PHP免扩展加密(混淆加密)的基本原理(二)数据混淆
发布时间:2014-11-28 10:57:06
看代码吧!
<?php
function phpencode($code) {
$code = str_replace(array('<?php','?>','<?PHP'),array('','',''),$code);
$encode = base64_encode(gzdeflate($code));// 开始编码
$encode = '<?php'."\neval(gzinflate(base64_decode("."'".$encode."'".")));\n?>";
return $encode;
}
function phpdecode($code) {
$code = str_replace(array('<!?php','<?PHP',"eval(gzinflate(base64_decode('","')));",'?>'),array('','','','','',''),$code);
$decode = base64_decode($code);
$decode = @gzinflate($decode);
return $decode;
}
?>
</span></p><form method="post">
<textarea name="source" cols="55" rows="8">
<?php
if(!empty($_POST['source'])) {
if($_POST['button']=='加密') {
echo htmlspecialchars(phpencode(stripcslashes($_POST['source'])));
}
if($_POST['button']=='解密') {
echo htmlspecialchars(phpdecode(stripcslashes($_POST['source'])));
}
}
?>
</textarea>
<?php
if(!empty($_POST['source']))
{
if($_POST['button']=='加密')
{
echo '加密成功.';
}
if($_POST['button']=='解密') {
echo '解密成功.';
}
}else{
echo '操作失败';
}
?>
<input type="submit" name="button" value="加密">
<input type="submit" name="button" value="解密">
</form>
这里对刚才的加密来说,对代码进行了压缩,再base64 相比较之前的较为安全. 下面是微盾的加密代码,相比上面的加密,增加了混淆操作.
<?php // This file is protected by copyright law & provided under license. Copyright(C) 2005-2009 www.vidun.com, All rights reserved.
$OOO0O0O00=__FILE__;$OOO000000=urldecode('%74%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64%66%70%6e%72');$OO00O0000=244;$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$O0O0000O0='OOO0000O0';eval(($$O0O0000O0('JE9PME9PMDAwMD0kT09PMDAwMDAwezE3fS4kT09PMDAwMDAwezEyfS4kT09PMDAwMDAwezE4fS4kT09PMDAwMDAwezV9LiRPT08wMDAwMDB7MTl9O2lmKCEwKSRPMDAwTzBPMDA9JE9PME9PMDAwMCgkT09PME8wTzAwLCdyYicpOyRPTzBPTzAwME89JE9PTzAwMDAwMHsxN30uJE9PTzAwMDAwMHsyMH0uJE9PTzAwMDAwMHs1fS4kT09PMDAwMDAwezl9LiRPT08wMDAwMDB7MTZ9OyRPTzBPTzAwTzA9JE9PTzAwMDAwMHsxNH0uJE9PTzAwMDAwMHswfS4kT09PMDAwMDAwezIwfS4kT09PMDAwMDAwezB9LiRPT08wMDAwMDB7MjB9OyRPTzBPTzAwME8oJE8wMDBPME8wMCwxMjYwKTskT08wME8wME8wPSgkT09PMDAwME8wKCRPTzBPTzAwTzAoJE9PME9PMDAwTygkTzAwME8wTzAwLDM4MCksJ0VudGVyeW91d2toUkhZS05XT1VUQWFCYkNjRGRGZkdnSWlKakxsTW1QcFFxU3NWdlh4WnowMTIzNDU2Nzg5Ky89JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>
kr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXPkr9NTzEXHenNHtILT08XT08XHr8XhtONTznNTzEXHr8Pkr8XHenNHr8XHtXLT08XHr8XHeEXhUXmOB50cbk5d3a3D2iUUylRTlfNaaOnCAkJW2YrcrcMO2fkDApQToxYdanXAbyTF1c2BuiDGjExHjH0YTC3KeLqRz0mRtfnWLYrOAcuUrlhU0xYTL9WAakTayaBa1icBMyJC2OlcMfPDBpqdo1Vd3nxFmY0fbc3Gul6HerZHzW1YjF4KUSvkZLphUL7cMYSd3YlhtONHeEXTznNHeEpK2a2CBXPkr9NHenNHenNHtL7eWplC2ivwtk0DolzwuOlF3WIcBYPdZExHjHibo4JKX0hcBYPdZEJfoipFZn0cbY0woajDo8IYeA2waxVwjSYtJOiNUwxHjHxHjHJKX0hDBCPkoriNUwJhbSYtMajDo8IwmOPDbHIfoazftnpcJEibo4JKX0hgW0hCBwPhTSYtMc1dMY0DB9VwoyJhtLYtmSYtMajDo8Ihtk0DolzwolzwuOlF3WIcmaVC3Opd24iwJL7eWp9eWP=
其中红色部份为混淆的程序,下面蓝色部份为数据. 这样加密比较难处理. 有兴趣的,可以自己去下载微盾.
这里为当前PHP文件 ,下面为编码的数据
$OOO0O0O00=__FILE__;
//************* 2
$OO0OO0000=$OOO000000{17}.$OOO000000{12}.$OOO000000{18}.$OOO000000{5}.$OOO000000{19};
//************* 1
$OO00O00O0=str_replace('__FILE__',"'".$OOO0O0O00."'",($OOO0000O0($OO0OO00O0($OO0OO000O($O000O0O00,$OO00O0000),'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'))));fclose($O000O0O00);eval($OO00O00O0);
//************* 1 在这里得到最终的代码了.
echo "this test echo 123!\n";
echo "this test echo 456!\n";
$a="123123";
if($a!=""){
echo "this test if !\n";
}
ab();
function ab()
{
echo ("this is test function!");
}
最在结束的最后,后期出现的期他的加密神盾,威盾等等.采用了ascii码 129-255的乱码混淆来实现变量名,造成不易读.这样可以更好的保护代码的执行.但也存在致命的问题.就是无论怎么加密.最终都要还原成明文.这个就是破解的关键所在.在下次,读读这个加密的缺点,还有这个加密壳的资料.
