DevNetwork Obfuscated PHP Contest 2006

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

dranger
Forum Newbie
Posts: 6
Joined: Thu Sep 07, 2006 1:46 am

Post by dranger »

a94060 wrote:
jmilane wrote:
hawleyjr wrote:I love it :)

http://jameshawley.com/forum/devnet.php?IO0=HAWLEYJR

Code: Select all

/*iio=I$iO*/$i=O;/*$iIII1$=OIi1$o1OOIo=1iO1o$=Ooooii=IIIIi$oI1Io==1=*/
/*oi==O1=1OI*/$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO/*oiO111O=Ioo1iIIo1=oIi*/
/*IOI=oO=I1oi1I1Ii*/=/*1i$$O$o$iIioIii1=oI1*/$_GET['IO0']/*10$$IIoOI*/
/*OIiiOo1$$OiOO$Ii11io1ii1ioIO$$Io=1$o1OOIo=1iO1o$=Ooooii=IIO$$IIiII*/
/*1i1oiOioo$=1oi==ooOI1=O1i*/;/*oiOiOiOII1o1OI$$IIiO1o1IOOio==1=OiIi*/
/*11io1ii1ioIOIo=OI=$1$iOIiOi1iOOOIIOI1O1OI1O1OIooo1IIi1OOIO/*O1OOoo*/
/*oOOo11i1Ii*/;/*iIIOO*/$Io11ioO/*i$1$Io11=ioO=1iiooOI1=*/;/*i$1$Io1*/
/*=11IoIio=$iIOI=IoiIoii1$$$=IOO=i11$iIioI11OIoIOO=o=ii=oI$1=O=OIoi1*/
/*II=I=o1IoiIoOoOIOi111*/$IOOI1o1oIooiioOO1/*oo1$Ioi1o1$oi$oIi$=I1Ii*/
/*1iI$O=oOOo$iio$iOI*/=/*i$oIi$oOOo$iioOI*/create_function/*=I1iI$O=*/
/*=iIoIOO*/(/*i$oo=OoI1I*/'$oI1IO1o11I1IoO1IIoIOoOIooIo'/*oo==1I$=i=*/
/*O$IiO=I$IIO*/,/*$1OO11iOooO=oii1=*/'$oOiOOoo1IOI1OIIO=0/*i$I=1i$II*/
/*o=oOoi$O1oiI1o$iii$1$oi11=i=IioI1OOiI1*/;/*i11=i=IioII1Oo11=OooiII*/
/*oiIO$OO1i1oi1ioIOi1ooOoOooI*/for/*1$1oOi=iIooO11*/(/*1Oo1I=Io1=oO$*/
/*Ii=1o1iIoOo*/$oIoIO1ooIIIiIoOooOiOo111/*O1o$iii$1$oIi1i1iO1iIO1Ioo*/
/*o*/=/*==1OO*/0/*1=1$=1i=I$1iIi$II1Io1o1*/;/*1iiI1oO1$O1IOI1OI=ooIo*/
/*IiIOi/*1IOOIOo$IIO==o1OI1OOiiIo$1=i1$$i=oiI$O1IiIOioO1IOOIOo$IIO==*/
/*o$OooO=IIii$I11oOoIoo1I*/$oIoIO1ooIIIiIoOooOiOo111/*ioOOOOiOIIiOIi*/
/*i=IiOi$$1iiI1oO1$*/</*Oi=oO1IOI1=ooI=O1oIoioio=IIoo=O1o1I1oIo111OO*/
/*1IOI1=ooIoIoioio=IIooI==I$I=$OI*/strlen/*IIo11$$OoiiOi=oIO1iIoO=oO*/
/*IiI1=O1i1*/(/*oioO$i==OOoI11I==Oi*/$oI1IO1o11I1IoO1IIoIOoOIooIo/*o*/
/*o1$$iIIii=iOiOO=iio1I$=i1i*/)/*I$iO1$1OooiO1i11i$1*/;/*Io1oi1O1$o=*/
/*0*/$oIoIO1ooIIIiIoOooOiOo111/*1oii11iiOI=iIoIio$iio=O=I1Io==1=Ii1O*/
