Seeing this picture, I think this should be the source code of a charging project. Why does the charging project provide source code? This is one of the problems of PHP.
Many people may want to modify such source code, but the source code is so incomprehensible. After getting such source code, I guess many people who want to modify the source code will be stuck. In this case, what I want to say is that since the author has done this, he does not want it to be modified by others. If you really think the project is good, you can actually pay for it. After all, software is the sweat of every software engineer.
Although that is the case, if you just want to learn and do not generate any benefits, what can you do if you encounter such a problem? Although I don't know much about PHP, I know that it is not a big problem to restore the source code level processing of PHP (my own imagination, after all, there may be many various processing methods, but I don't know), the key is to restore It's worth it. Of course, PHP encryption still exists at the engine level, and I think the engine level is still difficult. But if it's just source code level processing, I think everyone can try to restore it with imagination, because the possibility of restoration is still very high.
I haven't seen this kind of code much. For the picture above, I didn't get the source file, only this picture. For this picture, I will give a processing idea and communicate with you.
Ideas
- First format the code, which can be formatted with many tools, such as PHPStorm;
- This kind of code is obviously not very useful after formatting. The purpose of formatting is to standardize the entire source code, and then try to remove the goto statement in the entire code; because the execution of the code is sequential, that is, Execute in this way from the beginning to the end of the file. If you can remove the goto, you will get a code with a real execution sequence. In fact, goto is an unconditional jump. We will convert the discrete code connected by goto into Linear is fine;
- Except for the goto statement that fills the screen, there are some incomprehensible characters. Some people may say that they are encrypted, but they are not careful enough. If you look closely, it's actually just encoded. We can start to restore from the position with obvious features in the code. What are the obvious features? See the picture below.
In the picture is a date() function, which everyone will use, and its parameter is a string. There are two types of symbols used to limit strings in PHP, namely single quotes and double quotes. In order to speed up the code, we usually use single quotes when writing code, and when there are escape characters in the string, we use To use double quotes. And here the string in the date() function is actually an escape character. These seemingly encrypted things are actually some ASCII codes. To put it bluntly, they are the basis for testing everyone. The beginning of "\" is octal, the beginning of "x" is hexadecimal, "\131" is the uppercase letter "Y", "\55" is the character "-", do I need to say the rest? Not yet? Can't you find an ASCII code table and look at it?
With the foundation of the third step, is it difficult to restore the rest?
try
I went to the Internet to find a similar file, and then tried to use the code to restore its structure, which is the second step of my thinking above. After all, the file is a bit large, and it is still reliable to write code to restore it. The code was written in less than 200 lines, and almost 20 lines of code were restored. It can be said that there is progress, why not restore it all? In fact, there is a reason, because after formatting, when I used the code to process, I didn't deal with various possibilities one by one (because this part took a lot of time), I only dealt with part of the situation. Some formatted codes are not quite the same as I expected, such as multi-line continuous labels, labels followed by goto, etc. I did not deal with them one by one, because I am not trying to restore the source code, but Validate my thinking. The structure of the key code is given, and the complete source code is not provided (I deleted the specific processing), I have not finished writing it myself, and it is not complicated
<?php
class decode
{
private $f;
private $arr = [];
private $lineNo = 0;
public function openfile()
{
$this->f = fopen('./test.php', 'r');
}
public function closefile()
{
fclose($this->f);
}
public function de()
{
$this->openfile();
while (!feof($this->f)) {
$line = fgets($this->f);
$this->lineNo++;
$this->parse($line);
}
$this->closefile();
$this->output();
$this->outputcode();
}
public function delrn($str)
{
}
public function parse($line)
{
// handle goto's
if (strpos($line, 'goto') !== false) {
}
// code after label processing
if (strpos($line, ':') !== false) {
// label followed by a single line of code
if (strpos($line, ';') !== false) {
}
if (strpos($line, ':') !== false) {
}
if (strpos($line, 'goto') !== false) {
}
// Labels are followed by multiple lines of code
if (strpos($line, '{') !== false) {
$code = $this->delrn($line);
$i = 1; // record the number of opening bracket {
while ($line = fgets($this->f)) {
$this->lineNo++;
if (strpos($line, '{') !== false) {
}
if (strpos($line, '}') !== false) {
}
$code = $code . ' ' . $this->delrn($line);
}
}
// After the label is a function
if (strpos($line, 'function') !== false) {
$code = $line;
$i = 0; // record the number of opening bracket {
while ($line = fgets($this->f)) {
$this->lineNo++;
if (strpos($line, '{') !== false) {
}
if (strpos($line, '}') !== false) {
}
$code = $code . ' ' . $line;
}
}
return;
}
}
// Intermediate file
public function output()
{
$f = fopen('./output.php', 'w');
foreach ($this->arr as $k => $v) {
}
fclose($f);
}
// final file
public function outputcode()
{
$f = fopen('./code.php', 'w');
while (true) {
}
fclose($f);
}
public function next($key, $arr)
{
$bret = false;
foreach($arr as $k => $v) {
if ($bret == true) {
return $k;
}
if ($k === $key) {
$bret = true;
}
}
return false;
}
}
$decode = new decode();
$decode->de();
Summarize
This kind of code processing should generally be called "code obfuscation", and this method of code obfuscation is considered simple. This tool can actually implement one by itself, read each line of PHP code line by line, and then randomly generate a line number for each line of code, then use goto to connect, and finally shuffle. The "string" can then be processed into an "escape character". Of course, there are actually many ways to deal with it. As long as you define the treatment methods you can think of as rules, the PHP code processed by your code obfuscation tool will be more complicated than this.
Knowing the idea of obfuscation, then anti-obfuscation is actually the same way of thinking, it can be processed with human flesh, and if the amount is large, it is not suitable for human flesh. If the amount is large, you need to write tools to automate it.
Finally, I want to tell everyone again that we are all doing software development, please cherish the sweat of every software engineer. Stealing other people's achievements is actually destroying the industry and breaking the law. When we face various problems, we still start with learning and improving our own capabilities.
Post comment 取消回复