Waraxe IT Security Portal
Login or Register
November 21, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 83
Members: 0
Total: 83
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PHP script decode requests -> Codelock Script Help Pls....
Post new topicReply to topic View previous topic :: View next topic
Codelock Script Help Pls....
PostPosted: Tue Mar 22, 2011 5:40 am Reply with quote
nvision
Regular user
Regular user
Joined: Mar 22, 2011
Posts: 7
Location: CyberSpace




Man, I have been searching for this site for ages!!! Very Happy

I have a script that is kicking my butt. I think it is codelock
encrypted which is suppose to be the easiest code to crack.

Maybe they have included something else along side of codelock.

Will someone take a look at this script and see if you can give me some
help decoding it? I'm not sure if it is the tmm.php, update.php or another
file that is calling home asking for the license, but there are 2 or 3 that have been codelocked.

Code:
http://dl.dropbox.com/u/22302894/Script/functions.php
http://dl.dropbox.com/u/22302894/Script/index.php
http://dl.dropbox.com/u/22302894/Script/tmm.php
http://dl.dropbox.com/u/22302894/Script/update.php
http://dl.dropbox.com/u/22302894/Script/dripfeeder.php


I tried to decode them, but I get some funky stuff in the output:
Code:

<?php

//////////////////////////////////////////////////////////////////
// Backn[šÈ›ÛÜÝÈ€´‚HÇeµ…Ñ”Ý…äÑ¼µ…­”—'’6–ævÄ4(¼¼‰…­±¥¹¬€ÄÀÀÀ”µ½É powerm[â6\žH&Y½É!
//
// Copyright 2009 - Sean GÛ˜ZÒÒF„5…¹¥Œ5…É­ter
// All riÚÈ—6W'”
//////////////////////////////////////////////////////////////////


/////////////////////////////////////////////////////
// M[˜Ý[ÛœÃB‹ËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËËÈB™[˜Ý–öâÆöG%»siw2‚—°Ð ––b©mõá¥ÍÑÌ Á¥¹Í¥Ñs.txt')){
'[›2Ò ¥±('r[·6—s.txt');
›Ü–6‚‚q¥¹³ \È [™J^ÃB‚BBBI–íÍ¥Õ=trim($n[’“°Ð ’G–æw6—FW5µÓÒ&‡GG¢òò"âG%»siuNÃB‚BB_BBCB‚BBIÛ…¹±¥ÍÐõ…ÉÉ…å}Õ¹¥Åå($pingsit\ÊNÂBBBCB‚BB\™]&âF6ÆVæÆ—7C°Ð —ÖVÇ6W°Ð –W'&÷"‚$6÷VЁ¹½Ð[™–íÍ¥Ü˝›Üˆ–쁱¥ÍЈ¤ì4(%ô4)ô4(4(4)µnction#ØY[™ÜÚ]76½ÉÐ ¥ì4(%¥˜€¡™¥±•}¸ists('r[·6—sshort.txt')){
'[›2Ò ¥±('r[·6—sshort.txt');
foreach ($n[—22q¥¹”¥ì4($$$$‘Á¥¹Í¥Ñ=trim($line);
$r[·6—s[]="http://".$pingsitNÃB‚BB_BBCB‚BBI6Å…¹¹st=arra{Ý[š\]YJ [™ÜÚ]\ÊNÂBBBCB‚BB\›GW&âF6ánlist;
}kÛ°Ð –ÉÉ½È ‰
½ì›Ý&–Á¥¹Í¥Ñsskܝ &÷"–æråÍЈ¤ì4(%ô4)ô4(4*{˜Ý[Ûˆ6Ñ}½¹Ñ•¹ÑÌ ‘™¥±•¹…µ, &[˜Ü]‚ÒfÇ4°€‘ɕͽÕɍ•}½¹Ñ•áЀô¹Õ±°¤4)ì4(€€€€€€€€€‰f (falsHOOH €ô‚op[ ¥»˜[YK ܘ‰Ë [˜ÜF‚’’°Ð¢G&•É}•ÉÉ½È ŸmØÛ۝[Ê
H&–ä to#Üâ7G%…´è9¼ÍՍ [R÷" rXÝÜžIËõM_WARNING);
r]\›ˆ&Ç6S°Ð¢ÐТ�Т
±arstatØXÚJ
NÃBˆYˆ
œÚ^’Òf–ÆW6—¤ ’il[˜[YJJHÃBˆ ]HH'&VB‚h, $œÚ^™JNÃBˆHÇ4ì4(€€€€€€€€€€€€€€‘‘…Ñ„€ô€œœì4(€€€€€€€€€€€€€Ý¡¥±”€ kâ‚I ¤¤ì4(€€€€€€€€€€€€€€€€€€]H Hœš ’h, 8192);
}
}