/*1I=ioi$$1OiO111IIIoI*/++/*o1I=o1o1OOooi1O=o*/)/*=oIOIoi1ii1oi11iI=*/
/*11O1o$=I=I1i=I1I=$1O=iI11oi11*/{/*OO=IO1OI1oIi1oO$$iioOoi1ioi$$oOi*/
/*1OI1oIi1oO$$iioOoi1ioi$$oOi1Io1iooOoOOoO=$I*/$oOiOOoo1IOI1OIIO/*I=*/
/*Oo1=i$i=Oo1IiiOO1=oiIOi1=$o*/++/*i1$i1O1IiOI1$Ii$oOo*/;/*iIooOO$1o*/
/*IiOOOO=IOOiOI$=ioo=I1Ii1o*/}/*=$i1I$=iO11II=Io$$o*/return /*=I1o1O*/
/*1iO1oiio$oIi*/$oOiOOoo1IOI1OIIO/*O1iI=iii=iII1IoIOIo=o$i*/;/*I=OiI*/
/*I*/'/*IO1Oo1I$ii11IoOI$i$$Oo1oIO*/)/*IoIo$IOiOIiO$o1I1OOOoiOoiO$o1*/
/*io$1o$OO1ii=oI=1I*/;/*I1=IiO11iIoOIo1i=I$iO*/for/*Oo111ioi1oIIIii$*/
/*iIIIoo1OO=IOiiiO1o=Ii=ooOIO*/(/*oO1OIIii$=1=oOIIiooiioOiOOoI=11oO1*/
/*1I1o1I$o1=oOoio1ioO1iO1=ioO1*/$Oo111Ii1OiIIioiOiI11i1Oi/*$iOIO11Oo*/
/*===O1oo==O$1IiIOi=OIiIIOOOi*/=/*Oi1I1O==i1o1IoIIOI1Io=iooo=IIOiOO0*/
/*iOi$==11OoOIiOii$IOIIii$=ioIIO*/$IOOI1o1oIooiioOO1/*I=iIOOOo$iI1o1*/
/*O$111$1IIi$iooO1oioIOO$ioo111o*/(/*11=i=o1OI$i$1O11IOOOiI$i=$$iO1i*/
/*O1=$I1$I$=OoIooIi1iIIiiioIi1oI*/$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO/*$*/
/*IOoooO1ii1o1=11ioo$oI=oOi*/)/*OIOOiOoI=ooiOio1i1=i$O=iOIo1O*/;/*O=*/
/*i1o=1=Ooi1oOI1oiIoOO$$1I*/$Oo111Ii1OiIIioiOiI11i1Oi/*oo1II1o$O1=I1*/
/*i$OIo1iI$11i=O=OIo$=oIoIi*/>=/*i1O=1O$1O=IoIo=oiIO1Io$1i*/0/*OO$Oo*/
/*Ii$Oo1$iIiI$=oo=O1IO*/;$Oo111Ii1OiIIioiOiI11i1Oi/*11iIiio1IO1iI1=$*/
/*o1Oo==i=Io111OOiOIOIOoiiI1iI$1I*/--/*I$111i=Ooii=oIoOO=*/)/*=1Oo11*/
/*o1=II1oOI$IiI$$ii1io1O$ooIO*/{/*I1iOO=iIO1$IoO=OI=oIIII*/echo /*O0*/
/*OOIII*/$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO/*ioi$IOi1=I11iOI=Ooiii$Io0$*/
/*oo=o1$oOoo$IIio=11oiO$iO1*/[/*Ioi11ioIi1=1o$oIO1oiO=ioIIoi11ioIi1=*/
/*==1iIOi$I==o11=III1iO1$O=ioI*/$Oo111Ii1OiIIioiOiI11i1Oi/*ioOOiOo$$*/
/*iI1O1I1===Oio$IiOiO1iOo11oO$$=I1o1I11OIoOI1o=iOi*/]/*oI1$=io=ioOii*/
/*iiioO1Ii1ooIOoiII$Oiii$=oi11o=iOO$=11iOIOo=iI*/;/*Ooi1=I=oiiOI1o$O*/
/*=1oIOI1o1I=iOooi1ioo=o=$iIoIi111i$$I=1IO1O1oO=o1*/}/*IOOi1=i1Io=iO*/
/*OIo1OooOo1iOoiI=IIoIo1$O=1$O1I$oIoiIiIoo=i1$=O$i1O1Ooo=1iI$OIIOIo1*/
There are pieces of my brain all over my keyboard.

