DevNetwork Obfuscated PHP Contest 2006

Post by **onion2k** » Wed Aug 09, 2006 3:13 am

Inspired by this thread we are having an "obfuscated PHP" competition!

Obfuscated PHP:

Obfuscation is the art of making something very difficult to read. Obfuscated code is code that isn't immediately obvious to the reader what it's supposed to do. Obfuscated PHP is code written in PHP that you could look at, read, digest, and still only know what it does by running it. This isn't the same as "bad code". Obfuscated code has to be written very carefully otherwise it probably won't work.

The Contest:

Write a PHP script that will output a string backwards. The string will be passed as a _GET variable. The code must be as non-obvious as possible. It should be pretty much impossible to deduce the purpose of the script just by looking at it.

The Podium:

There are 3 winners;

3rd place - The Avrial Lavigne "Complicated!" award for the most complicated solution.
2nd place - The Kylie Minogue "Short like a tiny pixie!" award for the shortest solution.
1st place - The Jennifer Love Hewitt "OMG that's frickin' beautiful!" award for the most elegant solution.

The Rules:

1. Your code must be your own.
2. Your code must run in your own webspace so we can see it working.
3. Your code must only be ordinary PHP (Zend Optimizer is cheating).
4. Your code must be made available (duh, it's a code contest).
5. You should be able to explain how your code works in case we can't figure it out.
6. The judge's decision will be final (I'm the judge for now, might change later if people are actually interested in this).
7. All entries should be submitted as a reply to this thread in the form of a link to your script online somewhere and the source code (wrapped in

Code: Select all

tags, obviously).
8. Closing date is September 9th 2006. You've got 1 month.

Hints:

1. Think out of the box.
2. Try writing code that generates new code.
3. Eval() is your friend.
4. So is create_function().

Post by **s.dot** » Wed Aug 09, 2006 9:36 am

Alright, I gave it a shot. It could've went any direction, so I wasn't sure what to do with it.

Flaws:

For some silly reason i wrote this assuming the string would be alphabetic only. This was actually kind of tough! I don't feel like redoing it at the moment, so we'll assume it will be an alpha string.

Assumes PHP >= 5 (str_split usage)

Link: http://65.29.93.164/test.php?string=yourstringhere

Code:

Code: Select all

 
<?php
function gobble_gook($str,$rand)
{
    $ret = array();
    $lt = range('a','z');
    $n = explode($rand,$str);
    
    foreach($n AS $nn)
    {
        $ret[] = $lt[$nn];
    }
    
    return $ret;
}
 
function more_gobble_gook($arr)
{
    $lt = range('a','z');
    foreach($arr AS $l)
    {
        $ret[] = implode('',array_keys($lt,$l));
    }
    return $ret;
}
 
$randstr    = str_replace(range(0,10),'',substr(sha1(uniqid(1)),0,rand(10,15)));
$val        = chr(115).chr(116).chr(114).chr(105).chr(110).chr(103);
$var        = eval("return '\$_'.strtoupper(implode('',gobble_gook('6'.\$randstr.'4'.\$randstr.'19',\$randstr)));");
$var        = $var.'[\''.eval("return \$val;").'\']';
$var        = eval("return $var;");
$var        = implode('',array_reverse(gobble_gook(implode($randstr,more_gobble_gook(str_split($var))),$randstr)));
 
echo $var;
?>

How it works:

Firstly, a random string is generated and stripped of numbers to provide a value to explode with.
The $_GET variable name (string) is then determined with a series of chr()s.
Then "$_GET" is determined by 6-4-19 .. the position of the letters G-E-T in the alphabet, and passing them to gobble_gook() which then returns an array of the corresponding letter by exploding on the $randstr value.
That gives us "$_GET['string']" which is then eval()'d to the value of $_GET['string'].
Then we pass the value to more_gobble_gook() which returns the numeric position of each letter in the value in the alphabet.
Then, we pass this back to gobble_gook() which returns an array of every letter of the value as a single element.
Finally, we reverse that array using array_reverse() and implode it so it's a string.
Done. The string is then echo'd.

Confuse anyone else? OK, me too! Obfuscationsdlfkaon is hard:

jayshields · Post by **jayshields** » Wed Aug 09, 2006 12:11 pm

Shortest solution award is covered anyway...