˜ÛÜÙJ š
NÃBˆ—GW&âQ…Ñ;
}


žæ7F–öâ7ɱ}t_š[=½¹Ñnts($url)
{
$options = array(
CT“ÔÔ‘BNS”ÔH€ôøÑÉÕ, // ret|›ˆÖ"
C$ÄõEô„TDU"Óâ!lse, // don't r]\›ˆ‡'0Т2LOPT_CÓÑS‘ÈOˆˆ‹ ËÈ[™RÆÂ.codings
C$ÄõEõMAGC‚Óâ'7%‘r", // wkÈ[HCBˆÉ1=AQ}Ô‘PU$H€€€€ôøÑÉÕ”°€€€€€¼¼Ít ri—&W"öâ%‘¥É£t
C$ÄõEô4ôääT5ED”ÔTõP€ôø€ÄÈÀ°€€€€€€¼¼Ñ¥µ•½ô#Ûˆ6öææV7@Т5I1=@_TIMEOUOˆ LŒ  ËÈ–Õ½ÕЁ½¸ÉsponsCBˆÉ1=AQ}5aI%IL€€€€€€ôø€ÄÀ°€€€€€€€¼¼Íßp YÈ€ÄÀÉ–\–7G0Т“°Ð ТF6‚Ò
Õɱ}¥¹¥Ð €‘òl );
Ý\›ÜÛF÷Eö'&’‚F6‚ÂF÷F–öç2“°Ð¢M½¹Ñ•¹Ð€ôÕɱ}¸XÊ Ú
NÃBˆ \œˆHß&ÅöW'&æò‚M €¤ì4(€€€€œœ›\òÒ7W&ÅöÉÉ½È €‘ €¤ì4(€€€€‘¨r = Ý\›öÑ¥¹™¼ €“h );
c|›ØÛ÷4 €“h );


Hope someone can help or at least point me in the direction of some proggy that will help.

Thanks
View user's profile Send private message
New Links
PostPosted: Tue Mar 22, 2011 9:54 pm Reply with quote
nvision
Regular user
Regular user
Joined: Mar 22, 2011
Posts: 7
Location: CyberSpace




I see that everyone is using pastebin for their files, so I decided to include
my links there. Just in case everyone is not familiar with dropbox.

Code:
http://pastebin.com/jH2MVe4W

http://pastebin.com/SLuGALN5

http://pastebin.com/RXhtbgVb

http://pastebin.com/DAx1pWxc


Maybe this will make it easier to access the code.

Thanks
View user's profile Send private message
PostPosted: Wed Mar 23, 2011 1:21 am Reply with quote
tsabitah
Valuable expert
Valuable expert
Joined: Jul 07, 2010
Posts: 328
Location: surabaya




