Waraxe IT Security Portal

:: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools ::

November 18, 2024

Menu

Home

Logout

Discussions

	Forums
	Members List
	IRC chat

Tools

	Base64 coder
	MD5 hash
	CRC32 checksum
	ROT13 coder
	SHA-1 hash
	URL-decoder
	Sql Char Encoder

Affiliates

	y3dips ITsec
	Md5 Cracker
	User Manuals
	AlbumNow

Content

	Content
	Sections
	FAQ
	Top

Info

	Feedback
	Recommend Us
	Search
	Journal
	Your Account

User Info

Membership:

Latest: MichaelSnaRe

New Today: 0

New Yesterday: 0

Overall: 9144

People Online:

Visitors: 67

Members: 0

Total: 67

Full disclosure

SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1

IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PHP script decode requests -> help me to decode this php file
	View previous topic :: View next topic

help me to decode this php file

Posted: Sat Nov 03, 2012 7:27 pm

ace_gishniz

Beginner

Joined: Nov 03, 2012

Posts: 3

hi all.
i have a php file that codded bye zend guard. i decode this with dzender but output file is like:

Quote:

<?php
/*********************/
/* */
/* Dezend for PHP5 */
/* NWS */
/* Nulled.WS */
/* */
/*********************/

class _obfuscate_M3lkbjBsYmU1bjIÿ
{

public function _obfuscate_PGIqMRpcHXcGYWoÿ( )
{
__use( );
}

public function _obfuscate_AWE5NDx3KxR9XmMNeBwfPRlmOzs3ZDIÿ( )
{
( );
( );
( );
( );
( );
}

public function _obfuscate_MxhdfA5sCDtccXMQBXd9JzYKZnoYaRoxbXQÿ( )
{
( );
( );
( );
}

public function _obfuscate_bCsYdmp2KF9AyktW2l6AV8ÿ( )
{
( );
}

function _obfuscate_azw4NSFqYjR4eCAÿ( )
{
}

}

class H32_7cb4adbe4e9ec47f2ef30443f3de8e98
{

public static function h32_6a992d5529f459a44fee58c733255e86( )
{
__user_perms( );
__use( );
__use( );
( );
( );
__log( );
( );
( );
}

public static function h32_76a2173be6393254e72ffa4d6df1030a( )
{
__user_perms( );
__use( );
__use( );
( );
( );
__log( );
( );
( );
}

public static function h32_6d40b16083a3912c6a8031ca723f18e4( )
{
__user_perms( );
__use( );
__use( );
( );
( );
__log( );
( );
( );
}

}

function h32_a8e14caeb5a6ca4519e18b95b32ca8a8( )
{
__use( );
( );
( );
( );
( );
( );
( );
( );
}

?>

anyone can help me to decode this file??
how i can decode this kind of encoding.
tnx

source coded file:
https://rapidshare.com/files/2947881604/coddedByZendGuard.zip

Posted: Sat Nov 03, 2012 7:44 pm

demon

Moderator

Joined: Sep 22, 2010

Posts: 485

here you are but again it has obfuscated funcitons and variables and some encoding problems...

Code:

<?php

class _obfuscate_M3lkbjBsYmU1bjIя
{
public function _obfuscate_PGIqMRpcHXcGYWoя()
{
__use("validator");
}

public function _obfuscate_AWE5NDx3KxR9XmMNeBwfPRlmOzs3ZDIя($_obfuscate_lTa0sgяя)
{
_obfuscate_NWZmd204NDUx::_obfuscate_PGc7bnlxYwяя($_obfuscate_lTa0sgяя['passwd'], "passwd", "Щ„Ш·ЩЃШ§ Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± ЩЃШ№Щ„ЫЊ Ш®Щ€ШЇ Ш±Ш§ Щ€Ш§Ш±ШЇ Щ�Щ…Ш§ЫЊЫЊШЇ");
_obfuscate_NWZmd204NDUx::_obfuscate_ZhgdEQYя($_obfuscate_lTa0sgяя['email'], "email", 1, _obfuscate_MW5oNgяя::_obfuscate_ZhgdEQYя());
_obfuscate_NWZmd204NDUx::_obfuscate_PGc7bnlxYwяя($_obfuscate_lTa0sgяя['fname'], "fname", "Щ„Ш·ЩЃШ§ Щ�Ш§Щ… Ш®Щ€ШЇ Ш±Ш§ Щ€Ш§Ш±ШЇ Щ�Щ…Ш§ЫЊЫЊШЇ");
_obfuscate_NWZmd204NDUx::_obfuscate_PGc7bnlxYwяя($_obfuscate_lTa0sgяя['lname'], "lname", "Щ„Ш·ЩЃШ§ Щ�Ш§Щ… Ш®Ш§Щ�Щ€Ш§ШЇЪЇЫЊ Ш®Щ€ШЇ Ш±Ш§ Щ€Ш§Ш±ШЇ Щ�Щ…Ш§ЫЊЫЊШЇ");
_obfuscate_NWZmd204NDUx::_obfuscate_YWc3KGEy($_obfuscate_lTa0sgяя['mobile'], "mobile");
return !_obfuscate_NmMzbTIя::_obfuscate_cnphKxIcQBMя();
}

