thepcguy |
Beginner |
|
|
Joined: Aug 01, 2012 |
Posts: 1 |
|
|
|
|
|
|
|
I've a file that is somehow obfuscated and the support site for it no longer exists. I've been following several posts here and have been able to recover some parts of the code, but hit a roadblock in translating the rest. It appears to be defining a php function as x0b(something,something), but that's either a form feed or the letter b? I'm lost in it!
If someone can clue me in on some tools to use, and how to use them, I probably could manage thru or just unscramble the code for me would be quicker for both of us!
Here's the full php page:
Code: | <?php
$x25="\x63\x68m\x6fd"; $x26="\143\x6c\x65\x61r\163tat\143\x61\x63\x68\145"; $x27="\x65\170pl\157d\x65"; $x28="f\x69\x6c\x65\x5f\x65\x78is\x74\163"; $x29="\x66i\x6c\x65\x5fg\x65\x74\137c\x6f\x6et\145\x6e\x74\x73"; $x2a="\x67\x65\x74\145\x6ev"; $x2b="h\145xd\x65\x63"; $x2c="i\x6d\x61\x67\x65\143olo\x72\x61\x6c\x6co\143\x61te"; $x2d="\151ma\x67\145\x63\162\145\141\x74\145\164\162\x75\145\143\157\154or"; $x2e="\151mag\x65\x66il\x6c\145\144\x72\x65c\164\x61n\147le"; $x2f="\x69\155a\147e\143\157p\x79me\x72\x67\x65"; $x30="\151m\141\x67e\x63\x72e\x61\x74e"; $x31="\x69ma\x67\x65d\145\x73\164\162oy"; $x32="\151\x6da\x67\x65f\x69\x6ct\x65\162"; $x33="\x69m\x61ges\x78"; $x34="\151m\x61ges\171"; $x35="i\155ag\145\163\164\162i\x6e\147"; $x36="s\x74\x72\137\162\145\x70\154\x61\x63\145"; $x37="\163\165\x62\x73\164\162"; $x38="\x75\x6elink";
error_reporting(0);function x0b(&$x0b,$x0c){ global $x25,$x26,$x27,$x28,$x29,$x2a,$x2b,$x2c,$x2d,$x2e,$x2f,$x30,$x31,$x32,$x33,$x34,$x35,$x36,$x37,$x38; $x0d=$x33($x0b);$x0e=$x34($x0b);$x0f=$x2d($x0d,$x0e);$x10=$x2c($x0f,100,50,50);$x2e($x0f,0,0,$x0d,$x0e,$x10);$x2f($x0b,$x0f,0,0,0,0,$x0d,$x0e,$x0c);}function x0c(&$x0b, $x11){ global $x25,$x26,$x27,$x28,$x29,$x2a,$x2b,$x2c,$x2d,$x2e,$x2f,$x30,$x31,$x32,$x33,$x34,$x35,$x36,$x37,$x38; if($x11 == "\x6e\157")return $x0b; elseif($x11 == "n\x65ga\164\145")$x32($x0b, IMG_FILTER_NEGATE); elseif($x11 == "\x67\x72a\171sc\141\x6c\x65")$x32($x0b, IMG_FILTER_GRAYSCALE); elseif($x11 == "\142\x72\151\147\150\164\x6ee\x73\163")$x32($x0b, IMG_FILTER_BRIGHTNESS, 50); elseif($x11 == "\x63\157nt\162\141s\164")$x32($x0b, IMG_FILTER_CONTRAST, 225); elseif($x11 == "\x65dg\x65")$x32($x0b, IMG_FILTER_EDGEDETECT); elseif($x11 == "\142l\165\x72")$x32($x0b, IMG_FILTER_GAUSSIAN_BLUR); elseif($x11 == "em\x62\x6f\x73\x73")$x32($x0b, IMG_FILTER_EMBOSS); elseif($x11 == "s\x6bet\143\150")$x32($x0b, IMG_FILTER_MEAN_REMOVAL); elseif($x11 == "\x73\x65\160\151a") {$x32($x0b, IMG_FILTER_CONTRAST, 25);x0b($x0b, 40); }}$x12 = $x27('x', $_GET['size']);$x13 = array( 'wm_opacity' => 50, 'wm_vrt_alignment' => 'p', 'wm_hor_alignment' => 'c', 'wm_padding' => 0, 'wm_use_truetype' => TRUE, 'dynamic_output' => FALSE, 'orig_width' => $x12[0], 'orig_height' => $x12[1],);require_once 'includes/Image_lib.php';$x14 = new CI_Image_lib($x13); if(!isset($_GET['uploaded_image']) || $_GET['uploaded_image'] == ''){ require_once('includes/gd-gradient.php'); $x15 = new gd_gradient_fill($x12[0],$x12[1],$_GET['grad'], '#'.