DevNetwork Obfuscated PHP Contest 2006

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

DevNetwork Obfuscated PHP Contest 2006

Post by onion2k »

Inspired by this thread we are having an "obfuscated PHP" competition!

Obfuscated PHP:

Obfuscation is the art of making something very difficult to read. Obfuscated code is code that isn't immediately obvious to the reader what it's supposed to do. Obfuscated PHP is code written in PHP that you could look at, read, digest, and still only know what it does by running it. This isn't the same as "bad code". Obfuscated code has to be written very carefully otherwise it probably won't work.

The Contest:

Write a PHP script that will output a string backwards. The string will be passed as a _GET variable. The code must be as non-obvious as possible. It should be pretty much impossible to deduce the purpose of the script just by looking at it.

The Podium:

There are 3 winners;

3rd place - The Avrial Lavigne "Complicated!" award for the most complicated solution.
2nd place - The Kylie Minogue "Short like a tiny pixie!" award for the shortest solution.
1st place - The Jennifer Love Hewitt "OMG that's frickin' beautiful!" award for the most elegant solution.

The Rules:

1. Your code must be your own.
2. Your code must run in your own webspace so we can see it working.
3. Your code must only be ordinary PHP (Zend Optimizer is cheating).
4. Your code must be made available (duh, it's a code contest).
5. You should be able to explain how your code works in case we can't figure it out.
6. The judge's decision will be final (I'm the judge for now, might change later if people are actually interested in this).
7. All entries should be submitted as a reply to this thread in the form of a link to your script online somewhere and the source code (wrapped in

Code: Select all

tags, obviously).
8. Closing date is September 9th 2006. You've got 1 month.

Hints:

1. Think out of the box.
2. Try writing code that generates new code.
3. Eval() is your friend.
4. So is create_function().
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Alright, I gave it a shot. It could've went any direction, so I wasn't sure what to do with it.

Flaws:

For some silly reason i wrote this assuming the string would be alphabetic only. This was actually kind of tough! I don't feel like redoing it at the moment, so we'll assume it will be an alpha string.

Assumes PHP >= 5 (str_split usage)

Link: http://65.29.93.164/test.php?string=yourstringhere

Code:

Code: Select all

 
<?php
function gobble_gook($str,$rand)
{
    $ret = array();
    $lt = range('a','z');
    $n = explode($rand,$str);
    
    foreach($n AS $nn)
    {
        $ret[] = $lt[$nn];
    }
    
    return $ret;
}
 
function more_gobble_gook($arr)
{
    $lt = range('a','z');
    foreach($arr AS $l)
    {
        $ret[] = implode('',array_keys($lt,$l));
    }
    return $ret;
}
 
$randstr    = str_replace(range(0,10),'',substr(sha1(uniqid(1)),0,rand(10,15)));
$val        = chr(115).chr(116).chr(114).chr(105).chr(110).chr(103);
$var        = eval("return '\$_'.strtoupper(implode('',gobble_gook('6'.\$randstr.'4'.\$randstr.'19',\$randstr)));");
$var        = $var.'[\''.eval("return \$val;").'\']';
$var        = eval("return $var;");
$var        = implode('',array_reverse(gobble_gook(implode($randstr,more_gobble_gook(str_split($var))),$randstr)));
 
echo $var;
?>
 
How it works:

Firstly, a random string is generated and stripped of numbers to provide a value to explode with.
The $_GET variable name (string) is then determined with a series of chr()s.
Then "$_GET" is determined by 6-4-19 .. the position of the letters G-E-T in the alphabet, and passing them to gobble_gook() which then returns an array of the corresponding letter by exploding on the $randstr value.
That gives us "$_GET['string']" which is then eval()'d to the value of $_GET['string'].
Then we pass the value to more_gobble_gook() which returns the numeric position of each letter in the value in the alphabet.
Then, we pass this back to gobble_gook() which returns an array of every letter of the value as a single element.
Finally, we reverse that array using array_reverse() and implode it so it's a string.
Done. The string is then echo'd.

Confuse anyone else? OK, me too! Obfuscationsdlfkaon is hard: 8O
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

Shortest solution award is covered anyway...