Code: Select all

 
<?php
if(isset($_GET['string']) && !empty($_GET['string'])) echo strrev($_GET['string']);
?>

or just

Code: Select all

 
<?php
echo strrev($_GET['string']);
?>

Anyway, my real answer is:

Code: Select all

 
<?php
 
error_reporting(1);
 
function ui565kj5k4j65($a, $b, $c, $d, $e) {
    if($e == (($d * $c) / $b) + $a) {
        return eval("return '$'.chr(95).'G'.chr(69).'T';");
    }
}
 
if((str_word_count(ui565kj5k4j65(2, 20, 4, 5, 3)) * 89000) == (2400221254 - 2400132254)) {
    $f = 'gni6rts';
    for($i=0; $i <= substr($f, 3, 1); $i++) {
        $f .= $f{(substr($f, 3, 1)+1)-$i};
    }
    
    $g = html_entity_decode(eval("return ui565kj5k4j65(2, 20, 4, 5, 3).'[\''.substr($f, 7, 3).substr($f, 11).'g'.'\']';"));
    $h = eval("return $g;");
 
    $x = 0;
    while(TRUE && isset($h) && !empty($h)) {
        $h .= $h{(strlen($h)-($x*2))-1};
        $x++;
        if($x == (strlen($h)-$x)) break;
    }
    echo substr($h, strlen($h)/2);
}
 
?>

Test URL: http://www.jay-designs.co.uk/misc/stringreverse.php (turns out it doesn't work, lol, cos it's not a PHP5 server maybe. I don't have a PHP5 server available except my home machine that I developed it on, but my IP changes every so often. If you're lucky enough to catch it on this IP, the URL is http://81.96.250.46/stringreverse.php).

That took me the best part of 2 hours, lol.

feyd · Post by **feyd** » Wed Aug 09, 2006 12:14 pm

jayshields wrote:Shortest solution award is covered anyway...

Code: Select all

 
<?php
if(isset($_GET['string']) && !empty($_GET['string'])) echo strrev($_GET['string']);
?>

or just

Code: Select all

 
<?php
echo strrev($_GET['string']); //If you like to give noobs PHP notices <!-- s:P --><img src=\"{SMILIES_PATH}/icon_razz.gif\" alt=\":P\" title=\"Razz\" /><!-- s:P -->
?>

onion2k wrote:Obfuscated code is code that isn't immediately obvious to the reader what it's supposed to do.

DrTom · Post by **DrTom** » Wed Aug 09, 2006 12:21 pm

Well, here's the solution I came up with.. Not overly obfuscated but yeah
http://www.grishlan.com/rev.php?string=thisismystring
and the code

Code: Select all

 
if(strlen($_GET['string']) < 1)
    return;
eval(strtolower(substr("\$_GET(\'string\']",3,1)).substr("chr($_GET(\'string\'))",0,2).
    strtolower(substr('$_POST[\'string\']',3,1)).'('.substr('$_GET[\'string\']',7,3).
    strtolower(substr("\$_REQUEST[\'string\']",2,2)).
    chr(ord(substr(unpack('c1',0110000111001101),4))-3)."(".$_GET['string']."));");

I kinda trimmed it up so that it fits i nthe forums but thats my answer

oh How it works
It generates an eval(echo(strrev(string)));
Not too complicated

jayshields · Post by **jayshields** » Wed Aug 09, 2006 12:22 pm

feyd wrote:
jayshields wrote:Shortest solution award is covered anyway...
Code: Select all
 
<?php
if(isset($_GET['string']) && !empty($_GET['string'])) echo strrev($_GET['string']);
?>
 
or just
Code: Select all
 
<?php
echo strrev($_GET['string']); //If you like to give noobs PHP notices <img src=\"{SMILIES_PATH}/icon_razz.gif\" alt=\":P\" title=\"Razz\" />
?>
 
onion2k wrote:Obfuscated code is code that isn't immediately obvious to the reader what it's supposed to do.

Yeah, I saw that, but then how can you define "code that isn't immediately obvious to the reader what it's supposed to do"? Surely, it depends who's looking at it. As far as I'm concerned, if my mum read my script for the shortest way, she wouldn't know what it was supposed to do

feyd · Post by **feyd** » Wed Aug 09, 2006 12:40 pm

We are the observers, jay.

