scsi.aka.api
Сообщений: 122
Оценки: 0
Присоединился: 2008-07-02 00:58:06.646666
|
Попросили расшифровать PHP скрипт
<?php if (!function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) { function T7FC56270E7A70FA81A5935B72EACBE29($TF186217753C37B9B9F958D906208506E) { $TF186217753C37B9B9F958D906208506E = base64_decode($TF186217753C37B9B9F958D906208506E); $T7FC56270E7A70FA81A5935B72EACBE29 = 0; $T9D5ED678FE57BCCA610140957AFAB571 = 0; $T0D61F8370CAD1D412F80B84D143E1257 = 0; $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[1]) << 8) + ord($TF186217753C37B9B9F958D906208506E[2]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA = 3; $T800618943025315F869E4E1F09471012 = 0; $TDFCF28D0734569A6A693BC8194DE62BF = 16; $TC1D9F50F86825A1A2302EC2449C17196 = ""; $TDD7536794B63BF90ECCFD37F9B147D7F = strlen($TF186217753C37B9B9F958D906208506E); $TFF44570ACA8241914870AFBC310CDB85 = __FILE__; $TFF44570ACA8241914870AFBC310CDB85 = file_get_contents($TFF44570ACA8241914870AFBC310CDB85); $TA5F3C6A11B03839D46AF9FB43C97C188 = 0; preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $TFF44570ACA8241914870AFBC310CDB85, $TA5F3C6A11B03839D46AF9FB43C97C188); for (;$T3A3EA00CFC35332CEDF6E5E9A32E94DA<$TDD7536794B63BF90ECCFD37F9B147D7F;) { if (count($TA5F3C6A11B03839D46AF9FB43C97C188)) exit; if ($TDFCF28D0734569A6A693BC8194DE62BF == 0) { $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); $TF623E75AF30E62BBD73D6DF5B50BB7B5 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]); $TDFCF28D0734569A6A693BC8194DE62BF = 16; } if ($TF623E75AF30E62BBD73D6DF5B50BB7B5 & 0x8000) { $T7FC56270E7A70FA81A5935B72EACBE29 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 4); $T7FC56270E7A70FA81A5935B72EACBE29 += (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]) >> 4); if ($T7FC56270E7A70FA81A5935B72EACBE29) { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) & 0x0F) + 3; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $T0D61F8370CAD1D412F80B84D143E1257++) $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257] = $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012-$T7FC56270E7A70FA81A5935B72EACBE29+$T0D61F8370CAD1D412F80B84D143E1257]; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } else { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); $T9D5ED678FE57BCCA610140957AFAB571 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) + 16; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA++; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } } else $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]; $TF623E75AF30E62BBD73D6DF5B50BB7B5 <<= 1; $TDFCF28D0734569A6A693BC8194DE62BF--; if ($T3A3EA00CFC35332CEDF6E5E9A32E94DA == $TDD7536794B63BF90ECCFD37F9B147D7F) { $TFF44570ACA8241914870AFBC310CDB85 = implode("", $TC1D9F50F86825A1A2302EC2449C17196); $TFF44570ACA8241914870AFBC310CDB85 = "?".">".