Code: Select all

 
<?php
if(isset($_GET['string']) && !empty($_GET['string'])) echo strrev($_GET['string']);
?>
 
or just

Code: Select all

 
<?php
echo strrev($_GET['string']);
?>
 
Anyway, my real answer is:

Code: Select all

 
<?php
 
error_reporting(1);
 
function ui565kj5k4j65($a, $b, $c, $d, $e) {
    if($e == (($d * $c) / $b) + $a) {
        return eval("return '$'.chr(95).'G'.chr(69).'T';");
    }
}
 
if((str_word_count(ui565kj5k4j65(2, 20, 4, 5, 3)) * 89000) == (2400221254 - 2400132254)) {
    $f = 'gni6rts';
    for($i=0; $i <= substr($f, 3, 1); $i++) {
        $f .= $f{(substr($f, 3, 1)+1)-$i};
    }
    
    $g = html_entity_decode(eval("return ui565kj5k4j65(2, 20, 4, 5, 3).'[\''.substr($f, 7, 3).substr($f, 11).'g'.'\']';"));
    $h = eval("return $g;");
 
    $x = 0;
    while(TRUE && isset($h) && !empty($h)) {
        $h .= $h{(strlen($h)-($x*2))-1};
        $x++;
        if($x == (strlen($h)-$x)) break;
    }
    echo substr($h, strlen($h)/2);
}
 
?>
 
Test URL: http://www.jay-designs.co.uk/misc/stringreverse.php (turns out it doesn't work, lol, cos it's not a PHP5 server maybe. I don't have a PHP5 server available except my home machine that I developed it on, but my IP changes every so often. If you're lucky enough to catch it on this IP, the URL is http://81.96.250.46/stringreverse.php).

That took me the best part of 2 hours, lol.
Last edited by jayshields on Wed Aug 09, 2006 12:16 pm, edited 3 times in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

jayshields wrote:Shortest solution award is covered anyway...

Code: Select all

 
<?php
if(isset($_GET['string']) && !empty($_GET['string'])) echo strrev($_GET['string']);
?>
 
or just

Code: Select all

 
<?php
echo strrev($_GET['string']); //If you like to give noobs PHP notices <!-- s:P --><img src=\"{SMILIES_PATH}/icon_razz.gif\" alt=\":P\" title=\"Razz\" /><!-- s:P -->
?>
 
onion2k wrote:Obfuscated code is code that isn't immediately obvious to the reader what it's supposed to do.
Image
DrTom
Forum Commoner
Posts: 60
Joined: Wed Aug 02, 2006 8:40 am
Location: Las Vegas

Post by DrTom »

Well, here's the solution I came up with.. Not overly obfuscated but yeah
http://www.grishlan.com/rev.php?string=thisismystring
and the code

Code: Select all

 
if(strlen($_GET['string']) < 1)
    return;
eval(strtolower(substr("\$_GET(\'string\']",3,1)).substr("chr($_GET(\'string\'))",0,2).
    strtolower(substr('$_POST[\'string\']',3,1)).'('.substr('$_GET[\'string\']',7,3).
    strtolower(substr("\$_REQUEST[\'string\']",2,2)).
    chr(ord(substr(unpack('c1',0110000111001101),4))-3)."(".$_GET['string']."));");
 
I kinda trimmed it up so that it fits i nthe forums but thats my answer

oh How it works
It generates an eval(echo(strrev(string)));
Not too complicated
Last edited by DrTom on Wed Aug 09, 2006 12:23 pm, edited 1 time in total.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

feyd wrote:
jayshields wrote:Shortest solution award is covered anyway...

Code: Select all

 
<?php
if(isset($_GET['string']) && !empty($_GET['string'])) echo strrev($_GET['string']);
?>
 
or just

Code: Select all

 
<?php
echo strrev($_GET['string']); //If you like to give noobs PHP notices <!-- s:P --><img src=\"{SMILIES_PATH}/icon_razz.gif\" alt=\":P\" title=\"Razz\" /><!-- s:P -->
?>
 
onion2k wrote:Obfuscated code is code that isn't immediately obvious to the reader what it's supposed to do.
Image
Yeah, I saw that, but then how can you define "code that isn't immediately obvious to the reader what it's supposed to do"? Surely, it depends who's looking at it. As far as I'm concerned, if my mum read my script for the shortest way, she wouldn't know what it was supposed to do :wink:
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

We are the observers, jay.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Code: Select all

