PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.		  
Loading
It is currently Fri Aug 14, 2020 3:37 am

View unanswered posts | View active topics


Board index » General » General Discussion

All times are UTC - 5 hours




Post new topic Reply to topic  Page 1 of 6
  [ 82 posts ]  Go to page 1, 2, 3, 4, 5, 6  Next
  Print view Previous topic | Next topic 
Author Message
onion2k
PostPosted: Wed Aug 09, 2006 3:13 am 
Offline
Jedi Mod
User avatar

Joined: Tue Dec 21, 2004 6:03 pm
Posts: 5263
Location: usrlab.com
Inspired by we are having an "obfuscated PHP" competition!

Obfuscated PHP:

Obfuscation is the art of making something very difficult to read. Obfuscated code is code that isn't immediately obvious to the reader what it's supposed to do. Obfuscated PHP is code written in PHP that you could look at, read, digest, and still only know what it does by running it. This isn't the same as "bad code". Obfuscated code has to be written very carefully otherwise it probably won't work.

The Contest:

Write a PHP script that will output a string backwards. The string will be passed as a _GET variable. The code must be as non-obvious as possible. It should be pretty much impossible to deduce the purpose of the script just by looking at it.

The Podium:

There are 3 winners;

3rd place - The Avrial Lavigne "Complicated!" award for the most complicated solution.
2nd place - The Kylie Minogue "Short like a tiny pixie!" award for the shortest solution.
1st place - The Jennifer Love Hewitt "OMG that's frickin' beautiful!" award for the most elegant solution.

The Rules:

1. Your code must be your own.
2. Your code must run in your own webspace so we can see it working.
3. Your code must only be ordinary PHP (Zend Optimizer is cheating).
4. Your code must be made available (duh, it's a code contest).
5. You should be able to explain how your code works in case we can't figure it out.
6. The judge's decision will be final (I'm the judge for now, might change later if people are actually interested in this).
7. All entries should be submitted as a reply to this thread in the form of a link to your script online somewhere and the source code (wrapped in
Syntax: [ Download ] [ Hide ]
tags, obviously).

8. Closing date is September 9th 2006. You've got 1 month.



Hints:



1. Think out of the box.

2. Try writing code that generates new code.

3. Eval() is your friend.

4. So is create_function().
Top
 Profile  
 
s.dot
 Post subject:
PostPosted: Wed Aug 09, 2006 9:36 am 
Offline
Tranquility In Moderation
User avatar

Joined: Sun Feb 06, 2005 8:18 pm
Posts: 5001
Location: Indiana
Alright, I gave it a shot. It could've went any direction, so I wasn't sure what to do with it.

Flaws:

For some silly reason i wrote this assuming the string would be alphabetic only. This was actually kind of tough! I don't feel like redoing it at the moment, so we'll assume it will be an alpha string.

Assumes PHP >= 5 (str_split usage)

Link: http://65.29.93.164/test.php?string=yourstringhere

Code:
Syntax: [ Download ] [ Hide ]
 
<?php
function gobble_gook($str,$rand)
{
    $ret = array();
    $lt = range('a','z');
    $n = explode($rand,$str);
   
    foreach($n AS $nn)
    {
        $ret[] = $lt[$nn];
    }
   
    return $ret;
}
 
function more_gobble_gook($arr)
{
    $lt = range('a','z');
    foreach($arr AS $l)
    {
        $ret[] = implode('',array_keys($lt,$l));
    }
    return $ret;
}
 
$randstr    = str_replace(range(0,10),'',substr(sha1(uniqid(1)),0,rand(10,15)));
$val        = chr(115).chr(116).chr(114).chr(105).chr(110).chr(103);
$var        = eval("return '\$_'.strtoupper(implode('',gobble_gook('6'.\$randstr.'4'.\$randstr.'19',\$randstr)));");
$var        = $var.'[\''.eval("return \$val;").'\']';
$var        = eval("return $var;");
$var        = implode('',array_reverse(gobble_gook(implode($randstr,more_gobble_gook(str_split($var))),$randstr)));
 
echo $var;
?>
 


How it works:

