问题
I want to decode this code. I have no idea what it is, except that it is some kind of code. Can someone help me please?
<?php if (!function_exists("T7FC56270E7A70FA81A5935B72EACBE29"))
{
function T7FC56270E7A70FA81A5935B72EACBE29($TF186217753C37B9B9F958D906208506E)
{
$TF186217753C37B9B9F958D906208506E = base64_decode($TF186217753C37B9B9F958D906208506E);
$T7FC56270E7A70FA81A5935B72EACBE29 = 0;
$T9D5ED678FE57BCCA610140957AFAB571 = 0;
$T0D61F8370CAD1D412F80B84D143E1257 = 0;
$TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[1]) << 8) + ord($TF186217753C37B9B9F958D906208506E[2]);
$T3A3EA00CFC35332CEDF6E5E9A32E94DA = 3;
$T800618943025315F869E4E1F09471012 = 0;
$TDFCF28D0734569A6A693BC8194DE62BF = 16;
$TC1D9F50F86825A1A2302EC2449C17196 = "";
$TDD7536794B63BF90ECCFD37F9B147D7F = strlen($TF186217753C37B9B9F958D906208506E);
$TFF44570ACA8241914870AFBC310CDB85 = __FILE__;
$TFF44570ACA8241914870AFBC310CDB85 = file_get_contents($TFF44570ACA8241914870AFBC310CDB85);
$TA5F3C6A11B03839D46AF9FB43C97C188 = 0;
preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $TFF44570ACA8241914870AFBC310CDB85, $TA5F3C6A11B03839D46AF9FB43C97C188);
for (;$T3A3EA00CFC35332CEDF6E5E9A32E94DA<$TDD7536794B63BF90ECCFD37F9B147D7F;)
{
if (count($TA5F3C6A11B03839D46AF9FB43C97C188))
exit;
if ($TDFCF28D0734569A6A693BC8194DE62BF == 0)
{
$TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8);
$TF623E75AF30E62BBD73D6DF5B50BB7B5 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]);
$TDFCF28D0734569A6A693BC8194DE62BF = 16;
}
if ($TF623E75AF30E62BBD73D6DF5B50BB7B5 & 0x8000)
{
$T7FC56270E7A70FA81A5935B72EACBE29 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 4);
$T7FC56270E7A70FA81A5935B72EACBE29 += (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]) >> 4);
if ($T7FC56270E7A70FA81A5935B72EACBE29)
{
$T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) & 0x0F) + 3;
for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $T0D61F8370CAD1D412F80B84D143E1257++)
$TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257] = $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012-$T7FC56270E7A70FA81A5935B72EACBE29+$T0D61F8370CAD1D412F80B84D143E1257];
$T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571;
}
else{
$T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8);
$T9D5ED678FE57BCCA610140957AFAB571 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) + 16;
for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571;$TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA++; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } } else $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]; $TF623E75AF30E62BBD73D6DF5B50BB7B5 <<= 1; $TDFCF28D0734569A6A693BC8194DE62BF--; if ($T3A3EA00CFC35332CEDF6E5E9A32E94DA == $TDD7536794B63BF90ECCFD37F9B147D7F) { $TFF44570ACA8241914870AFBC310CDB85 = implode("", $TC1D9F50F86825A1A2302EC2449C17196); $TFF44570ACA8241914870AFBC310CDB85 = "?".">".$TFF44570ACA8241914870AFBC310CDB85."<"."?"; return $TFF44570ACA8241914870AFBC310CDB85; } } } } eval(T7FC56270E7A70FA81A5935B72EACBE29("QAAAPGRpdiBzdHlsZT0iY2xlYQAQcjpib3RoOyI+PC8BoD4NCg1ABQoCMmlkPSJmb290ZXIiAVIJAWIACGNsYXNzPSJiaW5mbwMwYSBoAAByZWY9Ijw/cGhwIGVjaG8gAABnZXRfb3B0aW9uKCdob21lAAwnKTsgPz4vIiB0aXQHQQKzYmwhuG9nBEEoJ25hAkUGgSAAGAKvAqU8L2EAAD4gQWxsIHJpZ2h0cyByZXMEAGVydmVkDDUJRGVzaWduZWQgCABieSA8ClVodHRwOi8vd3d3LgAAd2ViaG9zdGluZ3JhbGx5LgBAY29tL1dlYi1IAVMvQnVzaW4IBWVzcy0BWC5odG1sIiA+AcUgAcBgwCADFAkRLiBDb2QHPwcxbW1vaHV0wAIGYQQARnJlZSBNTU9SUEdzA4EgYAp8Cj8KMGNvbnZleWFuYwpQLhSRcwAKb25zYWxlLmNvLnVrBIBDAhggAGBTb2xpY2l0b3IFPw9ncGhvdG8YkGFkcwQ3HOFpZmkLYEFkA6IuIFBvHCB3ZXIBEBOvE6NvcmRwFwBzLm9yZwtwLyI+VwEAUAEBDLEuI+IkhyFiZG9fYUcEYyEDd3BfJTMhUwLsL2JvZHkmwDwvgAAWoT4=")); ?>
回答1:
That's what it looks like when de-obfuscated. As Matti pointed out already, it's a footer, haha. All that bitshifting is done to remove non-printable characters which I have substituted with # in the argument string to the end of the code.