$x36('%23', '', $_GET['grad_start_color']),'#'.$x36('%23', '', $_GET['grad_end_color']) );$x14->image_type = 3; $x0b = $x15->image;} else{ $x16 = $_GET['uploaded_image']; $x17 = $_GET['uploaded_ext'];if($x28('uploads/'.$x16.'_banner.'.$x17)) {if($x17 == 'gif')$x18 = 1;elseif($x17 == 'jpg' || $x17 == 'jpeg')$x18 = 2;else $x18 = 3; $x14->image_type=$x18; $x0b = $x14->image_create_gd('uploads/'.$x16.'_banner.'.$x17); }}include 'includes/check.php';if(!checkup()){ if(isset($_GET['eba']) and ($_GET['eba'] == 'edge' or $_GET['eba'] == 'blur' or $_GET['eba'] == 'emboss' or $_GET['eba'] == 'sketch' or $_GET['eba'] == 'sepia')) $_GET['eff'] = 'no';}if(isset($_GET['eba'])) x0c($x0b, $_GET['eff']);for($x19 = 0; $x19 < 3; $x19++){ if(!isset($_GET['tx'][$x19]) or $_GET['tx'][$x19] == "") {continue; }$x14->wm_text = $_GET['tx'][$x19]; $x14->wm_font_path = 'fonts/'.$_GET['ff'][$x19].'.ttf'; $x14->wm_font_size = $_GET['fs'][$x19]; $x14->wm_font_color = $_GET['tc'][$x19]; $x14->wm_vrt_percent = 100 - $_GET['vs'][$x19]; $x14->wm_hor_percent = $_GET['hs'][$x19]; if($_GET['sd'][$x19] != 0) {$x14->wm_use_drop_shadow = TRUE;$x14->wm_shadow_color = $_GET['sc'][$x19];$x14->wm_shadow_distance = $_GET['sd'][$x19]; } else { $x14->wm_use_drop_shadow = FALSE; } $x14->wm_text_angle = $_GET['a'][$x19];$x0b = $x14->text_watermark($x0b);}if(!isset($_GET['eba'])) x0c($x0b, $_GET['eff']);if(isset($_GET['bs']) && $_GET['bs'] != 0){ $x1a = $_GET['bs']; $x1b = $x2b($x37($_GET['bc'], 0, 2)); $x1c = $x2b($x37($_GET['bc'], 2, 2)); $x1d = $x2b($x37($_GET['bc'], 4, 2)); $x1e = $x2c($x0b, $x1b, $x1c, $x1d);$x2e($x0b, 0, 0, $x14->orig_width, $x1a - 1, $x1e);$x2e($x0b, $x14->orig_width - $x1a +20, 0, $x14->orig_width, $x14->orig_height, $x1e);$x2e($x0b, 0, $x14->orig_height - $x1a, $x14->orig_width, $x14->orig_height, $x1e);$x2e($x0b, 0, 0, $x1a - 1, $x14->orig_height, $x1e);} if(checkup()){ $x1f = $x29('pro/watermark.info'); $x20 = ''; $x21 = ''; @list($x20, $x21) = $x27('::', $x1f); if($x20 == '') {$x20 = $x2a('SERVER_NAME'); }}else{ $x20 = base64_decode('TWFkZSB3aXRoIEJhbm5lcmRldg==');} if($x21 != 'on'){ $x22 = @$x30($x12[0], 15); $x23 = $x2c($x22, 0, 0, 0); $x2e($x22, 0, 0, $x12[0], 15, $x23); $x24 = $x2c($x22, 255, 255, 255); $x35($x22, 2, 5, 0,$x20, $x24); $x2f($x0b, $x22, 0, $x12[1] - 15, 0, 0, $x12[0], 20, 50);}if(!isset($_GET['save'])){ $x14->image_display_gd($x0b);}else{ if(isset($x17)) {$x18 = $x17; } else {$x18 = 'png'; } $x14->full_dst_path = 'banners/'.$_GET['save'].'.'.$x18;if($x28($x14->full_dst_path))$x38($x14->full_dst_path);$x14->image_save_gd($x0b); @$x25($x14->full_dst_path, 0777);echo 'http://'.$x2a('SERVER_NAME').$x36('wizard.php', '', $x2a('SCRIPT_NAME')).$x14->full_dst_path;}$x31($x0b);if(isset($x15->image)){ $x31($x15->image); } $x26(); |
Much thanks in advance!
[/code] |
|