Post by **Chris Corbyn** » Wed Aug 09, 2006 12:52 pm

Code: Select all

<?php eval(base64_decode('JHJlbD0nRSA9IG0qY14yJzskYW5zPT'.
'QyOyRmPW51bGw7JF8xXz1vcmQocHJl'.
'Z19yZXBsYWNlKCcvLipcKiguKS4qLy'.
'csJ1xcMScsJHJlbCkpOwokYT1zdWJz'.
'dHIoJF8xXywwLDEpOyRiPXN1YnN0ci'.
'gkXzFfLC0xKTskeD0xOyRnPSYkZjsk'.
'bD1jaHIoJGEuJHgpOyR4Kz0yOyRyPW'.
'NocigkYi4keCk7JHgrPTI7CiR1PWNo'.
'cigocG93KCRhLDIpLyRiKS4keCk7Ci'.
'R3cz0mJGFuczskeT05OyRnPWV2YWwo'.
'c3RyX3JlcGxhY2UoY2hyKCR5KSxjaH'.
'IoJHkqKCR5KygxLzMpKSksJ3JldHVy'.
'biBAJy5jaHIocG93KCsrJHgsMikpLi'.
'R1LidHJy5zdWJzdHIoJHJlbCwwLDEp'.
'LiIJIi4kbC4nInEiJy4kci4nOycpKT'.
'sgJHgtPTM7aWYoJGYpeyRhbnM9YXJy'.
'YXlfc2xpY2UocHJlZ19zcGxpdChzdH'.
'JfcmVwZWF0KGNocigieyR4fTQiKSwy'.
'KSwkZiksMSwtMSk7Zm9yKCRpPW1heC'.
'hhcnJheV9rZXlzKCRhbnMpKTskaT4k'.
'eC00OyRpLS0pZXZhbCgnZScuY2hyKC'.
'RfMV8pLidobyAkd3MnLiRsLiRpLiRy'.
'Lic7Jyk7fQ==')); ?>

Good luck!!

EDIT | You run it as http://foo/script.php?q=word

feyd | had to break the string apart to fit our pages.

Jenk · Post by **Jenk** » Wed Aug 09, 2006 1:44 pm

one liners ftw.. though I've split it to fit pages.. btw - run at your own risk, and you'll need to set execution time really, really high.

Code: Select all

<?php $a='c';$b='y';$c='3';$d='R';${base64_decode(($x=$a).($z=$c).($w=$d).($y=$b))}=
'VmpKNGExUXlTWGxUYWxaU1ZucFdWVlZxUm1GbGJHeHlXWHBTWVUxV2JEVlVNV2h6WVZaSmVGSnRPVlJpYmtJMlZVWkZPVkJSUFQwPQ==';
for ($i = 0; $i < 5;$i++){
${base64_decode(($j=$x).($i=$z).($h=$w).($k=$y))}=
base64_decode(${base64_decode(($s=$j).($t=$i).($u=$h).($v=$k))});}
eval(${base64_decode(($m=$s).($n=$t).($p=$u).($o=$v))});?>

Post by **RobertGonzalez** » Wed Aug 09, 2006 2:05 pm

Code: Select all

<?php 
$s = ( isset($_GET['s']) ) ? $_GET['s'] : ''; $sd = ( isset($_GET['s']) ); $sc = strlen($s); $sn = ''; $se = ''; $y = $sc - 1; 
while ($y >= 0) { $sn .= $s{$y}; $y -=1; } 
if ($sd) $se = $sn; echo $se; 
?>

Live at http://www.codecompare.com/so.php. If nothing is passed to it, it returns a blank screen. If ?s=somestring is passed to it, it reverses it.

EDIT | Modified to make it smaller. Now it is 218 Bytes.