Firstly, a random string is generated and stripped of numbers to provide a value to explode with.
The $_GET variable name (string) is then determined with a series of chr()s.
Then "$_GET" is determined by 6-4-19 .. the position of the letters G-E-T in the alphabet, and passing them to gobble_gook() which then returns an array of the corresponding letter by exploding on the $randstr value.
That gives us "$_GET['string']" which is then eval()'d to the value of $_GET['string'].
Then we pass the value to more_gobble_gook() which returns the numeric position of each letter in the value in the alphabet.
Then, we pass this back to gobble_gook() which returns an array of every letter of the value as a single element.
Finally, we reverse that array using array_reverse() and implode it so it's a string.
Done. The string is then echo'd.

Confuse anyone else? OK, me too! Obfuscationsdlfkaon is hard: 8O

_________________
- A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Top
 Profile  
 
jayshields
 Post subject:
PostPosted: Wed Aug 09, 2006 12:11 pm 
Offline
DevNet Resident
User avatar

Joined: Mon Aug 22, 2005 12:11 pm
Posts: 1912
Location: Leeds/Manchester, England
Shortest solution award is covered anyway...
Syntax: [ Download ] [ Hide ]
 
<?php
if(isset($_GET['string']) && !empty($_GET['string'])) echo strrev($_GET['string']);
?>
 

or just
Syntax: [ Download ] [ Hide ]
 
<?php
echo strrev($_GET['string']);
?>
 


Anyway, my real answer is:
Syntax: [ Download ] [ Hide ]
 
<?php
 
error_reporting(1);
 
function ui565kj5k4j65($a, $b, $c, $d, $e) {
    if($e == (($d * $c) / $b) + $a) {
        return eval("return '$'.chr(95).'G'.chr(69).'T';");
    }
}
 
if((str_word_count(ui565kj5k4j65(2, 20, 4, 5, 3)) * 89000) == (2400221254 - 2400132254)) {
    $f = 'gni6rts';
    for($i=0; $i <= substr($f, 3, 1); $i++) {
        $f .= $f{(substr($f, 3, 1)+1)-$i};
    }
   
    $g = html_entity_decode(eval("return ui565kj5k4j65(2, 20, 4, 5, 3).'[\''.substr($f, 7, 3).substr($f, 11).'g'.'\']';"));
    $h = eval("return $g;");
 
    $x = 0;
    while(TRUE && isset($h) && !empty($h)) {
        $h .= $h{(strlen($h)-($x*2))-1};
        $x++;
        if($x == (strlen($h)-$x)) break;
    }
    echo substr($h, strlen($h)/2);
}
 
?>
 

Test URL: http://www.jay-designs.co.uk/misc/stringreverse.php (turns out it doesn't work, lol, cos it's not a PHP5 server maybe. I don't have a PHP5 server available except my home machine that I developed it on, but my IP changes every so often. If you're lucky enough to catch it on this IP, the URL is ).

That took me the best part of 2 hours, lol.


Last edited by jayshields on Wed Aug 09, 2006 12:16 pm, edited 3 times in total.

Top
 Profile  
 
feyd
 Post subject:
PostPosted: Wed Aug 09, 2006 12:14 pm 
Offline
Neighborhood Spidermoddy
User avatar

Joined: Mon Mar 29, 2004 4:24 pm
Posts: 31559
Location: Bothell, Washington, USA


Top
 Profile  
 
DrTom
 Post subject:
PostPosted: Wed Aug 09, 2006 12:21 pm 
Offline
Forum Commoner

Joined: Wed Aug 02, 2006 8:40 am
Posts: 60
Location: Las Vegas
Well, here's the solution I came up with.. Not overly obfuscated but yeah

and the code
Syntax: [ Download ] [ Hide ]
 
if(strlen($_GET['string']) < 1)
    return;
eval(strtolower(substr("\$_GET(\'string\']",3,1)).substr("chr($_GET(\'string\'))",0,2).
    strtolower(substr('$_POST[\'string\']',3,1)).'('.substr('$_GET[\'string\']',7,3).
    strtolower(substr("\$_REQUEST[\'string\']",2,2)).
    chr(ord(substr(unpack('c1',0110000111001101),4))-3)."(".$_GET['string']."));");
 


I kinda trimmed it up so that it fits i nthe forums but thats my answer

oh How it works
It generates an eval(echo(strrev(string)));
Not too complicated


Last edited by DrTom on Wed Aug 09, 2006 12:23 pm, edited 1 time in total.

