Waraxe IT Security Portal
Login or Register
November 24, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 151
Members: 0
Total: 151
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PHP script decode requests -> help me to decode this php file
Post new topicReply to topic View previous topic :: View next topic
help me to decode this php file
PostPosted: Sat Nov 03, 2012 7:27 pm Reply with quote
ace_gishniz
Beginner
Beginner
Joined: Nov 03, 2012
Posts: 3




hi all.
i have a php file that codded bye zend guard. i decode this with dzender but output file is like:
Quote:


<?php
/*********************/
/* */
/* Dezend for PHP5 */
/* NWS */
/* Nulled.WS */
/* */
/*********************/

class _obfuscate_M3lkbjBsYmU1bjIÿ
{

public function _obfuscate_PGIqMRpcHXcGYWoÿ( )
{
__use( );
}

public function _obfuscate_AWE5NDx3KxR9XmMNeBwfPRlmOzs3ZDIÿ( )
{
( );
( );
( );
( );
( );
}

public function _obfuscate_MxhdfA5sCDtccXMQBXd9JzYKZnoYaRoxbXQÿ( )
{
( );
( );
( );
}

public function _obfuscate_bCsYdmp2KF9AyktW2l6AV8ÿ( )
{
( );
}

function _obfuscate_azw4NSFqYjR4eCAÿ( )
{
}

}

class H32_7cb4adbe4e9ec47f2ef30443f3de8e98
{

public static function h32_6a992d5529f459a44fee58c733255e86( )
{
__user_perms( );
__use( );
__use( );
( );
( );
__log( );
( );
( );
}

public static function h32_76a2173be6393254e72ffa4d6df1030a( )
{
__user_perms( );
__use( );
__use( );
( );
( );
__log( );
( );
( );
}

public static function h32_6d40b16083a3912c6a8031ca723f18e4( )
{
__user_perms( );
__use( );
__use( );
( );
( );
__log( );
( );
( );
}

}

function h32_a8e14caeb5a6ca4519e18b95b32ca8a8( )
{
__use( );
( );
( );
( );
( );
( );
( );
( );
}

?>





anyone can help me to decode this file??
how i can decode this kind of encoding.
tnx

source coded file:
https://rapidshare.com/files/2947881604/coddedByZendGuard.zip
View user's profile Send private message
PostPosted: Sat Nov 03, 2012 7:44 pm Reply with quote
demon
Moderator
Moderator
Joined: Sep 22, 2010
Posts: 485




here you are but again it has obfuscated funcitons and variables and some encoding problems...

Code:
<?php

class _obfuscate_M3lkbjBsYmU1bjIя
{
public function _obfuscate_PGIqMRpcHXcGYWoя()
{
__use("validator");
}

public function _obfuscate_AWE5NDx3KxR9XmMNeBwfPRlmOzs3ZDIя($_obfuscate_lTa0sgяя)
{
_obfuscate_NWZmd204NDUx::_obfuscate_PGc7bnlxYwяя($_obfuscate_lTa0sgяя['passwd'], "passwd", "Щ„ШÂ·ЩЃШ§ Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± ЩЃШ№Щâ€žЫЊ Ш®Щâ‚¬ШЇ Ш±Ш§ Щ€Ш§ШÂ±ШЇ Щâ€Щ…ШÂ§ЫЊЫЊШЇ");
_obfuscate_NWZmd204NDUx::_obfuscate_ZhgdEQYя($_obfuscate_lTa0sgяя['email'], "email", 1, _obfuscate_MW5oNgяя::_obfuscate_ZhgdEQYя());
_obfuscate_NWZmd204NDUx::_obfuscate_PGc7bnlxYwяя($_obfuscate_lTa0sgяя['fname'], "fname", "Щ„ШÂ·ЩЃШ§ Щâ€Ш§Щ… Ш®Щâ‚¬ШЇ Ш±Ш§ Щ€Ш§ШÂ±ШЇ Щâ€Щ…ШÂ§ЫЊЫЊШЇ");
_obfuscate_NWZmd204NDUx::_obfuscate_PGc7bnlxYwяя($_obfuscate_lTa0sgяя['lname'], "lname", "Щ„ШÂ·ЩЃШ§ Щâ€Ш§Щ… Ш®Ш§Щâ€Щ€ШÂ§ШЇЪЇЫЊ Ш®Щâ‚¬ШЇ Ш±Ш§ Щ€Ш§ШÂ±ШЇ Щâ€Щ…ШÂ§ЫЊЫЊШЇ");
_obfuscate_NWZmd204NDUx::_obfuscate_YWc3KGEy($_obfuscate_lTa0sgяя['mobile'], "mobile");
return !_obfuscate_NmMzbTIя::_obfuscate_cnphKxIcQBMя();
}

