Page 6 of 6

Posted: Mon Sep 25, 2006 2:24 am
by dranger
a94060 wrote:
jmilane wrote:
hawleyjr wrote:I love it :)

http://jameshawley.com/forum/devnet.php?IO0=HAWLEYJR

Code: Select all

/*iio=I$iO*/$i=O;/*$iIII1$=OIi1$o1OOIo=1iO1o$=Ooooii=IIIIi$oI1Io==1=*/
/*oi==O1=1OI*/$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO/*oiO111O=Ioo1iIIo1=oIi*/
/*IOI=oO=I1oi1I1Ii*/=/*1i$$O$o$iIioIii1=oI1*/$_GET['IO0']/*10$$IIoOI*/
/*OIiiOo1$$OiOO$Ii11io1ii1ioIO$$Io=1$o1OOIo=1iO1o$=Ooooii=IIO$$IIiII*/
/*1i1oiOioo$=1oi==ooOI1=O1i*/;/*oiOiOiOII1o1OI$$IIiO1o1IOOio==1=OiIi*/
/*11io1ii1ioIOIo=OI=$1$iOIiOi1iOOOIIOI1O1OI1O1OIooo1IIi1OOIO/*O1OOoo*/
/*oOOo11i1Ii*/;/*iIIOO*/$Io11ioO/*i$1$Io11=ioO=1iiooOI1=*/;/*i$1$Io1*/
/*=11IoIio=$iIOI=IoiIoii1$$$=IOO=i11$iIioI11OIoIOO=o=ii=oI$1=O=OIoi1*/
/*II=I=o1IoiIoOoOIOi111*/$IOOI1o1oIooiioOO1/*oo1$Ioi1o1$oi$oIi$=I1Ii*/
/*1iI$O=oOOo$iio$iOI*/=/*i$oIi$oOOo$iioOI*/create_function/*=I1iI$O=*/
/*=iIoIOO*/(/*i$oo=OoI1I*/'$oI1IO1o11I1IoO1IIoIOoOIooIo'/*oo==1I$=i=*/
/*O$IiO=I$IIO*/,/*$1OO11iOooO=oii1=*/'$oOiOOoo1IOI1OIIO=0/*i$I=1i$II*/
/*o=oOoi$O1oiI1o$iii$1$oi11=i=IioI1OOiI1*/;/*i11=i=IioII1Oo11=OooiII*/
/*oiIO$OO1i1oi1ioIOi1ooOoOooI*/for/*1$1oOi=iIooO11*/(/*1Oo1I=Io1=oO$*/
/*Ii=1o1iIoOo*/$oIoIO1ooIIIiIoOooOiOo111/*O1o$iii$1$oIi1i1iO1iIO1Ioo*/
/*o*/=/*==1OO*/0/*1=1$=1i=I$1iIi$II1Io1o1*/;/*1iiI1oO1$O1IOI1OI=ooIo*/
/*IiIOi/*1IOOIOo$IIO==o1OI1OOiiIo$1=i1$$i=oiI$O1IiIOioO1IOOIOo$IIO==*/
/*o$OooO=IIii$I11oOoIoo1I*/$oIoIO1ooIIIiIoOooOiOo111/*ioOOOOiOIIiOIi*/
/*i=IiOi$$1iiI1oO1$*/</*Oi=oO1IOI1=ooI=O1oIoioio=IIoo=O1o1I1oIo111OO*/
/*1IOI1=ooIoIoioio=IIooI==I$I=$OI*/strlen/*IIo11$$OoiiOi=oIO1iIoO=oO*/
/*IiI1=O1i1*/(/*oioO$i==OOoI11I==Oi*/$oI1IO1o11I1IoO1IIoIOoOIooIo/*o*/
/*o1$$iIIii=iOiOO=iio1I$=i1i*/)/*I$iO1$1OooiO1i11i$1*/;/*Io1oi1O1$o=*/
/*0*/$oIoIO1ooIIIiIoOooOiOo111/*1oii11iiOI=iIoIio$iio=O=I1Io==1=Ii1O*/
/*1I=ioi$$1OiO111IIIoI*/++/*o1I=o1o1OOooi1O=o*/)/*=oIOIoi1ii1oi11iI=*/