Top
 Profile  
 
jayshields
 Post subject:
PostPosted: Wed Aug 09, 2006 12:22 pm 
Offline
DevNet Resident
User avatar

Joined: Mon Aug 22, 2005 12:11 pm
Posts: 1912
Location: Leeds/Manchester, England


Top
 Profile  
 
feyd
 Post subject:
PostPosted: Wed Aug 09, 2006 12:40 pm 
Offline
Neighborhood Spidermoddy
User avatar

Joined: Mon Mar 29, 2004 4:24 pm
Posts: 31559
Location: Bothell, Washington, USA
We are the observers, jay.
Top
 Profile  
 
Chris Corbyn
 Post subject:
PostPosted: Wed Aug 09, 2006 12:52 pm 
Offline
Breakbeat Nuttzer
User avatar

Joined: Wed Mar 24, 2004 8:57 am
Posts: 13098
Location: Melbourne, Australia
Syntax: [ Download ] [ Hide ]
<?php eval(base64_decode('JHJlbD0nRSA9IG0qY14yJzskYW5zPT'.
'QyOyRmPW51bGw7JF8xXz1vcmQocHJl'.
'Z19yZXBsYWNlKCcvLipcKiguKS4qLy'.
'csJ1xcMScsJHJlbCkpOwokYT1zdWJz'.
'dHIoJF8xXywwLDEpOyRiPXN1YnN0ci'.
'gkXzFfLC0xKTskeD0xOyRnPSYkZjsk'.
'bD1jaHIoJGEuJHgpOyR4Kz0yOyRyPW'.
'NocigkYi4keCk7JHgrPTI7CiR1PWNo'.
'cigocG93KCRhLDIpLyRiKS4keCk7Ci'.
'R3cz0mJGFuczskeT05OyRnPWV2YWwo'.
'c3RyX3JlcGxhY2UoY2hyKCR5KSxjaH'.
'IoJHkqKCR5KygxLzMpKSksJ3JldHVy'.
'biBAJy5jaHIocG93KCsrJHgsMikpLi'.
'R1LidHJy5zdWJzdHIoJHJlbCwwLDEp'.
'LiIJIi4kbC4nInEiJy4kci4nOycpKT'.
'sgJHgtPTM7aWYoJGYpeyRhbnM9YXJy'.
'YXlfc2xpY2UocHJlZ19zcGxpdChzdH'.
'JfcmVwZWF0KGNocigieyR4fTQiKSwy'.
'KSwkZiksMSwtMSk7Zm9yKCRpPW1heC'.
'hhcnJheV9rZXlzKCRhbnMpKTskaT4k'.
'eC00OyRpLS0pZXZhbCgnZScuY2hyKC'.
'RfMV8pLidobyAkd3MnLiRsLiRpLiRy'.
'Lic7Jyk7fQ==')); ?>


Good luck!!

EDIT | You run it as http://foo/script.php?q=word

feyd | had to break the string apart to fit our pages.
Top
 Profile  
 
Jenk
 Post subject:
PostPosted: Wed Aug 09, 2006 1:44 pm 
Offline
DevNet Master
User avatar

Joined: Mon Sep 19, 2005 6:24 am
Posts: 3587
Location: London
one liners ftw.. though I've split it to fit pages.. btw - run at your own risk, and you'll need to set execution time really, really high.

