Click to See Complete Forum and Search --> : decoding a eval(base64_decode
Parabola
05-15-2007, 07:01 PM
<?PHP
bradgrafelman
05-15-2007, 10:09 PM
What are you trying to do?
etully
05-15-2007, 10:09 PM
It decodes to this:
etully
05-15-2007, 10:18 PM
What are you trying to do?
Parabola
05-15-2007, 10:32 PM
I think he has a copy of ZoGo-Shop installed and he's trying to make some mods or something... but some of the code is unreadable.
etully
05-15-2007, 11:31 PM
when you see eval(base64_decode('.............'));
Parabola
05-16-2007, 12:04 AM
etully u got AIM or MSN?
Weedpacket
05-16-2007, 05:01 AM
Re-read etully's post. Exactly the same process.
etully
05-16-2007, 09:34 AM
We do not help people over IM. The whole point of a public thread is so that lots of other people can see your question, and our answers, when they search the forums.
Kudose
05-16-2007, 09:57 AM
I give up ... it just gives me a different encoded string each time.
madwormer2
05-16-2007, 03:20 PM
Lol, it was encoded 11 times. That's just freaky stuff right there.
etully
05-16-2007, 03:29 PM
I guess the thought is that 10 is easy to crack but 11? forget that, nobody will bother to decode this 11 times.
madwormer2
05-16-2007, 03:31 PM
Not to mention they have the algorithm to generate unlimited site keys in there...
Kudose
05-16-2007, 03:45 PM
lol, 11 times!
Parabola
05-16-2007, 03:45 PM
Not to mention they have the algorithm to generate unlimited site keys in there...
madwormer2
05-16-2007, 03:48 PM
I used this:
Kudose
05-16-2007, 04:13 PM
Out of pure curiosity I had to finish decoding it.
Kudose
05-16-2007, 04:18 PM
:( can u just post it for me please. or teach me how to do it in detail. i kinda newb to php
RedneckExorcist
05-21-2007, 09:40 PM
For some reason I ran the decrypt.php and the decoded file is coming out looking exactly the same as my coded.. Any help decrypting would be much appreciated..
bradgrafelman
05-21-2007, 11:28 PM
When posting PHP code, please use the board's bbcode tags - they make the code much, much easier to read (as well as aiding the diagnosis of syntax errors). I've already edit your post for you (since it stretched the page to an enormous width), but please keep this in mind for the future.
Kudose
05-21-2007, 11:41 PM
Brad: Is there any way to know, without decoding it, if something malicious will happen during decoding?
laserlight
05-21-2007, 11:50 PM
Decode it but remove the eval portion? It would just be a string that can be printed, and you can read the clientside source and decide from there.
RedneckExorcist
05-21-2007, 11:57 PM
So can someone help me decrypt it?
bradgrafelman
05-22-2007, 12:01 AM
Basically, what I do is first just echo the base64_decode'd version of the first hash so that I can visually inspect it. AFAIK, unless there's some buffer overflow lurking out there, there's no harm in simply viewing the decoded hash.
Kudose
05-22-2007, 12:03 AM
Laserlight, that's what I figured but just needed some reassurance.