/*11O1o$=I=I1i=I1I=$1O=iI11oi11*/{/*OO=IO1OI1oIi1oO$$iioOoi1ioi$$oOi*/
/*1OI1oIi1oO$$iioOoi1ioi$$oOi1Io1iooOoOOoO=$I*/$oOiOOoo1IOI1OIIO/*I=*/
/*Oo1=i$i=Oo1IiiOO1=oiIOi1=$o*/++/*i1$i1O1IiOI1$Ii$oOo*/;/*iIooOO$1o*/
/*IiOOOO=IOOiOI$=ioo=I1Ii1o*/}/*=$i1I$=iO11II=Io$$o*/return /*=I1o1O*/
/*1iO1oiio$oIi*/$oOiOOoo1IOI1OIIO/*O1iI=iii=iII1IoIOIo=o$i*/;/*I=OiI*/
/*I*/'/*IO1Oo1I$ii11IoOI$i$$Oo1oIO*/)/*IoIo$IOiOIiO$o1I1OOOoiOoiO$o1*/
/*io$1o$OO1ii=oI=1I*/;/*I1=IiO11iIoOIo1i=I$iO*/for/*Oo111ioi1oIIIii$*/
/*iIIIoo1OO=IOiiiO1o=Ii=ooOIO*/(/*oO1OIIii$=1=oOIIiooiioOiOOoI=11oO1*/
/*1I1o1I$o1=oOoio1ioO1iO1=ioO1*/$Oo111Ii1OiIIioiOiI11i1Oi/*$iOIO11Oo*/
/*===O1oo==O$1IiIOi=OIiIIOOOi*/=/*Oi1I1O==i1o1IoIIOI1Io=iooo=IIOiOO0*/
/*iOi$==11OoOIiOii$IOIIii$=ioIIO*/$IOOI1o1oIooiioOO1/*I=iIOOOo$iI1o1*/
/*O$111$1IIi$iooO1oioIOO$ioo111o*/(/*11=i=o1OI$i$1O11IOOOiI$i=$$iO1i*/
/*O1=$I1$I$=OoIooIi1iIIiiioIi1oI*/$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO/*$*/
/*IOoooO1ii1o1=11ioo$oI=oOi*/)/*OIOOiOoI=ooiOio1i1=i$O=iOIo1O*/;/*O=*/
/*i1o=1=Ooi1oOI1oiIoOO$$1I*/$Oo111Ii1OiIIioiOiI11i1Oi/*oo1II1o$O1=I1*/
/*i$OIo1iI$11i=O=OIo$=oIoIi*/>=/*i1O=1O$1O=IoIo=oiIO1Io$1i*/0/*OO$Oo*/
/*Ii$Oo1$iIiI$=oo=O1IO*/;$Oo111Ii1OiIIioiOiI11i1Oi/*11iIiio1IO1iI1=$*/
/*o1Oo==i=Io111OOiOIOIOoiiI1iI$1I*/--/*I$111i=Ooii=oIoOO=*/)/*=1Oo11*/
/*o1=II1oOI$IiI$$ii1io1O$ooIO*/{/*I1iOO=iIO1$IoO=OI=oIIII*/echo /*O0*/
/*OOIII*/$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO/*ioi$IOi1=I11iOI=Ooiii$Io0$*/
/*oo=o1$oOoo$IIio=11oiO$iO1*/[/*Ioi11ioIi1=1o$oIO1oiO=ioIIoi11ioIi1=*/
/*==1iIOi$I==o11=III1iO1$O=ioI*/$Oo111Ii1OiIIioiOiI11i1Oi/*ioOOiOo$$*/
/*iI1O1I1===Oio$IiOiO1iOo11oO$$=I1o1I11OIoOI1o=iOi*/]/*oI1$=io=ioOii*/
/*iiioO1Ii1ooIOoiII$Oiii$=oi11o=iOO$=11iOIOo=iI*/;/*Ooi1=I=oiiOI1o$O*/
/*=1oIOI1o1I=iOooi1ioo=o=$iIoIi111i$$I=1IO1O1oO=o1*/}/*IOOi1=i1Io=iO*/
/*OIo1OooOo1iOoiI=IIoIo1$O=1$O1I$oIoiIiIoo=i1$=O$i1O1Ooo=1iI$OIIOIo1*/
There are pieces of my brain all over my keyboard.