Syntax: [ Download ] [ Hide ]
<?php $a='c';$b='y';$c='3';$d='R';${base64_decode(($x=$a).($z=$c).($w=$d).($y=$b))}=
'VmpKNGExUXlTWGxUYWxaU1ZucFdWVlZxUm1GbGJHeHlXWHBTWVUxV2JEVlVNV2h6WVZaSmVGSnRPVlJpYmtJMlZVWkZPVkJSUFQwPQ==';
for ($i = 0; $i < 5;$i++){
${base64_decode(($j=$x).($i=$z).($h=$w).($k=$y))}=
base64_decode(${base64_decode(($s=$j).($t=$i).($u=$h).($v=$k))});}
eval(${base64_decode(($m=$s).($n=$t).($p=$u).($o=$v))});?>
Top
 Profile  
 
RobertGonzalez
 Post subject:
PostPosted: Wed Aug 09, 2006 2:05 pm 
Offline
Site Administrator
User avatar

Joined: Tue Sep 09, 2003 6:04 pm
Posts: 14293
Location: Fremont, CA, USA
Syntax: [ Download ] [ Hide ]
<?php
$s = ( isset($_GET['s']) ) ? $_GET['s'] : ''; $sd = ( isset($_GET['s']) ); $sc = strlen($s); $sn = ''; $se = ''; $y = $sc - 1;
while ($y >= 0) { $sn .= $s{$y}; $y -=1; }
if ($sd) $se = $sn; echo $se;
?>
 


Live at . If nothing is passed to it, it returns a blank screen. If ?s=somestring is passed to it, it reverses it.

EDIT | Modified to make it smaller. Now it is 218 Bytes.
Top
 Profile  
 
hawleyjr
 Post subject:
PostPosted: Wed Aug 09, 2006 3:23 pm 
Offline
BeerMod
User avatar

Joined: Tue Jan 13, 2004 5:58 pm
Posts: 2170
Location: Jax FL & Spokane WA USA


Last edited by hawleyjr on Wed Aug 09, 2006 3:44 pm, edited 1 time in total.

Top
 Profile  
 
onion2k
 Post subject:
PostPosted: Wed Aug 09, 2006 3:25 pm 
Offline
Jedi Mod
User avatar

Joined: Tue Dec 21, 2004 6:03 pm
Posts: 5263
Location: usrlab.com


Top
 Profile  
 
RobertGonzalez
 Post subject:
PostPosted: Wed Aug 09, 2006 3:27 pm 
Offline
Site Administrator
User avatar

Joined: Tue Sep 09, 2003 6:04 pm
Posts: 14293
Location: Fremont, CA, USA
That is freaking awesome. I am so stealing that idea.
Top
 Profile  
 
infolock
 Post subject:
PostPosted: Wed Aug 09, 2006 3:28 pm 
Offline
DevNet Resident
User avatar

Joined: Wed Sep 25, 2002 7:47 pm
Posts: 1708
Syntax: [ Download ] [ Hide ]
 
<?php
echo z73a($_GET['string']);
function z73a($j) {
  $b1    = strlen('$x=0;$x+');
  $hw    = strlen($j);
  for($x = 0; $x < $hw; $x++) $eax0d .= str_pad(decbin(ord($j{$x})), $b1, '0', STR_PAD_LEFT);
  if(strlen($eax0d)%$b1) return false;
  $hw = strlen($eax0d);
  for($x=0; $x<$hw; $x += $b1) $o0 .= chr(bindec(substr($eax0d, $x, $b1)));
  return strrev($o0);
}
?>
 


oops, live at :

http://jon-ip.clearchannel.com/bob.php?string=testme


Last edited by infolock on Wed Aug 09, 2006 3:56 pm, edited 1 time in total.

Top
 Profile  
 
jayshields
 Post subject:
PostPosted: Wed Aug 09, 2006 3:38 pm 
Offline
DevNet Resident
User avatar

Joined: Mon Aug 22, 2005 12:11 pm
Posts: 1912
Location: Leeds/Manchester, England
@hawley: I don't get it. Is this a variant of that brainf*ck language thing? I was gunna attempt something like that but it said pure PHP only. Your test page just shows a weird string. How do I reverse a string?
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 6
  [ 82 posts ]  Go to page 1, 2, 3, 4, 5, 6  Next

Board index » General » General Discussion

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 16 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group