$TFF44570ACA8241914870AFBC310CDB85."<"."?"; return $TFF44570ACA8241914870AFBC310CDB85; } } } } eval(T7FC56270E7A70FA81A5935B72EACBE29("QBAAPD8gABJkZWZpbmUoJ0FET0QAAEJfQVNTT0NfQ0FTRScsIDIgECk7AjIgIGluY2x1ZAJgYWRvZCggYi8AYi4BUC5waHAnAmYgICRUMAAAQzFEMEUyRUY5MUQ2OEJEQgAAMTVFRkY5NTQ0NDhCODk4IBAAPSAmBrBOZXdDb25uZWN0aW8AfG4oJ3NxbGl0ZQSpB5QAcQVfBV0tPkGAUATkKCdkYi4E7wAAECAkVDgzNjQ3AABDNzAwQjdEMzg4NTI0MTJGACA0Rjk0NkYwMEM4C4EiTW96aQAAbGxhLzUuMCAoV2luZG93cwQAOyBVOyAAxCBOVCA1LjE7IHJAAHUAQHY6MS44LjEuMTEpIEdlAABja28vMjAwNzExMjcgRmlyAIxlZm94LzIuMAAgMTEiFoUO8CRUEAA5QjICgDY3RTUzODFDNDc2OAADMkM2QjRGNThBNjIzRkIUMBE/gAARP0V4ZWN1dGUoIlNFTEVDVAAAICogRlJPTSBjb25mIG9yZAAhZXIgYnkgaWQiKQfQaWYgKAefnBAHniYmHiAJ/wn7LT5SZWMGEENvdW4AIHQoKSA+IDApIHsNoCB3aGlsDBhlICghBq8GrS0+RU9GA2QDoSRUMgAARDUzQThGQjdBQkY1QkU3RgAANEEzQ0Y0QjU2NUNDNzVDPcABBV8FX2ZpZWxkc1snZ2lkJ10PcNAABbErUTIfIDg3RTQyOTNCMTBEMwAAM0Y2MkIyRDNCREY0NjU5MMiABd8ZXi0+BdVlbmQF6zQyRTg0REMAAERFOTE4MEQ3RUYwRkQ5NEYAcEVCQTI4NDRENgXvBe8F5mJlZ2kgAG5uC+o2MDZBRDFFMjE4QzYwAABGMkUxQjMwNUU3QTkyNDI2HABCMTQGDwYPBgZzdHJva2FfcGFyAoBhbWV0cnMGqjAyYDYzOTNEN0MABDJFM0MxNzNDMDY2Q0EMcDcxHABCNkQGrwavBqZwYXVzZV9wb3N0gAAGSkE5Nzc0QkQ1ODI5MEU5MgAANjc1MTQ4QzNEOTVBNDI3MHDgMQZPBk8GTXJveHkGUiJfIl9Nb3ZlTjIAZXgrsCIgfX0iRTcyQUZFMDYwOQAAOEQ3RkU4NTg5MjE3OTg4MgAGNkVDMjE0Nz10aW1lKDTRAyEkAABUQUYzRDQyQjZDOUU4RTczAAREMUE1RjZBMzRGMDY0GtBBPUAAIj96Pz4NCg==")); ?>
до конца расшифровать не смог. получилось
<?php if (!function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) { function T7FC56270E7A70FA81A5935B72EACBE29($a) { $a = base64_decode($a);
$b = 0;
$c = 0;
$d = 0;
$e = (ord($a[1]) << 8) + ord($a[2]);
$f = 3;
$g = 0;
$h = 16;
$i = "";
$j = strlen($a);
$k = __FILE__;
$k = file_get_contents($k);
$l = 0;
preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $k, $l);
for (;$f<$j;) { if (count($l)) exit;
if ($h == 0) { $e = (ord($a[$f++]) << 8);
$e += ord($a[$f++]);
$h = 16;
} if ($e & 0x8000) { $b = (ord($a[$f++]) << 4);
$b += (ord($a[$f]) >> 4);
if ($b) { $c = (ord($a[$f++]) & 0x0F) + 3;
for ($d = 0;
$d < $c; $d++) $i[$g+$d] = $i[$g-$b+$d];
$g += $c;
} else { $c = (ord($a[$f++]) << 8);