Redneck, this is what it comes out to:
$codelock_code="Pz48P3BocA0Ka!jbHVkZSgibmVlZGVkLnBocCIpOw0KDQppZigkcCA9PSAiTG9naW4iKSB7DQpjaGVja0xvZ2luKCR1c2VyLCAkcHdvcmQpOw0KfQ0KDQokcXVlcnkgPSAiU0VMRUNUICogRlJPTSBsb2dnZWRpbiBXSEVSRSBpcG51bSA9ICckaXAnIjsNCiRyZXN1bHQgPSBAbXlzcWxfcXVlcnkoJHF1ZXJ5KQ0KI*CBvciBkaWUobXlzcWxfZXJyb3IoKSk7DQokcm93ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHJlc3VsdCk7DQpAZXh0cmFjdCgkcm93KTsNCmlmKCRhdXRoaWQgPT0gInllcyIpIHsNCkBzZXNzaW9uX3N0YXJ0KCk7DQokX1NFU1NJT05bJ21lbWJlcm5hbWUnXSA9ICRuYW1lOw0KJF9TRVNTSU9OWydwYXNzJ10gPSAkcGFzczsNCg0KfQ0KDQpAc2Vzc2lvbl9zdGFydCgnbWVtYmVybmFtZScpOw0KQHNlc3Npb25fc3RhcnQoJ3Bhc3MnKTsNCg0KJHVzZXJpZCA9ICRtZW1iZXJuYW1lOw0KJHB3b3JkID0gJHBhc3M7DQoNCiRsb2dnZWRpbiA9ICIiOw0KDQokcXVlcnkgPSAiU0VMRUNUICogRlJPTSBtZW1iZXJzIFdIRVJFIHVzZXJuYW1lID0gJyR1c2VyaWQnIEFORCBwYXNzd29yZCA9ICckcHdvcmQnIjsNCiRyZXN1bHQgPSBteXNxbF9xdWVyeSgkcXVlcnkpDQogI*G9yIGRpZSgiQ291bGRuJ3QgRXhlY3V0ZSBRMjM0dWVyeSIpOw0KJHJvdyA9IG15c3FsX2ZldGNoX2FycmF5KCRyZXN1bHQpOw0KQGV4dHJhY3QoJHJvdyk7DQppZigkZGlzYWJsZSA9PSAiMCIpIHsNCmlmKCRhdXRoID09ICIxIikgew0KaWYoJHN0YXR1cyA9PSAiMSIpIHsNCiRudW1yY!rID0gJHJhbms7DQppZigkcmFuayA+PSAxMCkgew0KJGxvZ2dlZGluID0gInllcyI7DQoNCn19fX0NCg0KDQp0cmlhbERheXMoKTsNCmluY2x1ZGUoImluY2x1ZGUucGhwIik7DQoNCnNob3dEYXRlKCk7DQpzZ!kRW1haWwoKTsNCg0KDQppZigkcCA9PSAiIikgew0KaHBTdGF0cygpOw0KfQ0KDQppZigkcCA9PSAiQ2hhbmdlQ29sb3IiKSB7DQpDaGFuZ2VTaXRlQ29sb3IoJGNvbG9yKTsNCn0NCg0KDQppZigkcCA9PSAiV2ViYm90Iikgew0KZGlzcFdlYmJvdCgpOw0KfQ0KDQoNCmlmKCRwID09ICJDbGFuV2FycyIpIHsNCmRpc3BDbGFuV2FycygpOw0KfQ0KDQppZigkcCA9PSAiQ2xhbldhckluZm8iKSB7DQpkaXNwQ2xhbldhckluZm8oJGN3aWQpOw0KfQ0KDQoNCmlmKCRwID09ICJTaXRlUG9pbnRzIikgew0KZGlzcFNpdGVQb2ludHMoKTsNCn0NCg0KaWYoJHAgPT0gIlNjcmltVGVhbSIpIHsNCmRpc3BTY3JpbVRlYW0oKTsNCn0NCg0KaWYoJHAgPT0gIlNjcmltUHJvZmlsZSIpIHsNCmRpc3BTY3JpbVByb2ZpbGUoJHVzZXIpOw0KfQ0KDQppZigkcCA9PSAiTWVtYmVyUGljcyIpIHsNCmRpc3BNZW1iZXJQaWNzKCk7DQp9DQoNCmlmKCRwID09ICJWaWV3Q29tbWVudHMiKSB7DQpkaXNwQ29tbWVudHMoJG5ld3NudW0sICRzKTsNCn0NCmlmKCRwID09ICJDaGFsbGVuZ2VzIikgew0KZGlzcENoYWxsZ!nZSgpOw0KfQ0KLyoNCmlmKCRwID09ICJCbmV0U3RhdHMiKSB7DQpkaXNwQm5ldFN0YXRzKCk7DQp9DQoqLw0KaWYoJHAgPT0gIkdlbmVyYWxHcmFkZXMiKSB7DQpkaXNwR0coKTsNCn0NCg0KaWYoJHAgPT0gIk1lZGFsS!mbyIpIHsNCmRpc3BXaG9IYXNXaGF0TWVkYWwoJG0pOw0KfQ0KDQppZigkcCA9PSAiVHJpYWxMb2dpbiIpIHsNCmNoZWNrVHJpYWxMb2dpbigkdHJpYWxuYW1lLCAkdHJpYWxwYXNzKTsNCn0NCg0KaWYoJHAgPT0gIkRpcGxvbWFjeVJlcXVlc3QiKSB7DQpkaXBsb21hY3lSZXEoKTsNCn0NCg0KaWYoJHAgPT0gIk1lZGFsQ291bnQiKSB7DQptZWRhbENvd!0KCk7DQp9DQoNCmlmKCRwID09ICJUb3VybmV5U3RhZmYiKSB7DQpkaXNwVG91cm5leVN0YWZmKCk7DQp9DQoNCg0KaWYoJHAgPT0gIkRheXMiKSB7DQpkYXlzKCk7