Hurts.
id hate to be the php parser of this code
Not so bad if you have syntax highlighting (or a preprocessor!):
Take out the comments

Code: Select all

$i=O;
$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO=$_GET['IO0'];;
$Io11ioO;
$IOOI1o1oIooiioOO1=create_function('$oI1IO1o11I1IoO1IIoIOoOIooIo',
'$oOiOOoo1IOI1OIIO=0/*i$I=1i$II*/
/*o=oOoi$O1oiI1o$iii$1$oi11=i=IioI1OOiI1*/;/*i11=i=IioII1Oo11=OooiII*/
/*oiIO$OO1i1oi1ioIOi1ooOoOooI*/for/*1$1oOi=iIooO11*/(/*1Oo1I=Io1=oO$*/
/*Ii=1o1iIoOo*/$oIoIO1ooIIIiIoOooOiOo111/*O1o$iii$1$oIi1i1iO1iIO1Ioo*/
/*o*/=/*==1OO*/0/*1=1$=1i=I$1iIi$II1Io1o1*/;/*1iiI1oO1$O1IOI1OI=ooIo*/
/*IiIOi/*1IOOIOo$IIO==o1OI1OOiiIo$1=i1$$i=oiI$O1IiIOioO1IOOIOo$IIO==*/
/*o$OooO=IIii$I11oOoIoo1I*/$oIoIO1ooIIIiIoOooOiOo111/*ioOOOOiOIIiOIi*/
/*i=IiOi$$1iiI1oO1$*/</*Oi=oO1IOI1=ooI=O1oIoioio=IIoo=O1o1I1oIo111OO*/
/*1IOI1=ooIoIoioio=IIooI==I$I=$OI*/strlen/*IIo11$$OoiiOi=oIO1iIoO=oO*/
/*IiI1=O1i1*/(/*oioO$i==OOoI11I==Oi*/$oI1IO1o11I1IoO1IIoIOoOIooIo/*o*/
/*o1$$iIIii=iOiOO=iio1I$=i1i*/)/*I$iO1$1OooiO1i11i$1*/;/*Io1oi1O1$o=*/
/*0*/$oIoIO1ooIIIiIoOooOiOo111/*1oii11iiOI=iIoIio$iio=O=I1Io==1=Ii1O*/
/*1I=ioi$$1OiO111IIIoI*/++/*o1I=o1o1OOooi1O=o*/)/*=oIOIoi1ii1oi11iI=*/
/*11O1o$=I=I1i=I1I=$1O=iI11oi11*/{/*OO=IO1OI1oIi1oO$$iioOoi1ioi$$oOi*/
/*1OI1oIi1oO$$iioOoi1ioi$$oOi1Io1iooOoOOoO=$I*/$oOiOOoo1IOI1OIIO/*I=*/
/*Oo1=i$i=Oo1IiiOO1=oiIOi1=$o*/++/*i1$i1O1IiOI1$Ii$oOo*/;/*iIooOO$1o*/
/*IiOOOO=IOOiOI$=ioo=I1Ii1o*/}/*=$i1I$=iO11II=Io$$o*/return /*=I1o1O*/
/*1iO1oiio$oIi*/$oOiOOoo1IOI1OIIO/*O1iI=iii=iII1IoIOIo=o$i*/;/*I=OiI*/
/*I*/'
);
for($Oo111Ii1OiIIioiOiI11i1Oi=$IOOI1o1oIooiioOO1($iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO);$Oo111Ii1OiIIioiOiI11i1Oi>=0;$Oo111Ii1OiIIioiOiI11i1Oi--)
{
  echo $iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO[$Oo111Ii1OiIIioiOiI11i1Oi];
}
And then you just have that pesky create_function. Delete the quotes to get more syntax highlighting (it's a single string) and delete the rest of the comments:

Code: Select all

<?php
$i=O;
$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO=$_GET['IO0'];;
$Io11ioO;
$IOOI1o1oIooiioOO1=create_function('$oI1IO1o11I1IoO1IIoIOoOIooIo',
'$oOiOOoo1IOI1OIIO=0;
for($oIoIO1ooIIIiIoOooOiOo111=0; $oIoIO1ooIIIiIoOooOiOo111 < strlen($oI1IO1o11I1IoO1IIoIOoOIooIo); $oIoIO1ooIIIiIoOooOiOo111++)
{
  $oOiOOoo1IOI1OIIO++;
}
return $oOiOOoo1IOI1OIIO;'
);
for($Oo111Ii1OiIIioiOiI11i1Oi=$IOOI1o1oIooiioOO1($iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO);$Oo111Ii1OiIIioiOiI11i1Oi>=0;$Oo111Ii1OiIIioiOiI11i1Oi--)
{
  echo $iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO[$Oo111Ii1OiIIioiOiI11i1Oi];
}
Then replace the crazy vars with nicer names:

Code: Select all

<?php
// deleted two unused vars and extra semicolon
$string=$_GET['IO0'];
$length_of_string=create_function('$a',
'$n=0;
for($j=0; $j < strlen($a); $j++) { $n++; }
return $n;'
);
for($i=$length_of_string($string);$i>=0;$i--)
{
  echo $string[$i];
}
?>
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

The concept of obfuscating variable names using OoiIl01 for var names is very "pleasing" to the eye indeed!

