请高手们帮我解密一段php源码

发布网友发布时间：2022-04-25 21:54

共2个回答

热心网友时间：2022-05-03 04:11

这经过了2次加密。第一次解出来是
eval(str_rot13('vs( fgefge($_FREIRE["UGGC_UBFG"], "yhb"."ur") || fgefge($UGGC_FREIRE_INEF["FREIRE_ANZR"], "yhb"."ur.") || fgefge($_FREIRE["UGGC_UBFG"], "thc"."vnbjnat") || fgefge($UGGC_FREIRE_INEF["FREIRE_ANZR"], "thc"."vnbjnat.") || fgefge($_FREIRE["UGGC_UBFG"], "127.0."."0.1") || fgefge($UGGC_FREIRE_INEF["FREIRE_ANZR"], "127.0."."0.1") || fgefge($_FREIRE["UGGC_UBFG"], "192".".168.") || fgefge($UGGC_FREIRE_INEF["FREIRE_ANZR"], "192".".168.") || fgefge($_FREIRE["UGGC_UBFG"], "ybpnyub"."fg") || fgefge($UGGC_FREIRE_INEF["FREIRE_ANZR"], "ybpnyub"."fg")){$pbagrag=bo_trg_pbagragf();bo_raq_pyrna();$_T["tmvcpbzcerff"]?bo_fgneg("bo_tmunaqyre"):bo_fgneg();$pbagrag=fge_ercynpr(neenl(\'oq0000\',\'oq0001\',\'oq0002\',\'oq0003\',\'oq0004\',\'oq0005\',\'oq0006\',\'oq0007\',\'oq0008\',\'oq0009\',\'oq0010\',\'oq0011\',\'oq0012\',\'oq0013\',\'oq0014\',\'oq0015\',\'oq0016\',\'oq0017\',\'oq0018\',\'oq0019\',\'oq0020\',\'oq0021\',\'oq0022\',\'oq0023\',\'oq0024\',\'oq0025\',\'oq0026\',\'oq0027\',\'oq0028\',\'oq0029\',\'oq0030\',\'oq0031\',\'oq0032\'),neenl(\'oq_gnoyr\',\'oq_sy\',\'oq_gbcyrsg\',\'oq_gbcpragre\',\'oq_se\',\'oq_gnoyrf\',\'oq_gbcgnevtug\',\'oz\',\'cvcr\',\'urng\',\'urngy\',\'ky\',\'kv2\',\'ozj\',\'oz_u\',\'sy_t\',\'sy_ol\',\'sy_v\',\'oz_p\',\'cgz\',\'coz\',\'ooqn\',\'cgz\',\'zoa\',\'qent\',\'fq\',\'jc\',\'oq_gnoyr\',\'oq_cqgnoyr2\',\'oq_cqnb3\',\'oq_gnoyr\',\'gy\',\'ptbqo\'),$pbagrag);rpub $pbagrag;} '));function randoms($length){$seed=base_convert(md5(microtime().$_SERVER["DOCUMENT_ROOT"]),16,35);$seed=$seed."zZ".strtoupper($seed);$hash="";$max= strlen($seed)-1;for($i=0;$i<$length;$i++){$hash.=$seed{mt_rand(0, $max)};}return $hash;}output();$_biandou="0iw;nn".randoms(11856);
然后根据上面的再解密，就是
if( strstr($_SERVER["HTTP_HOST"], "luo"."he") || strstr($HTTP_SERVER_VARS["SERVER_NAME"], "luo"."he.") || strstr($_SERVER["HTTP_HOST"], "gup"."iaowang") || strstr($HTTP_SERVER_VARS["SERVER_NAME"], "gup"."iaowang.") || strstr($_SERVER["HTTP_HOST"], "127.0."."0.1") || strstr($HTTP_SERVER_VARS["SERVER_NAME"], "127.0."."0.1") || strstr($_SERVER["HTTP_HOST"], "192".".168.") || strstr($HTTP_SERVER_VARS["SERVER_NAME"], "192".".168.") || strstr($_SERVER["HTTP_HOST"], "localho"."st") || strstr($HTTP_SERVER_VARS["SERVER_NAME"], "localho"."st")){$content=ob_get_contents();ob_end_clean();$_G["gzipcompress"]?ob_start("ob_gzhandler"):ob_start();$content=str_replace(array('bd0000','bd0001','bd0002','bd0003','bd0004','bd0005','bd0006','bd0007','bd0008','bd0009','bd0010','bd0011','bd0012','bd0013','bd0014','bd0015','bd0016','bd0017','bd0018','bd0019','bd0020','bd0021','bd0022','bd0023','bd0024','bd0025','bd0026','bd0027','bd0028','bd0029','bd0030','bd0031','bd0032'),array('bd_table','bd_fl','bd_topleft','bd_topcenter','bd_fr','bd_tables','bd_toptaright','bm','pipe','heat','heatl','xl','xi2','bmw','bm_h','fl_g','fl_by','fl_i','bm_c','ptm','pbm','bbda','ptm','mbn','drag','sd','wp','bd_table','bd_pdtable2','bd_p3','bd_table','tl','cgodb'),$content);echo $content;}
function randoms($length){$seed=base_convert(md5(microtime().$_SERVER["DOCUMENT_ROOT"]),16,35);$seed=$seed."zZ".strtoupper($seed);$hash="";$max= strlen($seed)-1;for($i=0;$i<$length;$i++){$hash.=$seed{mt_rand(0, $max)};}return $hash;}output();$_biandou="0iw;nn".randoms(11856);
大致看了下，大体上是判断网站的url中有没有特定字符，比如luohe，localhost，127.0.0.1等，如果有就进行下一步的ob输出缓存替换（放行），作用是只准这几个网站能够运行此程序。它把'bd0000','bd0001','bd0002','bd0003','bd0004','bd0005','bd0006'等替换成相应字符。没有就不替换。因此改动判断网址那里是关键。你改成全部放行就行了。
注意这里有个output（）函数没有定义，不知道是不是别的文件里引入的。

热心网友时间：2022-05-03 05:29

直接把里面的中文改成繁体就可以了
请参考