DQp9DQoNCmlmKCRwID09ICJOZXdzIikgew0KZGlzcE5ld3MoInB1YmxpYyIsICRudW1yY!rKTsNCn0NCg0KaWYoJHAgPT0gIkNoYXRCb2FyZCIpIHsNCmRpc3BOZXdzKGNoYXRib2FyZCwgJG51bXJhbmspOw0KfQ0KDQoNCmlmKCRwID09ICJQYXN0V2FycyIpIHsNCmRpc3BXYXJzKCk7DQp9DQoNCmlmKCRwID09ICJEb3dubG9hZCIpIHsNCmRpc3BEb3dubG9hZHMoJGRsKTsNCg0KfQ0KDQppZigkcCA9PSAiU211cmZOYW1lcyIpIHsNCmRpc3BTbXVyZnMoKTsNCn0NCg0KaWYoJHAgPT0gIklBUmVxdWVzdCIpIHsNCmRpc3BJQSgpOw0KfQ0KDQppZigkcCA9PSAiRm9ydW0iKSB7DQplY2hvICINCjx0YWJsZSBhbGlnbj0nY2VudGVyJyBib3JkZXI9JzAnIGNlbGxzcGFja!nPScwJyBjZWxscGFkZGluZz0nMCc+DQo8dHI+DQo8dGQgY2xhc3M9J21haW4nPjxiPjxhIGhyZWY9JyRmb3J1bXVybCcgdGFyZ2V0PSdfYmxhbmsnPkVudGVyIHRoZSBGb3J1bTwvYT48L3RkPjwvdHI+PC90YWJsZT4iOw0KfQ0KDQppZigkcCA9PSAiUHJvZmlsZSIpIHsNCm1lbWJlcnNPbmxpbmUoKTsNCiRpcGFkZHJlc3MgPSAiTG9nZ2VkIjsNCmRpc3BQcm9maWxlKCR1c2VyKTsNCg0KfQ0KDQppZigkcCA9PSAiTWVtYmVycyIgQU5EICRzb3J0ICE9ICIxIikgew0KaGlnaERTTCgpOw0KZGlzcE1lbWJlcnMoKTsNCn0NCg0KaWYoJHAgPT0gIk1lbWJlcnMiIEFORCAkc29ydCA9PSAiMSIpIHsNCmhpZ2hEU0woKTsNCnNvcnRNZW1iZXJzKCRzb3J0YnkpOw0KfQ0KDQoNCmlmKCRwID09ICJUcmlhbE1lbWJlcnMiKSB7DQpoaWdoRFNMKCk7DQpkaXNwVHJpYWxNZW1iZXJzKCRnKTsNCn0NCmlmKCRwID09ICJJQU1lbWJlcnMiKSB7DQpkaXNwSUFNZW1iZXJzKCk7DQp9DQoNCmlmKCRwID09ICJIYWxsb2ZGYW1lIikgew0KZGlzcEhhbGwoRmFtZSk7DQp9DQoNCmlmKCRwID09ICJIYWxsb2ZTaGFtZSIpIHsNCmRpc3BIYWxsKCJIYWxsb2ZTaGFtZSIpOw0KfQ0KDQppZigkcCA9PSAiSGVyb3MiKSB7DQpkaXNwSGFsbCgiSGVyb3MiKTsNCn0NCg0KaWYoJHAgPT0gIk1PTSIpIHsNCmRpc3BIYWxsKCJNT00iKTsNCn0NCg0KDQppZigkcCA9PSAiQ2xhbkxlZ2VuZHMiKSB7DQpkaXNwSGFsbCgiQ2xhbkxlZ2VuZHMiKTsNCn0NCg0KaWYoJHAgPT0gIlRvdXJuYW1lbnRzIikgew0KZGlzcFRvdXJueSgpOw0KfQ0KDQppZigkcCA9PSAiVG91cm5leUluZm8iKSB7DQpkaXNwVG91cm55S!mbygkaWRudW0pOw0KfQ0KDQppZigkcCA9PSAiU3F1YWRzIikgew0KZGlzcFNxdWFkcygpOw0KfQ0KDQppZigkcCA9PSAiU3F1YWRJbmZvIikgew0KZGlzcFNxdWFkS!mbygkc3F1YWQpOw0KfQ0KDQppZigkcCA9PSAiTWVkYWxzIikgew0KZGlzcE1lZGFscygpOw0KfQ0KDQppZigkcCA9PSAiUmFua3MiKSB7DQpkaXNwUmFua3MoKTsNCn0NCmlmKCRwID09ICJSdWxlcyIpIHsNCmRpc3BSdWxlcygpOw0KfQ0KDQppZigkcCA9PSAiTG9zdFBhc3N3b3JkIikgew0KbG9zdFBhc3N3b3JkKCk7DQp9DQoNCmlmKCRwID09ICJEaXBsb21hY3kiKSB7DQpkaXNwRGlwbG9tYWN5KCk7DQp9DQppZigkcCA9PSAiRGlwbG9tYWN5S!mbyIpIHsNCmRpcGxvbWFjeUluZm8oJGNsY!pZCk7DQp9DQoNCmlmKCRwID09ICJUb3BNZW1iZXJzIikgew0KdG9wTWVtYmVycygkdG9wKTsNCn0NCg0KaWYoJHAgPT0gIkhpc3RvcnkiKSB7DQpkaXNwSGlzdG9yeSgpOw0KfQ0KDQppZigkcCA9PSAiU2VhcmNoIikgew0Kc2VhcmNoKCRib3gpOw0KfQ0KDQppZigkcCA9PSAiQ2FsZ!kZXIiKSB7DQpkaXNwQ2FsZ!kZXIoJG0sICR5KTsNCn0NCg0KaWYoJHAgPT0gIkNhbGVuZGVyRXZlbnQiKSB7DQpkaXNwQ2FsZ!kZXJFdmVudHMoJGQsICRtLCAkeSk7DQp9DQoNCmlmKCRwID09ICJVVGhlaWYiKSB7DQpraWxsU2l0ZSgpOw0KfQ0KDQoNCmNvcHlyaWdodCgpOw0Ka!jbHVkZSgiYm90dG9tLmh0bWwiKTsNCg0KDQo/Pjw/UEhQIA=="; $codelock_code=str_replace("@","CAg", $codelock_code); $codelock_code=str_replace("!", "W5", $codelock_code); $codelock_code=str_replace("*", "CAgI", $codelock_code); $codelock_code=base64_decode($codelock_code); eval($codelock_code);