Hurts.
id hate to be the php parser of this code
Not so bad if you have syntax highlighting (or a preprocessor!):
Take out the comments

Code: Select all

$i=O;
$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO=$_GET['IO0'];;
$Io11ioO;
$IOOI1o1oIooiioOO1=create_function('$oI1IO1o11I1IoO1IIoIOoOIooIo',
'$oOiOOoo1IOI1OIIO=0/*i$I=1i$II*/
/*o=oOoi$O1oiI1o$iii$1$oi11=i=IioI1OOiI1*/;/*i11=i=IioII1Oo11=OooiII*/
/*oiIO$OO1i1oi1ioIOi1ooOoOooI*/for/*1$1oOi=iIooO11*/(/*1Oo1I=Io1=oO$*/
/*Ii=1o1iIoOo*/$oIoIO1ooIIIiIoOooOiOo111/*O1o$iii$1$oIi1i1iO1iIO1Ioo*/
/*o*/=/*==1OO*/0/*1=1$=1i=I$1iIi$II1Io1o1*/;/*1iiI1oO1$O1IOI1OI=ooIo*/
/*IiIOi/*1IOOIOo$IIO==o1OI1OOiiIo$1=i1$$i=oiI$O1IiIOioO1IOOIOo$IIO==*/
/*o$OooO=IIii$I11oOoIoo1I*/$oIoIO1ooIIIiIoOooOiOo111/*ioOOOOiOIIiOIi*/
/*i=IiOi$$1iiI1oO1$*/</*Oi=oO1IOI1=ooI=O1oIoioio=IIoo=O1o1I1oIo111OO*/
/*1IOI1=ooIoIoioio=IIooI==I$I=$OI*/strlen/*IIo11$$OoiiOi=oIO1iIoO=oO*/
/*IiI1=O1i1*/(/*oioO$i==OOoI11I==Oi*/$oI1IO1o11I1IoO1IIoIOoOIooIo/*o*/
/*o1$$iIIii=iOiOO=iio1I$=i1i*/)/*I$iO1$1OooiO1i11i$1*/;/*Io1oi1O1$o=*/
/*0*/$oIoIO1ooIIIiIoOooOiOo111/*1oii11iiOI=iIoIio$iio=O=I1Io==1=Ii1O*/
/*1I=ioi$$1OiO111IIIoI*/++/*o1I=o1o1OOooi1O=o*/)/*=oIOIoi1ii1oi11iI=*/
/*11O1o$=I=I1i=I1I=$1O=iI11oi11*/{/*OO=IO1OI1oIi1oO$$iioOoi1ioi$$oOi*/
/*1OI1oIi1oO$$iioOoi1ioi$$oOi1Io1iooOoOOoO=$I*/$oOiOOoo1IOI1OIIO/*I=*/
/*Oo1=i$i=Oo1IiiOO1=oiIOi1=$o*/++/*i1$i1O1IiOI1$Ii$oOo*/;/*iIooOO$1o*/
/*IiOOOO=IOOiOI$=ioo=I1Ii1o*/}/*=$i1I$=iO11II=Io$$o*/return /*=I1o1O*/
/*1iO1oiio$oIi*/$oOiOOoo1IOI1OIIO/*O1iI=iii=iII1IoIOIo=o$i*/;/*I=OiI*/
/*I*/'
);
for($Oo111Ii1OiIIioiOiI11i1Oi=$IOOI1o1oIooiioOO1($iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO);$Oo111Ii1OiIIioiOiI11i1Oi>=0;$Oo111Ii1OiIIioiOiI11i1Oi--)
{
  echo $iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO[$Oo111Ii1OiIIioiOiI11i1Oi];
}
And then you just have that pesky create_function. Delete the quotes to get more syntax highlighting (it's a single string) and delete the rest of the comments:

Code: Select all

<?php
$i=O;
$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO=$_GET['IO0'];;
$Io11ioO;
$IOOI1o1oIooiioOO1=create_function('$oI1IO1o11I1IoO1IIoIOoOIooIo',
'$oOiOOoo1IOI1OIIO=0;
for($oIoIO1ooIIIiIoOooOiOo111=0; $oIoIO1ooIIIiIoOooOiOo111 < strlen($oI1IO1o11I1IoO1IIoIOoOIooIo); $oIoIO1ooIIIiIoOooOiOo111++)
{
  $oOiOOoo1IOI1OIIO++;
}
return $oOiOOoo1IOI1OIIO;'
);
for($Oo111Ii1OiIIioiOiI11i1Oi=$IOOI1o1oIooiioOO1($iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO);$Oo111Ii1OiIIioiOiI11i1Oi>=0;$Oo111Ii1OiIIioiOiI11i1Oi--)
{
  echo $iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO[$Oo111Ii1OiIIioiOiI11i1Oi];
}
Then replace the crazy vars with nicer names:

Code: Select all

<?php
// deleted two unused vars and extra semicolon
$string=$_GET['IO0'];
$length_of_string=create_function('$a',
'$n=0;
for($j=0; $j < strlen($a); $j++) { $n++; }
return $n;'
);
for($i=$length_of_string($string);$i>=0;$i--)
{
  echo $string[$i];
}
?>

Posted: Mon Sep 25, 2006 2:41 pm
by Mordred
The concept of obfuscating variable names using OoiIl01 for var names is very "pleasing" to the eye indeed!