hawleyjr · Post by **hawleyjr** » Wed Aug 09, 2006 3:23 pm

I love it

http://jameshawley.com/forum/devnet.php?IO0=HAWLEYJR

Code: Select all

/*iio=I$iO*/$i=O;/*$iIII1$=OIi1$o1OOIo=1iO1o$=Ooooii=IIIIi$oI1Io==1=*/
/*oi==O1=1OI*/$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO/*oiO111O=Ioo1iIIo1=oIi*/
/*IOI=oO=I1oi1I1Ii*/=/*1i$$O$o$iIioIii1=oI1*/$_GET['IO0']/*10$$IIoOI*/
/*OIiiOo1$$OiOO$Ii11io1ii1ioIO$$Io=1$o1OOIo=1iO1o$=Ooooii=IIO$$IIiII*/
/*1i1oiOioo$=1oi==ooOI1=O1i*/;/*oiOiOiOII1o1OI$$IIiO1o1IOOio==1=OiIi*/
/*11io1ii1ioIOIo=OI=$1$iOIiOi1iOOOIIOI1O1OI1O1OIooo1IIi1OOIO/*O1OOoo*/
/*oOOo11i1Ii*/;/*iIIOO*/$Io11ioO/*i$1$Io11=ioO=1iiooOI1=*/;/*i$1$Io1*/
/*=11IoIio=$iIOI=IoiIoii1$$$=IOO=i11$iIioI11OIoIOO=o=ii=oI$1=O=OIoi1*/
/*II=I=o1IoiIoOoOIOi111*/$IOOI1o1oIooiioOO1/*oo1$Ioi1o1$oi$oIi$=I1Ii*/
/*1iI$O=oOOo$iio$iOI*/=/*i$oIi$oOOo$iioOI*/create_function/*=I1iI$O=*/
/*=iIoIOO*/(/*i$oo=OoI1I*/'$oI1IO1o11I1IoO1IIoIOoOIooIo'/*oo==1I$=i=*/
/*O$IiO=I$IIO*/,/*$1OO11iOooO=oii1=*/'$oOiOOoo1IOI1OIIO=0/*i$I=1i$II*/
/*o=oOoi$O1oiI1o$iii$1$oi11=i=IioI1OOiI1*/;/*i11=i=IioII1Oo11=OooiII*/
/*oiIO$OO1i1oi1ioIOi1ooOoOooI*/for/*1$1oOi=iIooO11*/(/*1Oo1I=Io1=oO$*/
/*Ii=1o1iIoOo*/$oIoIO1ooIIIiIoOooOiOo111/*O1o$iii$1$oIi1i1iO1iIO1Ioo*/
/*o*/=/*==1OO*/0/*1=1$=1i=I$1iIi$II1Io1o1*/;/*1iiI1oO1$O1IOI1OI=ooIo*/
/*IiIOi/*1IOOIOo$IIO==o1OI1OOiiIo$1=i1$$i=oiI$O1IiIOioO1IOOIOo$IIO==*/
/*o$OooO=IIii$I11oOoIoo1I*/$oIoIO1ooIIIiIoOooOiOo111/*ioOOOOiOIIiOIi*/
/*i=IiOi$$1iiI1oO1$*/</*Oi=oO1IOI1=ooI=O1oIoioio=IIoo=O1o1I1oIo111OO*/
/*1IOI1=ooIoIoioio=IIooI==I$I=$OI*/strlen/*IIo11$$OoiiOi=oIO1iIoO=oO*/
/*IiI1=O1i1*/(/*oioO$i==OOoI11I==Oi*/$oI1IO1o11I1IoO1IIoIOoOIooIo/*o*/
/*o1$$iIIii=iOiOO=iio1I$=i1i*/)/*I$iO1$1OooiO1i11i$1*/;/*Io1oi1O1$o=*/
/*0*/$oIoIO1ooIIIiIoOooOiOo111/*1oii11iiOI=iIoIio$iio=O=I1Io==1=Ii1O*/
/*1I=ioi$$1OiO111IIIoI*/++/*o1I=o1o1OOooi1O=o*/)/*=oIOIoi1ii1oi11iI=*/
/*11O1o$=I=I1i=I1I=$1O=iI11oi11*/{/*OO=IO1OI1oIi1oO$$iioOoi1ioi$$oOi*/
/*1OI1oIi1oO$$iioOoi1ioi$$oOi1Io1iooOoOOoO=$I*/$oOiOOoo1IOI1OIIO/*I=*/
/*Oo1=i$i=Oo1IiiOO1=oiIOi1=$o*/++/*i1$i1O1IiOI1$Ii$oOo*/;/*iIooOO$1o*/
/*IiOOOO=IOOiOI$=ioo=I1Ii1o*/}/*=$i1I$=iO11II=Io$$o*/return /*=I1o1O*/
/*1iO1oiio$oIi*/$oOiOOoo1IOI1OIIO/*O1iI=iii=iII1IoIOIo=o$i*/;/*I=OiI*/
/*I*/'/*IO1Oo1I$ii11IoOI$i$$Oo1oIO*/)/*IoIo$IOiOIiO$o1I1OOOoiOoiO$o1*/
/*io$1o$OO1ii=oI=1I*/;/*I1=IiO11iIoOIo1i=I$iO*/for/*Oo111ioi1oIIIii$*/