<?php
if (!function_exists("fn")) {
function fn($arg) {
$arg = base64_decode($arg);
$fn = 0;
$x = 0;
$y = 0;
$z = (ord($arg[1]) << 8) + ord($arg[2]);
$i = 3;
$j = 0;
$k = 16;
$str = "";
$strlen = strlen($arg);
$file = __FILE__;
$file = file_get_contents($file);
$matches = 0;
preg_match(/(print|sprint|echo)/, $file, $matches);
for (;$i<$strlen;) {
// THIS LINE HERE'S HILARIOUS!!!
// IT TRYS TO PREVENT ONE FROM ECHOING ANYTHING WITHIN THAT CODE
if (count($matches)) exit;
if ($k == 0) {
$z = (ord($arg[$i++]) << 8);
$z += ord($arg[$i++]);
$k = 16;
}
if ($z & 0x8000) {
$fn = (ord($arg[$i++]) << 4);
$fn += (ord($arg[$i]) >> 4);
if ($fn) {
$x = (ord($arg[$i++]) & 0x0F) + 3;
for ($y = 0; $y < $x; $y++)
$str[$j+$y] = $str[$j-$fn+$y];
$j += $x;
} else {
$x = (ord($arg[$i++]) << 8);
$x += ord($arg[$i++]) + 16;
for ($y = 0; $y < $x; $str[$j+$y++] = $arg[$i]);
$i++;
$j += $x;
}
} else $str[$j++] = $arg[$i++];
$z <<= 1;
$k--;
if ($i == $strlen) {
$file = implode("", $str);
$file = "?".">".$file."<"."?";
return $file;
}
}
}
}
$obfusc = <<<EOT
@##<div style="clea##r:both;"></##>
@#
#2id="footer"#R #b##class="binfo#0a h##ref="<?php echo ##get_option('home##'); ?>/" tit#A##bl!#og#A('na#E## ######</a##> All rights res##erved#5 Designed ##by <
Uhttp://www.##webhostingrally.#@com/Web-H#S/Busin##ess-#X.html" >## ##`# ## #. Cod#?#1mmohut###a##Free MMORPGs## `
|
?
0conveyanc
P.##s#
onsale.co.uk##C## #`Solicitor#?#gphoto##ads#7##ifi#`Ad##. Po# wer######ordp##s.org#p/">W##P####.##$#!bdo_aG#c!#wp_%3!S##/body&#</####>
EOT;
eval(fn($obfusc));
回答2:
It's a footer that belongs to the free WordPress template you downloaded. If you want one without a footer, you have three options:
- Find one
- Make one
- Buy one
(I always find footers like this really cute because they're so easy to get rid of - but it would seem there at least one person who hasn't figured how to do that yet. And the thing even tried to prevent me from decoding it by actively looking for such an attempt!)
回答3:
if its a wordpress footer,
Click on view source and copy footer html in this decoded php, and then just edit it
来源:https://stackoverflow.com/questions/4364009/how-to-decode-this-php-code