A similar effect would be to extend the trick for hiding function calls I used (md5 their names; this way only get_defined_functions() is left visible). With a simple parser one can easily parse any php script (unless it uses some non-kosher tricks like the ones here of course, but I'm talking about general-purpose obfuscation here), change all variables to their md5s, replace function calls with md5 of function names (prefix with something - like '_' - to be sure they're valid) and insert an initialization loop in the beginning to cycle through the defined functions and assign them to the $_variables we want. The whole code will look like a mess of hex digits with punctuation, and the only visible function call will be get_defined_functions() ;) If the init loop is obfuscated in another manner, it would take some serious job with a debugger to see what's going on. Hint: eval code without eval() :)

Gotta try that sometimes..

Posted: Thu Sep 28, 2006 4:05 am
by RobertGonzalez
dranger, that entire code chunk was unobfuscated earlier in the thread. Have you read through the thread?

Posted: Tue Oct 03, 2006 6:47 pm
by DaveTheAve
Well I thought I had an Idea, but it doesn't want to work and I don't have the time to fix it right now.

Code: Select all

<?php

$Original = array(
	'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x',
	'y','z','0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F','G','H','I','J','K','L',
	'M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'
);


$Faked = array(
	'+Reach+','+To+','+Cat+','+Apple+','+Fox+','+Computer+','+CSS+','+Steam+','+PHP+','+Neoelite+',
	'+Love+','+Woman+','+GAIM+','+DaemonTools+','+Software+','+AMD+','+Rocks+','+You+','+Are+','+Losing+',
	'+Your+','+Mind+','+With+','+The+','+Simplicity+','+Of+','+This+','+Script+','+Winamp+','+Air+','+Cloud+',
	'+Hosting+','+Sleeping+','+Meow+','+World+','+Math+','+Phishtank+','+Google+','+Skype+','+Notebook+',
	'+X-Fi+','+Linux+','+Tux+','+ATI+','+Dual-Core+','+Newegg+','+Blacklist+','+Cars+','+Mustang+','+Kevin+',
	'+Eleven+','+King+','+Spam+','+Firefox+','+Thunderbird+','+College+','+Carrie+','+David+','+Branco+','+Red+',
	'+Wolf+','+Done+'
);

function obfuscate($string) {
	global $Original, $Faked;
	$string = base64_encode($string);
	$string = str_replace($Original, $Faked, $string);
	return $string;
}

function deobfuscate($string){
	global $Original, $Faked;
	$string = str_replace($Faked, $Original, $string);
	$string = base64_decode($string);
	return $string;
}

$test = obfuscate("David Branco");

echo $test."\n\n<hr />\n\n";

echo deobfuscate($test);

?>

Posted: Wed Oct 04, 2006 1:36 am
by dranger
Everah wrote:dranger, that entire code chunk was unobfuscated earlier in the thread. Have you read through the thread?
I have, but I missed that code snippet because I wasn't reading through the deobfuscated code before and that version didnt include any of the original code so my eyes just glossed over it when I was re-reading the thread to see if anyone else had done it.

Plus, it hadn't been done step-by-step before, either, so... :oops:

Posted: Fri Oct 06, 2006 1:20 am
by RobertGonzalez
Hey, no blood no foul. Just didn't think you wanted to duplicate work that had already been done.

Posted: Fri Dec 15, 2006 7:58 am
by Mordred
Bump?

What is the status of this undertaking?

I'm gonna explain the tricks I used these days (when I have more time) - and I surely need the time, I've forgotten half of the stuff that happens covertly ;)

Meanwhile, here's a little strrev script that is also a palindrome ;)

Code: Select all

<?php echo strrev($_GET['s'] ); // <!-- s;) --><img src=\"{SMILIES_PATH}/icon_wink.gif\" alt=\";)\" title=\"Wink\" /><!-- s;) --> ]'s'[TEG_$(verrts ohce php?<
(Of course, you gotta replace the smiley with semicolon-closing bracket)