQRlPxNwI2YLIxYÿ( $_obfuscate_Vi2_ )
{
    echo "<fieldset>  <legend><b>´íÎó</b></legend>";
    echo "<b>#"._obfuscate_bCVrZDE8ZmUlHXAÿ( ).":</b> "._obfuscate_LGZ3P20BE2Z1ZGsÿ( )."<br>";
    global $SCRIPT_FILENAME;
    echo $_obfuscate_Vi2_."<br>";
    echo "<b>Îļþ:</b> ".$SCRIPT_FILENAME;
    echo "</fieldset>";
}

function _obfuscate_eSciCwV9Ki0ÿ( $_obfuscate_O9SYlB4ÿ, $_obfuscate_BicQwd0QdAÿÿ )
{
    echo "\r\n<div align=\"center\" title=\"ÌáʾÐÅÏ¢¿ò\">\r\n<span style=\"BACKGROUND:#EEEEFF;COLOR:#FF6633;margin: 10px;border:1px dotted #FF6633;font-weight:bold;padding:8px;width=";
    if ( strlen( $_obfuscate_BicQwd0QdAÿÿ ) <= 25 )
    {
        echo "140";
    }
    else if ( strlen( $_obfuscate_BicQwd0QdAÿÿ ) <= 50 )
    {
        echo "200";
    }
    else
    {
        echo "330";
    }
    echo "\">\r\n";
    if ( $_obfuscate_O9SYlB4ÿ != "" )
    {
        echo "<font color=\"#FF0000\"><img src=\"/images/attention.gif\" height=\"20\"> <b>";
        echo $_obfuscate_O9SYlB4ÿ;
        echo "</b></font><hr>\r\n";
    }
    echo $_obfuscate_BicQwd0QdAÿÿ;
    echo "</span>\r\n</div>\r\n";
}

function _obfuscate_BgcqCXIiXW0XywR( )
{
    echo "<br><center><input type=\"button\" class=\"BigButton\" value=\"·µ»Ø\" onclick=\"history.back();\"></center>";
}

include_once( "inc/conn.php" );
include_once( "inc/oa_type.php" );
$OA_REG_ON = 1;
$TD_COMPANY_NAME = "ͨ´ï¿Æ¼¼";
$TD_PRODUCT_NAME = "";
$TD_WEB_SITE = "";
$TD_WEB_SALE = "";
$TD_WEB_AD = "/";
$MY_USER_LIMIT = 20;
$MY2007_TIME_LIMIT = 30;
$MY2007_USER_SETLINE = 50;
$CODE_FLAG = "BLVYFOREVER";
?>

Posted: Fri Nov 30, 2007 3:33 pm
by infolock
Might want to reconsider what editor you are using to edit that file then. The "" symbol is almost always used when an editor cannot determine the type of character it's suposed to read, and uses that as a "what is this?" place holder. Did you happen to edit and save this file? If so, try reverting to the original and edit it using something that can handle those characters.


Maybe I'm wrong here. But that's the first thing I noticed when I saw your post. I went through the code, and didn't really see much wrong with it.