public function _obfuscate_MxhdfA5sCDtccXMQBXd9JzYKZnoYaRoxbXQя($_obfuscate_lTa0sgяя)
{
_obfuscate_NWZmd204NDUx::_obfuscate_PGc7bnlxYwяя($_obfuscate_lTa0sgяя['passwd'], "passwd", "Щ„Ш·ЩЃШ§ Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± ЩЃШ№Щ„ЫЊ Ш®Щ€ШЇ Ш±Ш§ Щ€Ш§Ш±ШЇ Щ�Щ…Ш§ЫЊЫЊШЇ");
_obfuscate_NWZmd204NDUx::_obfuscate_aBoSAgop($_obfuscate_lTa0sgяя['newpasswd'], "newpasswd", 5, 16, "ШШЇШ§Щ‚Щ„ Ш·Щ€Щ„ Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± Ыµ Ъ©Ш§Ш±Ш§Ъ©ШЄШ± Ш§ШіШЄ", "ШШЇШ§Ъ©Ш«Ш± Ш·Щ€Щ„ Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± Ы±Ы¶ Ъ©Ш§Ш±Ш§Ъ©ШЄШ± Ш§ШіШЄ");
_obfuscate_NWZmd204NDUx::_obfuscate_cnZoFW52($_obfuscate_lTa0sgяя['newpasswd'], $_obfuscate_lTa0sgяя['rnewpasswd'], "newpasswd", "rnewpasswd");
return !_obfuscate_NmMzbTIя::_obfuscate_cnphKxIcQBMя();
}

public function _obfuscate_bCsYdmp2KF9AyktW2l6AV8я($_obfuscate_lTa0sgяя)
{
if ($_obfuscate_lTa0sgяя['sms_manage'] && !preg_match("/^[a-z0-9]{3,15}\$/", $_obfuscate_lTa0sgяя['secret'])) {
_obfuscate_NmMzbTIя::_obfuscate_bnty("Ш±Щ…ШІ ШЇШіШЄШ±ШіЫЊ Ш§ШІ Ш·Ш±ЫЊЩ‚ ЩѕЫЊШ§Щ…Ъ© Щ…ЫЊШЄЩ€Ш§Щ�ШЇ ШШЇШ§Щ‚Щ„ Ыі Щ€ ШШЇШ§Ъ©Ш«Ш± Ы±Ыµ Ъ©Ш§Ш±Ш§Ъ©ШЄШ± Щ€ ШЄЩ�Щ‡Ш§ ШґШ§Щ…Щ„ ШШ±Щ€ЩЃ a-z Щ€ 0-9 ШЁШ§ШґШЇ", "secret");
}
return !_obfuscate_NmMzbTIя::_obfuscate_cnphKxIcQBMя();
}