/*iIIIoo1OO=IOiiiO1o=Ii=ooOIO*/(/*oO1OIIii$=1=oOIIiooiioOiOOoI=11oO1*/
/*1I1o1I$o1=oOoio1ioO1iO1=ioO1*/$Oo111Ii1OiIIioiOiI11i1Oi/*$iOIO11Oo*/
/*===O1oo==O$1IiIOi=OIiIIOOOi*/=/*Oi1I1O==i1o1IoIIOI1Io=iooo=IIOiOO0*/
/*iOi$==11OoOIiOii$IOIIii$=ioIIO*/$IOOI1o1oIooiioOO1/*I=iIOOOo$iI1o1*/
/*O$111$1IIi$iooO1oioIOO$ioo111o*/(/*11=i=o1OI$i$1O11IOOOiI$i=$$iO1i*/
/*O1=$I1$I$=OoIooIi1iIIiiioIi1oI*/$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO/*$*/
/*IOoooO1ii1o1=11ioo$oI=oOi*/)/*OIOOiOoI=ooiOio1i1=i$O=iOIo1O*/;/*O=*/
/*i1o=1=Ooi1oOI1oiIoOO$$1I*/$Oo111Ii1OiIIioiOiI11i1Oi/*oo1II1o$O1=I1*/
/*i$OIo1iI$11i=O=OIo$=oIoIi*/>=/*i1O=1O$1O=IoIo=oiIO1Io$1i*/0/*OO$Oo*/
/*Ii$Oo1$iIiI$=oo=O1IO*/;$Oo111Ii1OiIIioiOiI11i1Oi/*11iIiio1IO1iI1=$*/
/*o1Oo==i=Io111OOiOIOIOoiiI1iI$1I*/--/*I$111i=Ooii=oIoOO=*/)/*=1Oo11*/
/*o1=II1oOI$IiI$$ii1io1O$ooIO*/{/*I1iOO=iIO1$IoO=OI=oIIII*/echo /*O0*/
/*OOIII*/$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO/*ioi$IOi1=I11iOI=Ooiii$Io0$*/
/*oo=o1$oOoo$IIio=11oiO$iO1*/[/*Ioi11ioIi1=1o$oIO1oiO=ioIIoi11ioIi1=*/
/*==1iIOi$I==o11=III1iO1$O=ioI*/$Oo111Ii1OiIIioiOiI11i1Oi/*ioOOiOo$$*/
/*iI1O1I1===Oio$IiOiO1iOo11oO$$=I1o1I11OIoOI1o=iOi*/]/*oI1$=io=ioOii*/
/*iiioO1Ii1ooIOoiII$Oiii$=oi11o=iOO$=11iOIOo=iI*/;/*Ooi1=I=oiiOI1o$O*/
/*=1oIOI1o1I=iOooi1ioo=o=$iIoIi111i$$I=1IO1O1oO=o1*/}/*IOOi1=i1Io=iO*/
/*OIo1OooOo1iOoiI=IIoIo1$O=1$O1I$oIoiIiIoo=i1$=O$i1O1Ooo=1iI$OIIOIo1*/

Post by **onion2k** » Wed Aug 09, 2006 3:25 pm

Nice Hawleyjr, very nice.

Post by **RobertGonzalez** » Wed Aug 09, 2006 3:27 pm

That is freaking awesome. I am so stealing that idea.

infolock · Post by **infolock** » Wed Aug 09, 2006 3:28 pm

Code: Select all

 
<?php
echo z73a($_GET['string']);
function z73a($j) {
  $b1    = strlen('$x=0;$x+');
  $hw    = strlen($j);
  for($x = 0; $x < $hw; $x++) $eax0d .= str_pad(decbin(ord($j{$x})), $b1, '0', STR_PAD_LEFT);
  if(strlen($eax0d)%$b1) return false;
  $hw = strlen($eax0d);
  for($x=0; $x<$hw; $x += $b1) $o0 .= chr(bindec(substr($eax0d, $x, $b1)));
  return strrev($o0);
}
?>

oops, live at :

http://jon-ip.clearchannel.com/bob.php?string=testme

jayshields · Post by **jayshields** » Wed Aug 09, 2006 3:38 pm

@hawley: I don't get it. Is this a variant of that brainf*ck language thing? I was gunna attempt something like that but it said pure PHP only. Your test page just shows a weird string. How do I reverse a string?