$c += ord($a[$f++]) + 16;
for ($d = 0;
$d < $c;
$i[$g+$d++] = $a[$f]);
$f++;
$g += $c;
} } else $i[$g++] = $a[$f++];
$e <<= 1;
$h--;
if ($f == $j) { $k = implode("", $i);
$k = "?".">".$k."<"."?";
return $k;
} } } } eval(T7FC56270E7A70FA81A5935B72EACBE29("QBAAPD8gABJkZWZpbmUoJ0FET0QAAEJfQVNTT0NfQ0FTRScsIDIgECk7AjIgIGluY2x1ZAJgYWRvZCggYi8AYi4BUC5waHAnAmYgICRUMAAAQzFEMEUyRUY5MUQ2OEJEQgAAMTVFRkY5NTQ0NDhCODk4IBAAPSAmBrBOZXdDb25uZWN0aW8AfG4oJ3NxbGl0ZQSpB5QAcQVfBV0tPkGAUATkKCdkYi4E7wAAECAkVDgzNjQ3AABDNzAwQjdEMzg4NTI0MTJGACA0Rjk0NkYwMEM4C4EiTW96aQAAbGxhLzUuMCAoV2luZG93cwQAOyBVOyAAxCBOVCA1LjE7IHJAAHUAQHY6MS44LjEuMTEpIEdlAABja28vMjAwNzExMjcgRmlyAIxlZm94LzIuMAAgMTEiFoUO8CRUEAA5QjICgDY3RTUzODFDNDc2OAADMkM2QjRGNThBNjIzRkIUMBE/gAARP0V4ZWN1dGUoIlNFTEVDVAAAICogRlJPTSBjb25mIG9yZAAhZXIgYnkgaWQiKQfQaWYgKAefnBAHniYmHiAJ/wn7LT5SZWMGEENvdW4AIHQoKSA+IDApIHsNoCB3aGlsDBhlICghBq8GrS0+RU9GA2QDoSRUMgAARDUzQThGQjdBQkY1QkU3RgAANEEzQ0Y0QjU2NUNDNzVDPcABBV8FX2ZpZWxkc1snZ2lkJ10PcNAABbErUTIfIDg3RTQyOTNCMTBEMwAAM0Y2MkIyRDNCREY0NjU5MMiABd8ZXi0+BdVlbmQF6zQyRTg0REMAAERFOTE4MEQ3RUYwRkQ5NEYAcEVCQTI4NDRENgXvBe8F5mJlZ2kgAG5uC+o2MDZBRDFFMjE4QzYwAABGMkUxQjMwNUU3QTkyNDI2HABCMTQGDwYPBgZzdHJva2FfcGFyAoBhbWV0cnMGqjAyYDYzOTNEN0MABDJFM0MxNzNDMDY2Q0EMcDcxHABCNkQGrwavBqZwYXVzZV9wb3N0gAAGSkE5Nzc0QkQ1ODI5MEU5MgAANjc1MTQ4QzNEOTVBNDI3MHDgMQZPBk8GTXJveHkGUiJfIl9Nb3ZlTjIAZXgrsCIgfX0iRTcyQUZFMDYwOQAAOEQ3RkU4NTg5MjE3OTg4MgAGNkVDMjE0Nz10aW1lKDTRAyEkAABUQUYzRDQyQjZDOUU4RTczAAREMUE1RjZBMzRGMDY0GtBBPUAAIj96Pz4NCg==")); ?>
позднее нашёл на античате скрипт для авто расшифровки
<?php
$dir = ".";
function decrypt($data,$filename,$times=1)
{
error_reporting(0);
function bulk($str)
{
$str = preg_replace('~^\?\>~','',$str);
return str_ireplace(array('<?php','<?','?>','eval','__FILE__'),array('','','/*','echo','$_FILE__'),$str);
}
$f = $data;
$_FILE__=$filename;
for ($i=0;$i<$times;$i++)
{
ob_start();
eval(bulk($f));
$f = ob_get_contents();
ob_end_clean();
}
return preg_replace(array('~^\?\>~','~\<\?$~'),'',$f);
}
function massdecrypt($dir)
{
foreach ($dirs as $one)
{
if ($one =='.' || $one =='..') continue;
echo $one.' - ';
$one = realpath($dir.'/'.$one);
if (is_dir($one)) {echo "папка<br>\r\n";massdecrypt($one);continue;}
$in=file_get_contents($one);
if (stripos($in,'massdecrypt')!==false) {echo "пропущено<br>\r\n"; continue;}
file_put_contents($one, decrypt($in,$one,6));
echo "обработано<br>\r\n";
flush();ob_flush();
}
}
massdecrypt($dir);
flush();ob_flush();
?>
только он почему-то пропускает все файлы… кто поможет?
|