function _obfuscate_azw4NSFqYjR4eCAя()
{
}

}

class H32_7cb4adbe4e9ec47f2ef30443f3de8e98
{
public static function h32_6a992d5529f459a44fee58c733255e86()
{
__user_perms("settings_info");
__use("error");
$_obfuscate_yQ_EHUUxOwяя = _obfuscate_MW5oNgяя::_obfuscate_FDwvKj5teAяя();
$_obfuscate_8GtquAяя = __post(array(
"passwd",
"email",
"thumbnail",
"fname",
"lname",
"phone",
"mobile"
), $_obfuscate_yQ_EHUUxOwяя);
if (__ispostback()) {
$_obfuscate__w1VdxjS5Vy7 = new _obfuscate_M3lkbjBsYmU1bjIя();
if ($_obfuscate__w1VdxjS5Vy7->_obfuscate_AWE5NDx3KxR9XmMNeBwfPRlmOzs3ZDIя($_obfuscate_8GtquAяя)) {
__use("helper.users");
$_obfuscate_m2Kuwwяя = fxoqpc90qr2::_obfuscate_bmFxeAtrY1tyamMxQG4mPG0я(_obfuscate_MW5oNgяя::_obfuscate_NTdtAX0я(), $_obfuscate_8GtquAяя['passwd']);
if (!r9::_obfuscate_cXcsL2tcPUAя($_obfuscate_m2Kuwwяя)) {
_obfuscate_NmMzbTIя::_obfuscate_bnty("Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± ЩЃШ№Щ„ЫЊ ШµШЫЊШ Щ�Щ…ЫЊШЁШ§ШґШЇ", "passwd");
} else {
unset($_obfuscate_8GtquAяя['passwd']);
__update("users", $_obfuscate_8GtquAяя, _obfuscate_MW5oNgяя::_obfuscate_Mhsя());
__log("Щ…ШґШ®ШµШ§ШЄ Ш®Щ€ШЇ Ш±Ш§ Щ€ЫЊШ±Ш§ЫЊШґ Ъ©Ш±ШЇ", "[USERINFO]");
__redirect(b::_obfuscate_JV52aGp2dwяя(SELF, ACTION, array(
"success" => 1
)));
}
}
}
a3o::_obfuscate_YnQHJwяя(array(
SELF,
ACTION
), $_obfuscate_8GtquAяя);
}

public static function h32_76a2173be6393254e72ffa4d6df1030a()
{
__user_perms("settings_passwd");
__use("error");
$_obfuscate_8GtquAяя = __post(array(
"passwd",
"newpasswd",
"rnewpasswd"
));
if (__ispostback()) {
$_obfuscate__w1VdxjS5Vy7 = new _obfuscate_M3lkbjBsYmU1bjIя();
if ($_obfuscate__w1VdxjS5Vy7->_obfuscate_MxhdfA5sCDtccXMQBXd9JzYKZnoYaRoxbXQя($_obfuscate_8GtquAяя)) {
__use("helper.users");
$_obfuscate_m2Kuwwяя = fxoqpc90qr2::_obfuscate_bmFxeAtrY1tyamMxQG4mPG0я(_obfuscate_MW5oNgяя::_obfuscate_NTdtAX0я(), $_obfuscate_8GtquAяя['passwd']);
if (!r9::_obfuscate_cXcsL2tcPUAя($_obfuscate_m2Kuwwяя)) {
_obfuscate_NmMzbTIя::_obfuscate_bnty("Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± ЩЃШ№Щ„ЫЊ ШµШЫЊШ Щ�Щ…ЫЊШЁШ§ШґШЇ", "passwd");
} else {
fxoqpc90qr2::_obfuscate_WxcEdANlYwFjBmcudmAMEwяя(_obfuscate_MW5oNgяя::_obfuscate_NTdtAX0я(), $_obfuscate_8GtquAяя['newpasswd']);
__log("Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± Ш®Щ€ШЇ Ш±Ш§ ШЄШєЫЊЫЊШ± ШЇШ§ШЇ", "[USERINFO]");
__redirect(b::_obfuscate_JV52aGp2dwяя(SELF, ACTION, array(
"success" => 1
)));
}
}
}
a3o::_obfuscate_YnQHJwяя(array(
SELF,
ACTION
));
}