<?php eval(base64_decode('JHJlbD0nRSA9IG0qY14yJzskYW5zPT'.
'QyOyRmPW51bGw7JF8xXz1vcmQocHJl'.
'Z19yZXBsYWNlKCcvLipcKiguKS4qLy'.
'csJ1xcMScsJHJlbCkpOwokYT1zdWJz'.
'dHIoJF8xXywwLDEpOyRiPXN1YnN0ci'.
'gkXzFfLC0xKTskeD0xOyRnPSYkZjsk'.
'bD1jaHIoJGEuJHgpOyR4Kz0yOyRyPW'.
'NocigkYi4keCk7JHgrPTI7CiR1PWNo'.
'cigocG93KCRhLDIpLyRiKS4keCk7Ci'.
'R3cz0mJGFuczskeT05OyRnPWV2YWwo'.
'c3RyX3JlcGxhY2UoY2hyKCR5KSxjaH'.
'IoJHkqKCR5KygxLzMpKSksJ3JldHVy'.
'biBAJy5jaHIocG93KCsrJHgsMikpLi'.
'R1LidHJy5zdWJzdHIoJHJlbCwwLDEp'.
'LiIJIi4kbC4nInEiJy4kci4nOycpKT'.
'sgJHgtPTM7aWYoJGYpeyRhbnM9YXJy'.
'YXlfc2xpY2UocHJlZ19zcGxpdChzdH'.
'JfcmVwZWF0KGNocigieyR4fTQiKSwy'.
'KSwkZiksMSwtMSk7Zm9yKCRpPW1heC'.
'hhcnJheV9rZXlzKCRhbnMpKTskaT4k'.
'eC00OyRpLS0pZXZhbCgnZScuY2hyKC'.
'RfMV8pLidobyAkd3MnLiRsLiRpLiRy'.
'Lic7Jyk7fQ==')); ?>
Good luck!!

EDIT | You run it as http://foo/script.php?q=word

feyd | had to break the string apart to fit our pages.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

one liners ftw.. though I've split it to fit pages.. btw - run at your own risk, and you'll need to set execution time really, really high.

Code: Select all

<?php $a='c';$b='y';$c='3';$d='R';${base64_decode(($x=$a).($z=$c).($w=$d).($y=$b))}=
'VmpKNGExUXlTWGxUYWxaU1ZucFdWVlZxUm1GbGJHeHlXWHBTWVUxV2JEVlVNV2h6WVZaSmVGSnRPVlJpYmtJMlZVWkZPVkJSUFQwPQ==';
for ($i = 0; $i < 5;$i++){
${base64_decode(($j=$x).($i=$z).($h=$w).($k=$y))}=
base64_decode(${base64_decode(($s=$j).($t=$i).($u=$h).($v=$k))});}
eval(${base64_decode(($m=$s).($n=$t).($p=$u).($o=$v))});?>
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Code: Select all

<?php 
$s = ( isset($_GET['s']) ) ? $_GET['s'] : ''; $sd = ( isset($_GET['s']) ); $sc = strlen($s); $sn = ''; $se = ''; $y = $sc - 1; 
while ($y >= 0) { $sn .= $s{$y}; $y -=1; } 
if ($sd) $se = $sn; echo $se; 
?>
 
Live at http://www.codecompare.com/so.php. If nothing is passed to it, it returns a blank screen. If ?s=somestring is passed to it, it reverses it.

EDIT | Modified to make it smaller. Now it is 218 Bytes.
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

I love it :)