index.php
Code:
<?php
//////////////////////////////////////////////////////////////////
// Backlink Booster - The ultimate way to make every single
// backlink 1000% more powerful than every before!
//
// Copyright 2009 - Sean Donahoe - The Manic Marketer
// All rights reserved
//////////////////////////////////////////////////////////////////
// if the config does not exists, redirect to install.php
if (!file_exists("config.php")) {
header('Location: install.php');
exit;
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Backlink Booster</title>
<link rel="stylesheet" href="style.css" type="text/css" media="screen" />
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
</head>
<body>
<img src="images/blblogo.png">
<h1>Boost Your SEO and Each Backlink's Potential Value</h1>
<?php
require_once("config.php");
$hostname = strtolower(gethost());
$hostname = str_replace("www.", "", $hostname);
$hostelements = explode(".", $hostname);
$primaryhost = $hostelements[0];
if (file_exists($primaryhost . ".key")) {
$key = get_contents($primaryhost . ".key");
if (empty($key)) {
error("Your license file appears to be empty");
}
} else {
error("Could not find the license key " . $primaryhost . ".key");
}
//sets up an instance of the class
$crypt = new crypt;
//assigns an encryption key to the instance
$crypt->crypt_key("elephantsonparade");
//encrypts the data using the key
$keystring = $crypt->decrypt($key);
$keyparts = explode("|", $keystring);
// Check valid domains
$validdomains = explode(",", $keyparts[1]);
if (!in_array($hostname, $validdomains)) {
$licenceddomains = implode(", ", $validdomains);
error("This is an invalid copy of this script as it is only licenced for use on the following domains:<BR>" . $licenceddomains);
}
$tid = $keyparts[0];
$encrptedkey = $crypt->encrypt($key);
$licensecheck = curl_get_file_contents("http://themanicmarketer.com/blbcheck.php?c=" . urlencode($encrptedkey));
if ($licensecheck == "Invalid Key") {
error("Key is invalid or expired");
} else {
// Remeber this is double encrypted
$firststrip = $crypt->decrypt($licensecheck);
$rtid = $crypt->decrypt($firststrip);
if ($rtid != $tid) {
error("License Check Failed");
}
}
// Check the install script is not in place...
if (file_exists("install.php")) {
error("Please delete the install.php file as it presents a security risk if left in place.");
}
if (empty($_REQUEST["url"]) || empty($_REQUEST["skey"])) {
error("It looks like you did not press the button yet...");
}
$skey = urldecode($_REQUEST["skey"]);
if ($skey != $secretkey) {
error("Did You Press The Button? Check Your Button and the SKEY Per The Instructions...");
}
$url = urldecode($_REQUEST["url"]);
$title = urldecode($_REQUEST["title"]);
$description = urldecode($_REQUEST["description"]);
// Now, which step are we on?
$action = $_REQUEST["action"];
switch ($action) {
case 1:
$pingsites = loadpingsites();
processit();
break;
default:
getdata();
}
function getdata()
{
global $description, $url, $title, $db, $skey, $keywords, $spindescription, $spintitle;
title("Checking Data For Your Link...");
info("Title", $title);
info("URL", "<a href='$url'>$url</a>");
if (empty($url)) {
error("No url referred... exiting");
}
$timestamp = $db->get_var("select timestamp from blbooster where link='" . addslashes("$url") . "'");
if ($timestamp) {
error("This link already exists in the database... exiting");
}
/////////////////////////////////////////////////////
// Get Site Details....
/////////////////////////////////////////////////////
$result = getUrlData($url);
if (empty($title)) {
$title = $result["title"];
}
$description = $result["metaTags"]["description"]["value"];
if (empty($title) || empty($description)) {
$mainurl = "http://" . parse_url($url, PHP_URL_HOST);
$result = getUrlData($mainurl);
if (empty($description)) {
$description = $result["metaTags"]["description"]["value"];
$tags = $result["metaTags"]["keywords"]["value"];
}
if (!empty($title)) {
$title = $result["title"];
}
}
// If that did not do it them lets build from our base list of fill ins
if (empty($title)) {
info("Title", "Creating New Title As Could Not Get One From Site");
$mainurl = "http://" . parse_url($url, PHP_URL_HOST);
// Keyword builder...
$rkeywords = explode(",", $keywords);
shuffle($rkeywords);
// Description builder...
$tkeyword = array_pop($rkeywords);
shuffle($spintitle);
$title = array_pop($spintitle);
$host = $mainurl;
$swaphost = str_replace("http://", "", $mainurl);
$swaphost = str_replace("www.", "", $swaphost);
$swaphost = ucwords(strtolower($swaphost));
$title = str_replace("%%KEYWORD%%", $tkeyword, $title);
$title = str_replace("%%HOST%%", $swaphost, $title);
$title = spinit($title);
}
// If that did not do it them lets build from our base list of fill ins
if (empty($description) || strlen($description) < 50) {
$sitecontents = getUrlContents($url);
$description = first_sentence($sitecontents);
info("Description", "Creating New Description As Could Not Get One From Site");
// If we still could not get one then lets try the homepage!
if (empty($description) || strlen($description) < 50) {
$mainurl = "http://" . parse_url($url, PHP_URL_HOST);
$sitecontents = getUrlContents($mainurl);
$description = first_sentence($sitecontents);
if (empty($description) || strlen($description) < 50) {
// Keyword builder...
$rkeywords = explode(",", $keywords);
shuffle($rkeywords);
// Description builder...
$tkeyword = array_pop($rkeywords);
shuffle($spindescription);
$description = array_pop($spindescription);
$host = $mainurl;
$swaphost = str_replace("http://", "", $mainurl);
$swaphost = str_replace("www.", "", $swaphost);
$swaphost = ucwords(strtolower($swaphost));
$description = str_replace("%%KEYWORD%%", $tkeyword, $description);
$description = str_replace("%%HOST%%", $swaphost, $description);
$description = spinit($description);
}
}
}
$description = trim(preg_replace('/\s\s+/', ' ', $description));
$title = trim(preg_replace('/\s\s+/', ' ', $title));
$url = trim(preg_replace('/\s\s+/', ' ', $url));
title("Confirm The Links Information");
?>