public static function h32_6d40b16083a3912c6a8031ca723f18e4()
{
__user_perms("settings_smsmanage");
__use("error");
$_obfuscate_yQ_EHUUxOwяя = _obfuscate_MW5oNgяя::_obfuscate_FDwvKj5teAяя();
$_obfuscate_8GtquAяя = __post(array(
"passwd",
"sms_manage:checked",
"secret"
), $_obfuscate_yQ_EHUUxOwяя);
if (__ispostback()) {
$_obfuscate__w1VdxjS5Vy7 = new _obfuscate_M3lkbjBsYmU1bjIя();
if ($_obfuscate__w1VdxjS5Vy7->_obfuscate_bCsYdmp2KF9AyktW2l6AV8я($_obfuscate_8GtquAяя)) {
__use("helper.users");
$_obfuscate_m2Kuwwяя = fxoqpc90qr2::_obfuscate_bmFxeAtrY1tyamMxQG4mPG0я(_obfuscate_MW5oNgяя::_obfuscate_NTdtAX0я(), $_obfuscate_8GtquAяя['passwd']);
if (!r9::_obfuscate_cXcsL2tcPUAя($_obfuscate_m2Kuwwяя)) {
_obfuscate_NmMzbTIя::_obfuscate_bnty("Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± ЩЃШ№Щ„ЫЊ ШµШЫЊШ Щ�Щ…ЫЊШЁШ§ШґШЇ", "passwd");
} else {
unset($_obfuscate_8GtquAяя['passwd']);
__update("users", $_obfuscate_8GtquAяя, _obfuscate_MW5oNgяя::_obfuscate_Mhsя());
__log("ШЄЩ�ШёЫЊЩ…Ш§ШЄ ШЇШіШЄШ±ШіЫЊ Ш§ШІ Ш·Ш±ЫЊЩ‚ ЩѕЫЊШ§Щ…Ъ© Ш±Ш§ ШЄШєЫЊЫЊШ± ШЇШ§ШЇ", "[USERINFO]");
__redirect(b::_obfuscate_JV52aGp2dwяя(SELF, ACTION, array(
"success" => 1
)));
}
}
}
a3o::_obfuscate_YnQHJwяя(array(
SELF,
ACTION
), $_obfuscate_8GtquAяя);
}

}

function h32_a8e14caeb5a6ca4519e18b95b32ca8a8()
{
__use("breadcrumb");

$_obfuscate_sY3P = new skyg();
$_obfuscate_sY3P->_obfuscate_YQhydj1pIwяя(FRONT, "Щ…ШґШ®ШµШ§ШЄ Ъ©Ш§Ш±ШЁШ±", b::_obfuscate_JV52aGp2dwяя(SELF, FRONT));
$_obfuscate_sY3P->_obfuscate_YQhydj1pIwяя("passwd", "ШЄШєЫЊЫЊШ± Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш±", b::_obfuscate_JV52aGp2dwяя(SELF, "passwd"));
$_obfuscate_sY3P->_obfuscate_YQhydj1pIwяя("smsmanage", "ШЇШіШЄШ±ШіЫЊ Ш§ШІ Ш·Ш±ЫЊЩ‚ ЩѕЫЊШ§Щ…Ъ©", b::_obfuscate_JV52aGp2dwяя(SELF, "smsmanage"));
$_obfuscate_WKs3DAяя = $_obfuscate_sY3P->_obfuscate_K2hhfgяя(ACTION);
h69::_obfuscate_ES85("page::header", "ШЄЩ�ШёЫЊЩ…Ш§ШЄ");
h69::_obfuscate_ES85("page::title", $_obfuscate_WKs3DAяя['title']);
h69::_obfuscate_ES85("page::bc", $_obfuscate_sY3P->create(ACTION));
a3o::tbcc("page");
}

if (!defined("SECURE")) {
exit("Hacking attempt");
}
?>

_________________
Go BIG or go HOME !

Posted: Mon Nov 05, 2012 6:43 am

ace_gishniz

Beginner

Joined: Nov 03, 2012

Posts: 3

what i can decode it to perfect source code??

i know this code was level 1 obfuscated.
how i can fix this problem?

can u help me to decode this?

Posted: Mon Nov 05, 2012 7:12 am

demon

Moderator

Joined: Sep 22, 2010

Posts: 485

you have to write your own lib for this obfuscated variables and functions...

_________________
Go BIG or go HOME !

Posted: Mon Nov 05, 2012 7:34 am

ace_gishniz

Beginner

Joined: Nov 03, 2012

Posts: 3

can you explain more?

how u get this output obfuscated from my file??

Posted: Mon Nov 05, 2012 8:21 am

demon

Moderator

Joined: Sep 22, 2010

Posts: 485

The zend encoder obfuscated your functions and variables.So now you have to manually edit them.Cyko explained how to write your own obfuscated lib which will turn the obfuscated variables and functions to their originals.But the real thing here is that you have to guess them or seek in the other files of the script.

Cyko wrote:

Zend obfuscation can be decoded/deobfuscated however not in all cases, your going to have to create a library containing the obfuscate name followed by the function, e.g.:

$file = str_replace('obfuscate_w4rax3', 'explode', $file);

Reply with a download link to your zended/encoded file.

_________________
Go BIG or go HOME !

help me to decode this php file

www.waraxe.us Forum Index -> PHP script decode requests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

All times are GMT
Page 1 of 1

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.036 Seconds