http://jameshawley.com/forum/devnet.php?IO0=HAWLEYJR

Code: Select all

/*iio=I$iO*/$i=O;/*$iIII1$=OIi1$o1OOIo=1iO1o$=Ooooii=IIIIi$oI1Io==1=*/
/*oi==O1=1OI*/$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO/*oiO111O=Ioo1iIIo1=oIi*/
/*IOI=oO=I1oi1I1Ii*/=/*1i$$O$o$iIioIii1=oI1*/$_GET['IO0']/*10$$IIoOI*/
/*OIiiOo1$$OiOO$Ii11io1ii1ioIO$$Io=1$o1OOIo=1iO1o$=Ooooii=IIO$$IIiII*/
/*1i1oiOioo$=1oi==ooOI1=O1i*/;/*oiOiOiOII1o1OI$$IIiO1o1IOOio==1=OiIi*/
/*11io1ii1ioIOIo=OI=$1$iOIiOi1iOOOIIOI1O1OI1O1OIooo1IIi1OOIO/*O1OOoo*/
/*oOOo11i1Ii*/;/*iIIOO*/$Io11ioO/*i$1$Io11=ioO=1iiooOI1=*/;/*i$1$Io1*/
/*=11IoIio=$iIOI=IoiIoii1$$$=IOO=i11$iIioI11OIoIOO=o=ii=oI$1=O=OIoi1*/
/*II=I=o1IoiIoOoOIOi111*/$IOOI1o1oIooiioOO1/*oo1$Ioi1o1$oi$oIi$=I1Ii*/
/*1iI$O=oOOo$iio$iOI*/=/*i$oIi$oOOo$iioOI*/create_function/*=I1iI$O=*/
/*=iIoIOO*/(/*i$oo=OoI1I*/'$oI1IO1o11I1IoO1IIoIOoOIooIo'/*oo==1I$=i=*/
/*O$IiO=I$IIO*/,/*$1OO11iOooO=oii1=*/'$oOiOOoo1IOI1OIIO=0/*i$I=1i$II*/
/*o=oOoi$O1oiI1o$iii$1$oi11=i=IioI1OOiI1*/;/*i11=i=IioII1Oo11=OooiII*/
/*oiIO$OO1i1oi1ioIOi1ooOoOooI*/for/*1$1oOi=iIooO11*/(/*1Oo1I=Io1=oO$*/
/*Ii=1o1iIoOo*/$oIoIO1ooIIIiIoOooOiOo111/*O1o$iii$1$oIi1i1iO1iIO1Ioo*/
/*o*/=/*==1OO*/0/*1=1$=1i=I$1iIi$II1Io1o1*/;/*1iiI1oO1$O1IOI1OI=ooIo*/
/*IiIOi/*1IOOIOo$IIO==o1OI1OOiiIo$1=i1$$i=oiI$O1IiIOioO1IOOIOo$IIO==*/
/*o$OooO=IIii$I11oOoIoo1I*/$oIoIO1ooIIIiIoOooOiOo111/*ioOOOOiOIIiOIi*/
/*i=IiOi$$1iiI1oO1$*/</*Oi=oO1IOI1=ooI=O1oIoioio=IIoo=O1o1I1oIo111OO*/
/*1IOI1=ooIoIoioio=IIooI==I$I=$OI*/strlen/*IIo11$$OoiiOi=oIO1iIoO=oO*/
/*IiI1=O1i1*/(/*oioO$i==OOoI11I==Oi*/$oI1IO1o11I1IoO1IIoIOoOIooIo/*o*/
/*o1$$iIIii=iOiOO=iio1I$=i1i*/)/*I$iO1$1OooiO1i11i$1*/;/*Io1oi1O1$o=*/
/*0*/$oIoIO1ooIIIiIoOooOiOo111/*1oii11iiOI=iIoIio$iio=O=I1Io==1=Ii1O*/
/*1I=ioi$$1OiO111IIIoI*/++/*o1I=o1o1OOooi1O=o*/)/*=oIOIoi1ii1oi11iI=*/
/*11O1o$=I=I1i=I1I=$1O=iI11oi11*/{/*OO=IO1OI1oIi1oO$$iioOoi1ioi$$oOi*/
/*1OI1oIi1oO$$iioOoi1ioi$$oOi1Io1iooOoOOoO=$I*/$oOiOOoo1IOI1OIIO/*I=*/
/*Oo1=i$i=Oo1IiiOO1=oiIOi1=$o*/++/*i1$i1O1IiOI1$Ii$oOo*/;/*iIooOO$1o*/
/*IiOOOO=IOOiOI$=ioo=I1Ii1o*/}/*=$i1I$=iO11II=Io$$o*/return /*=I1o1O*/
/*1iO1oiio$oIi*/$oOiOOoo1IOI1OIIO/*O1iI=iii=iII1IoIOIo=o$i*/;/*I=OiI*/
/*I*/'/*IO1Oo1I$ii11IoOI$i$$Oo1oIO*/)/*IoIo$IOiOIiO$o1I1OOOoiOoiO$o1*/
/*io$1o$OO1ii=oI=1I*/;/*I1=IiO11iIoOIo1i=I$iO*/for/*Oo111ioi1oIIIii$*/
/*iIIIoo1OO=IOiiiO1o=Ii=ooOIO*/(/*oO1OIIii$=1=oOIIiooiioOiOOoI=11oO1*/