Which turns into:
?><?php
include("needed.php");
if($p == "Login") {
checkLogin($user, $pword);
}
$query = "SELECT * FROM loggedin WHERE ipnum = '$ip'";
$result = @mysql_query($query)
or die(mysql_error());
$row = mysql_fetch_array($result);
@extract($row);
if($authid == "yes") {
@session_start();
$_SESSION['membername'] = $name;
$_SESSION['pass'] = $pass;
}
@session_start('membername');
@session_start('pass');
$userid = $membername;
$pword = $pass;
$loggedin = "";
$query = "SELECT * FROM members WHERE username = '$userid' AND password = '$pword'";
$result = mysql_query($query)
or die("Couldn't Execute Q234uery");
$row = mysql_fetch_array($result);
@extract($row);
if($disable == "0") {
if($auth == "1") {
if($status == "1") {
$numrank = $rank;
if($rank >= 10) {
$loggedin = "yes";
}}}}
trialDays();
include("include.php");
showDate();
sendEmail();
if($p == "") {
hpStats();
}
if($p == "ChangeColor") {
ChangeSiteColor($color);
}
if($p == "Webbot") {
dispWebbot();
}
if($p == "ClanWars") {
dispClanWars();
}
if($p == "ClanWarInfo") {
dispClanWarInfo($cwid);
}
if($p == "SitePoints") {
dispSitePoints();
}
if($p == "ScrimTeam") {
dispScrimTeam();
}
if($p == "ScrimProfile") {
dispScrimProfile($user);
}
if($p == "MemberPics") {
dispMemberPics();
}
if($p == "ViewComments") {
dispComments($newsnum, $s);
}
if($p == "Challenges") {
dispChallenge();
}
/*
if($p == "BnetStats") {
dispBnetStats();
}
*/
if($p == "GeneralGrades") {
dispGG();
}
if($p == "MedalInfo") {
dispWhoHasWhatMedal($m);
}
if($p == "TrialLogin") {
checkTrialLogin($trialname, $trialpass);
}
if($p == "DiplomacyRequest") {
diplomacyReq();
}
if($p == "MedalCount") {
medalCount();
}
if($p == "TourneyStaff") {
dispTourneyStaff();
}
if($p == "Days") {
days();
}
if($p == "News") {
dispNews("public", $numrank);
}
if($p == "ChatBoard") {
dispNews(chatboard, $numrank);
}
if($p == "PastWars") {
dispWars();
}
if($p == "Download") {
dispDownloads($dl);
}
if($p == "SmurfNames") {
dispSmurfs();
}
if($p == "IARequest") {
dispIA();
}
if($p == "Forum") {
echo "
<table align='center' border='0' cellspacing='0' cellpadding='0'>
<tr>
<td class='main'><b><a href='$forumurl' target='_blank'>Enter the Forum</a></td></tr></table>";
}
if($p == "Profile") {
membersOnline();
$ipaddress = "Logged";
dispProfile($user);
}
if($p == "Members" AND $sort != "1") {