A similar effect would be to extend the trick for hiding function calls I used (md5 their names; this way only get_defined_functions() is left visible). With a simple parser one can easily parse any php script (unless it uses some non-kosher tricks like the ones here of course, but I'm talking about general-purpose obfuscation here), change all variables to their md5s, replace function calls with md5 of function names (prefix with something - like '_' - to be sure they're valid) and insert an initialization loop in the beginning to cycle through the defined functions and assign them to the $_variables we want. The whole code will look like a mess of hex digits with punctuation, and the only visible function call will be get_defined_functions() ;) If the init loop is obfuscated in another manner, it would take some serious job with a debugger to see what's going on. Hint: eval code without eval() :)

Gotta try that sometimes..
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

dranger, that entire code chunk was unobfuscated earlier in the thread. Have you read through the thread?
User avatar
DaveTheAve
Forum Contributor
Posts: 385
Joined: Tue Oct 03, 2006 2:25 pm
Location: 127.0.0.1
Contact:

Post by DaveTheAve »

Well I thought I had an Idea, but it doesn't want to work and I don't have the time to fix it right now.

Code: Select all

<?php

$Original = array(
	'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x',
	'y','z','0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F','G','H','I','J','K','L',
	'M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'
);


$Faked = array(
	'+Reach+','+To+','+Cat+','+Apple+','+Fox+','+Computer+','+CSS+','+Steam+','+PHP+','+Neoelite+',
	'+Love+','+Woman+','+GAIM+','+DaemonTools+','+Software+','+AMD+','+Rocks+','+You+','+Are+','+Losing+',
	'+Your+','+Mind+','+With+','+The+','+Simplicity+','+Of+','+This+','+Script+','+Winamp+','+Air+','+Cloud+',
	'+Hosting+','+Sleeping+','+Meow+','+World+','+Math+','+Phishtank+','+Google+','+Skype+','+Notebook+',
	'+X-Fi+','+Linux+','+Tux+','+ATI+','+Dual-Core+','+Newegg+','+Blacklist+','+Cars+','+Mustang+','+Kevin+',
	'+Eleven+','+King+','+Spam+','+Firefox+','+Thunderbird+','+College+','+Carrie+','+David+','+Branco+','+Red+',
	'+Wolf+','+Done+'
);

function obfuscate($string) {
	global $Original, $Faked;
	$string = base64_encode($string);
	$string = str_replace($Original, $Faked, $string);
	return $string;
}

function deobfuscate($string){
	global $Original, $Faked;
	$string = str_replace($Faked, $Original, $string);
	$string = base64_decode($string);
	return $string;
}

$test = obfuscate("David Branco");

echo $test."\n\n<hr />\n\n";

echo deobfuscate($test);

?>
dranger
Forum Newbie
Posts: 6
Joined: Thu Sep 07, 2006 1:46 am

Post by dranger »

Everah wrote:dranger, that entire code chunk was unobfuscated earlier in the thread. Have you read through the thread?
I have, but I missed that code snippet because I wasn't reading through the deobfuscated code before and that version didnt include any of the original code so my eyes just glossed over it when I was re-reading the thread to see if anyone else had done it.

Plus, it hadn't been done step-by-step before, either, so... :oops:
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Hey, no blood no foul. Just didn't think you wanted to duplicate work that had already been done.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

Bump?

What is the status of this undertaking?

I'm gonna explain the tricks I used these days (when I have more time) - and I surely need the time, I've forgotten half of the stuff that happens covertly ;)

Meanwhile, here's a little strrev script that is also a palindrome ;)

Code: Select all

<?php echo strrev($_GET['s'] ); // <!-- s;) --><img src=\"{SMILIES_PATH}/icon_wink.gif\" alt=\";)\" title=\"Wink\" /><!-- s;) --> ]'s'[TEG_$(verrts ohce php?<
(Of course, you gotta replace the smiley with semicolon-closing bracket)
Post Reply