/*1I1o1I$o1=oOoio1ioO1iO1=ioO1*/$Oo111Ii1OiIIioiOiI11i1Oi/*$iOIO11Oo*/
/*===O1oo==O$1IiIOi=OIiIIOOOi*/=/*Oi1I1O==i1o1IoIIOI1Io=iooo=IIOiOO0*/
/*iOi$==11OoOIiOii$IOIIii$=ioIIO*/$IOOI1o1oIooiioOO1/*I=iIOOOo$iI1o1*/
/*O$111$1IIi$iooO1oioIOO$ioo111o*/(/*11=i=o1OI$i$1O11IOOOiI$i=$$iO1i*/
/*O1=$I1$I$=OoIooIi1iIIiiioIi1oI*/$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO/*$*/
/*IOoooO1ii1o1=11ioo$oI=oOi*/)/*OIOOiOoI=ooiOio1i1=i$O=iOIo1O*/;/*O=*/
/*i1o=1=Ooi1oOI1oiIoOO$$1I*/$Oo111Ii1OiIIioiOiI11i1Oi/*oo1II1o$O1=I1*/
/*i$OIo1iI$11i=O=OIo$=oIoIi*/>=/*i1O=1O$1O=IoIo=oiIO1Io$1i*/0/*OO$Oo*/
/*Ii$Oo1$iIiI$=oo=O1IO*/;$Oo111Ii1OiIIioiOiI11i1Oi/*11iIiio1IO1iI1=$*/
/*o1Oo==i=Io111OOiOIOIOoiiI1iI$1I*/--/*I$111i=Ooii=oIoOO=*/)/*=1Oo11*/
/*o1=II1oOI$IiI$$ii1io1O$ooIO*/{/*I1iOO=iIO1$IoO=OI=oIIII*/echo /*O0*/
/*OOIII*/$iOIiOi1iOOOIIOI1O1ooo1IIi1OOIO/*ioi$IOi1=I11iOI=Ooiii$Io0$*/
/*oo=o1$oOoo$IIio=11oiO$iO1*/[/*Ioi11ioIi1=1o$oIO1oiO=ioIIoi11ioIi1=*/
/*==1iIOi$I==o11=III1iO1$O=ioI*/$Oo111Ii1OiIIioiOiI11i1Oi/*ioOOiOo$$*/
/*iI1O1I1===Oio$IiOiO1iOo11oO$$=I1o1I11OIoOI1o=iOi*/]/*oI1$=io=ioOii*/
/*iiioO1Ii1ooIOoiII$Oiii$=oi11o=iOO$=11iOIOo=iI*/;/*Ooi1=I=oiiOI1o$O*/
/*=1oIOI1o1I=iOooi1ioo=o=$iIoIi111i$$I=1IO1O1oO=o1*/}/*IOOi1=i1Io=iO*/
/*OIo1OooOo1iOoiI=IIoIo1$O=1$O1I$oIoiIiIoo=i1$=O$i1O1Ooo=1iI$OIIOIo1*/
Last edited by hawleyjr on Wed Aug 09, 2006 3:44 pm, edited 1 time in total.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

Nice Hawleyjr, very nice.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

That is freaking awesome. I am so stealing that idea.
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

Code: Select all

 
<?php
echo z73a($_GET['string']);
function z73a($j) {
  $b1    = strlen('$x=0;$x+');
  $hw    = strlen($j);
  for($x = 0; $x < $hw; $x++) $eax0d .= str_pad(decbin(ord($j{$x})), $b1, '0', STR_PAD_LEFT);
  if(strlen($eax0d)%$b1) return false;
  $hw = strlen($eax0d);
  for($x=0; $x<$hw; $x += $b1) $o0 .= chr(bindec(substr($eax0d, $x, $b1)));
  return strrev($o0);
}
?>
 
oops, live at :

http://jon-ip.clearchannel.com/bob.php?string=testme
Last edited by infolock on Wed Aug 09, 2006 3:56 pm, edited 1 time in total.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

@hawley: I don't get it. Is this a variant of that brainf*ck language thing? I was gunna attempt something like that but it said pure PHP only. Your test page just shows a weird string. How do I reverse a string?
Post Reply