highDSL();
dispMembers();
}
if($p == "Members" AND $sort == "1") {
highDSL();
sortMembers($sortby);
}
if($p == "TrialMembers") {
highDSL();
dispTrialMembers($g);
}
if($p == "IAMembers") {
dispIAMembers();
}
if($p == "HallofFame") {
dispHall(Fame);
}
if($p == "HallofShame") {
dispHall("HallofShame");
}
if($p == "Heros") {
dispHall("Heros");
}
if($p == "MOM") {
dispHall("MOM");
}
if($p == "ClanLegends") {
dispHall("ClanLegends");
}
if($p == "Tournaments") {
dispTourny();
}
if($p == "TourneyInfo") {
dispTournyInfo($idnum);
}
if($p == "Squads") {
dispSquads();
}
if($p == "SquadInfo") {
dispSquadInfo($squad);
}
if($p == "Medals") {
dispMedals();
}
if($p == "Ranks") {
dispRanks();
}
if($p == "Rules") {
dispRules();
}
if($p == "LostPassword") {
lostPassword();
}
if($p == "Diplomacy") {
dispDiplomacy();
}
if($p == "DiplomacyInfo") {
diplomacyInfo($clanid);
}
if($p == "TopMembers") {
topMembers($top);
}
if($p == "History") {
dispHistory();
}
if($p == "Search") {
search($box);
}
if($p == "Calender") {
dispCalender($m, $y);
}
if($p == "CalenderEvent") {
dispCalenderEvents($d, $m, $y);
}
if($p == "UTheif") {
killSite();
}
copyright();
include("bottom.html");
?><?PHP
Kudose
05-22-2007, 12:04 AM
Brad: Thanks for your post too. I made mine while you were posting.
etully
05-22-2007, 05:43 AM
So can someone help me decrypt it?
Weedpacket
05-22-2007, 05:11 PM
This is starting to look like a pretty effective encryption technique :evilgrin:
bradgrafelman
05-22-2007, 05:27 PM
Why stop at 20, Weedpacket? :p
madwormer2
05-22-2007, 05:33 PM
Surely this all puts unnecessary load on the server?
bradgrafelman
05-22-2007, 05:36 PM
I'm sure at some point it becomes noticable, but keep in mind that other (more secure) techniques (e.g. Zend Encoder) have to decode their encoded data, too.
EWord
06-12-2007, 06:13 PM
Hello,
I have this attached file can you help me decode it?
Horizon88
11-27-2007, 07:14 PM
You do realize the last post in this thread is from JUNE, correct?
Thanks very much Horizon88
alifaan
11-28-2007, 01:08 PM
Can some 1 help me to decode this
bradgrafelman
11-28-2007, 01:36 PM
This thread is full of discussion and code snippets suggesting methods of decoding the encrypted text (ex. changing eval() to echo()); I would recommend you re-read the thread.
Horizon88
11-28-2007, 08:23 PM
Could you lock this or something, brad? People keep coming in and just adding their questions onto the end without actually doing anything. :/
bradgrafelman
11-29-2007, 01:20 AM
Actually, I agree;
PHP Builder
Copyright Internet.com Inc. All Rights Reserved.