<form name="boostit" method="post" action="index.php" style="margin:0px;">
<table width="600" border="0" cellspacing="0" cellpadding="10">
<tr>
<td width="60" valign=top><strong>Title:</strong></td>
<td width="auto" valign=top><input type="text" name="title" value="<?php
echo $title;
?>" class="tinput" style="width:100%;"></td>
</tr>
<tr>
<td valign=top><strong>Description:</strong></td>
<td valign=top><textarea name="description" rows="5" style="width:100%" class="tinput"><?php
echo $description;
?></textarea><BR><small><B>Recommended</B> - 200 characters or more and use your keywords where possible</small></td>
</tr>
<tr>
<td colspan="2"><div align="center"><input type="image" src="images/letsrock.png" name=submit value=submit ></div></td>
</tr>
</table>
<input type="hidden" name="url" value="<?php
echo urlencode($url);
?>">
<input type="hidden" name="skey" value="<?php
echo urlencode($skey);
?>">
<input type="hidden" name="action" value="1">
</form>
<?php
}
function processit()
{
global $description, $url, $title, $db, $skey, $pingsites, $pingfm_enable, $onlywire_enable, $pinging_enable;
// Quick Validation
if (empty($url)) {
error("There is no URL to Process...");
}
if (empty($title)) {
error("The title is empty, please go back and make sure you added one");
}
if (empty($description)) {
error("There is no description, please go back and add one!");
}
title("Adding Link To The Database For Promotion");
// Clean The Data...
$description = preg_replace('/\s\s+/', ' ', $description);
$title = preg_replace('/\s\s+/', ' ', $title);
$url = preg_replace('/\s\s+/', ' ', $url);
info("URL", $url);
info("Title", $title);
info("Description", $description);
$id = $db->get_var("select id from blbooster where 1 order by id desc");
$cid = $id + 1;
$db->query("insert into blbooster values ($cid,'" . addslashes($url) . "','" . addslashes($title) . "','" . addslashes($description) . "','" . time() . "' ); ");
subtitle("Successfully Added Site To Database");
if ($pinging_enable == "Y") {
title("Pinging The URL To Make Sure It Gets Indexed Quickly");
pingit($url, urlencode($title), $pingsites);
}
if ($pingfm_enable == "Y") {
title("Sending This Link Directly To Ping.FM For Web 2.0 Transmission");
pingfmit($description, $title, $url);
}
if ($onlywire_enable == "Y") {
title("If you have an Onlwire Account You Can Social Bookmark This Link Now...");
info("", "Auto Social Bookmarking: <B><a target='_blank' href=\"http://onlywire.com/b/bmnoframe?u=" . rawurlencode($url) . "&t=" . rawurlencode($title) . "\">Submit This To Onlywire Now >></a></b>");
}
title("Saving URL To URL List for Import To Social Bookmarking Systems");
saveit($url);
title("All Done... That Backlink Was Officially Boosted!");
info("", "Check your <a href='blbrss.php'><B>Backlink Booster RSS Feed</B></a> here<BR><BR><BR>");
}
footer();
?>


</body>
</html>



_________________
http://sms-internet.biz
View user's profile Send private message Visit poster's website
PostPosted: Wed Mar 23, 2011 1:30 am Reply with quote
nvision
Regular user
Regular user
Joined: Mar 22, 2011
Posts: 7
Location: CyberSpace




Damn Shocked ....thanks tsabitah!!!

That is awesome looking out my friend. Do you think that this
thing can be nulled? I think that the tmm.php is calling home for
verification of license.

