Hi Guys,

Im new here, but i've been using webmaster-talk for a lot of years.

To make a long story short, a company hired me a few days ago to modify a php application,

I received the code today and found that is encrypted!!

What can i do? The person who did this code no longer works for the company and is MIA.

Please help, copy of the code:

http://slexy.org/raw/s21rZ5j06O

or

http://www.heypasteit.com/clip/GY6

They hire me to change a email message thats apparently is inside that obfuscated code, not the entire application.

Can someone help me here.


thanks

Remuel

Looks like its been obfuscated.

No easy way out tbh.

It doesnt look like a huge bit of code, so may just be better to re-write it based on the companys requirements?

It looks like its been encoded. You should be able to backtrack through the encoding to get to the real code. Replace the line:

PHP Code:

eval(base64_decode(stripslashes($_CMD))); 


with

PHP Code:

echo base64_decode(stripslashes($_CMD)); 


i tried that but i only get this:

?>=0;$i--) { $_CHAR2.=chr($i); } $_DECODE64=base64_decode($_DECODE); $_DECRYPT=strtr($_DECODE64,$_CHAR2,$_CHAR); eval($_DECRYPT); return; die(); ?>

im really lost here.

thanks

There was more to it to hacking it. I finished the hack to check your story and it does seem to not be a copyrighted code, so here's the answer:

Where you see return;, replace it with

PHP Code:

echo '<pre>'.htmlspecialchars($_DECRYPT).'</pre>'; 


And, you'll have the full code... beware of copy-and-pasting as there are UTF8 entities in there.

Quote:

Originally Posted by lynxus

Looks like its been obfuscated.

No easy way out tbh.

It doesnt look like a huge bit of code, so may just be better to re-write it based on the companys requirements?

FYI: Obfuscated code can generally be de-obfuscated, so there's a relatively easy way out. Hashed values on the otherhand really have no easy way out.

Quote:

Originally Posted by JeremyMiller

FYI: Obfuscated code can generally be de-obfuscated, so there's a relatively easy way out. Hashed values on the otherhand really have no easy way out.

Thats good then ( I assume you managed to decode it for him? )

Glad to see it was retrievable.

Hope he says thanks!


How did you figure out how to decode it?
Are you just REALLLLLY fcuking good? or have you seen that kind of output before? or a bit of both

Quote:

Originally Posted by lynxus

How did you figure out how to decode it?

Anytime you see eval( base64_decode( something ) ) change it to echo base64_decode( something ) and it will output the decoded code.

There is a difference between obfuscated code and encoded text. Obfuscated code may be hard to understand and change, but it can still be executed directly (without any decoding). The code the OP posted is just normal PHP code that has been encoded.

There was a second layer to the obfuscation in this case. Using multi-layer obfuscation is common, though virtually pointless.

hey thanks a lot, but how do i decrypt the second multi layer of obfuscation?

By reading my posts in this thread carefully.

thanks you very much, how can i pay you?

No payment needed. Glad to be of help.