Again, thank you so much. I really love this place Very Happy
View user's profile Send private message
PostPosted: Wed Mar 23, 2011 1:31 am Reply with quote
tsabitah
Valuable expert
Valuable expert
Joined: Jul 07, 2010
Posts: 328
Location: surabaya




update.php:http://pastebin.com/PwYV04Mj
functions.php:http://pastebin.com/69x9Veuz
dripfeeder.php:http://pastebin.com/fanwQDr8

_________________
http://sms-internet.biz
View user's profile Send private message Visit poster's website
PostPosted: Wed Mar 23, 2011 1:37 am Reply with quote
nvision
Regular user
Regular user
Joined: Mar 22, 2011
Posts: 7
Location: CyberSpace




Jeeze man you're fast. What are you using to decode?

I have been trying to find codelock 2.7 but to no avail.

Now I just need to figure out how to null this sucker and
I'll be flying straight. Holding up some of my marketing
campaigns.

Trying to learn more of this so I can be of help to someone
else.

Thanks my friend.
View user's profile Send private message
PostPosted: Wed Mar 23, 2011 2:49 am Reply with quote
nvision
Regular user
Regular user
Joined: Mar 22, 2011
Posts: 7
Location: CyberSpace




Were you able to crack the tmm.php file?

I'm not sure if it is needed, but there is a codelock on
it, so they're trying to hide something. Twisted Evil
View user's profile Send private message
PostPosted: Wed Mar 23, 2011 3:31 am Reply with quote
johnburn
Advanced user
Advanced user
Joined: Jan 14, 2011
Posts: 199
Location: Malaysia




nvision wrote:
Were you able to crack the tmm.php file?

I'm not sure if it is needed, but there is a codelock on
it, so they're trying to hide something. Twisted Evil

tmm.php is the loader to decode all of the other files you give.
View user's profile Send private message
PostPosted: Wed Mar 23, 2011 5:22 am Reply with quote
nvision
Regular user
Regular user
Joined: Mar 22, 2011
Posts: 7
Location: CyberSpace




johnburn wrote:
nvision wrote:
Were you able to crack the tmm.php file?

I'm not sure if it is needed, but there is a codelock on
it, so they're trying to hide something. Twisted Evil

tmm.php is the loader to decode all of the other files you give.


Thanks John....I kind of figured that, but wasn't sure. So if I find a way to
keep this baby from checking for a valid license, I can just leave the tmm.php file in place.

While I was trying to crack this one, he came out with another version Mad
I got the latest version and maybe it can be installed without any trouble if
I get this one nulled.

That's why I want to learn to crack these suckers myself. You guys make it seem so easy. I was told that codelock 2.7 will decode any scripts encoded with codelock. I think I know where I can get a copy, but useless if I don't know how to use it. Can't find any tuts anywhere.
View user's profile Send private message
PostPosted: Thu Mar 24, 2011 1:47 am Reply with quote
johnburn
Advanced user
Advanced user
Joined: Jan 14, 2011
Posts: 199
Location: Malaysia




nvision wrote:

Thanks John....I kind of figured that, but wasn't sure. So if I find a way to
keep this baby from checking for a valid license, I can just leave the tmm.php file in place.

While I was trying to crack this one, he came out with another version Mad
I got the latest version and maybe it can be installed without any trouble if
I get this one nulled.

That's why I want to learn to crack these suckers myself. You guys make it seem so easy. I was told that codelock 2.7 will decode any scripts encoded with codelock. I think I know where I can get a copy, but useless if I don't know how to use it. Can't find any tuts anywhere.

You can nulled the script quite easily (remove protection, callback etc) after you had decoded it Smile
View user's profile Send private message
PostPosted: Thu Mar 24, 2011 4:23 am Reply with quote
nvision
Regular user
Regular user
Joined: Mar 22, 2011
Posts: 7
Location: CyberSpace




Thanks John....

So I can use codelock 2.7 to decode this new version, correct?

Wait a minute... I think they switched from codelock to ioncube with this
version. Could you take a look and see if I'm correct?

Code:
index: http://pastebin.com/R5xB1tJR

functions: http://pastebin.com/w2Ri9U0J

dripfeeder: http://pastebin.com/Nct5LNtH



Thanks so much John. When I get this sucker to working, I can get on with my business.
View user's profile Send private message
Codelock Script Help Pls....
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.039 Seconds