public function _obfuscate_MxhdfA5sCDtccXMQBXd9JzYKZnoYaRoxbXQя($_obfuscate_lTa0sgяя)
{
_obfuscate_NWZmd204NDUx::_obfuscate_PGc7bnlxYwяя($_obfuscate_lTa0sgяя['passwd'], "passwd", "Щ„ШÂ·ЩЃШ§ Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± ЩЃШ№Щâ€žЫЊ Ш®Щâ‚¬ШЇ Ш±Ш§ Щ€Ш§ШÂ±ШЇ Щâ€Щ…ШÂ§ЫЊЫЊШЇ");
_obfuscate_NWZmd204NDUx::_obfuscate_aBoSAgop($_obfuscate_lTa0sgяя['newpasswd'], "newpasswd", 5, 16, "ШÂ­ШЇШ§Щ‚Щ„ Ш·Щ€Щ„ Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± Ыµ Ъ©Ш§Ш±Ш§ЪÂ©ШЄШ± ШÂ§ШіШЄ", "ШÂ­ШЇШ§Ъ©Ш«Ш± Ш·Щ€Щ„ Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± Ы±Ы¶ Ъ©Ш§Ш±Ш§ЪÂ©ШЄШ± ШÂ§ШіШЄ");
_obfuscate_NWZmd204NDUx::_obfuscate_cnZoFW52($_obfuscate_lTa0sgяя['newpasswd'], $_obfuscate_lTa0sgяя['rnewpasswd'], "newpasswd", "rnewpasswd");
return !_obfuscate_NmMzbTIя::_obfuscate_cnphKxIcQBMя();
}

public function _obfuscate_bCsYdmp2KF9AyktW2l6AV8я($_obfuscate_lTa0sgяя)
{
if ($_obfuscate_lTa0sgяя['sms_manage'] && !preg_match("/^[a-z0-9]{3,15}\$/", $_obfuscate_lTa0sgяя['secret'])) {
_obfuscate_NmMzbTIя::_obfuscate_bnty("Ш±Щâ€¦ШІ ШЇШіШЄШÂ±ШіЫЊ ШÂ§ШІ Ш·ШÂ±ЫЊЩ‚ ЩѕЫЊШ§Щ…Ъ© Щâ€¦ЫЊШЄЩ€Ш§Щâ€ШЇ ШÂ­ШЇШ§Щ‚Щ„ Ыі Щ€ ШÂ­ШЇШ§Ъ©Ш«Ш± Ы±Ыµ Ъ©Ш§Ш±Ш§ЪÂ©ШЄШ± Щ€ ШЄЩâ€Щ‡Ш§ ШґШ§Щ…Щ„ Ш­Ш±Щâ‚¬ЩЃ a-z Щ€ 0-9 ШЁШÂ§ШґШЇ", "secret");
}
return !_obfuscate_NmMzbTIя::_obfuscate_cnphKxIcQBMя();
}

function _obfuscate_azw4NSFqYjR4eCAя()
{
}

}

class H32_7cb4adbe4e9ec47f2ef30443f3de8e98
{
public static function h32_6a992d5529f459a44fee58c733255e86()
{
__user_perms("settings_info");
__use("error");
$_obfuscate_yQ_EHUUxOwяя = _obfuscate_MW5oNgяя::_obfuscate_FDwvKj5teAяя();
$_obfuscate_8GtquAяя = __post(array(
"passwd",
"email",
"thumbnail",
"fname",
"lname",
"phone",
"mobile"
), $_obfuscate_yQ_EHUUxOwяя);
if (__ispostback()) {
$_obfuscate__w1VdxjS5Vy7 = new _obfuscate_M3lkbjBsYmU1bjIя();
if ($_obfuscate__w1VdxjS5Vy7->_obfuscate_AWE5NDx3KxR9XmMNeBwfPRlmOzs3ZDIя($_obfuscate_8GtquAяя)) {
__use("helper.users");
$_obfuscate_m2Kuwwяя = fxoqpc90qr2::_obfuscate_bmFxeAtrY1tyamMxQG4mPG0я(_obfuscate_MW5oNgяя::_obfuscate_NTdtAX0я(), $_obfuscate_8GtquAяя['passwd']);
if (!r9::_obfuscate_cXcsL2tcPUAя($_obfuscate_m2Kuwwяя)) {
_obfuscate_NmMzbTIя::_obfuscate_bnty("Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± ЩЃШ№Щâ€žЫЊ ШµШÂ­ЫЊШ­ Щâ€Щâ€¦ЫЊШЁШÂ§ШґШЇ", "passwd");
} else {
unset($_obfuscate_8GtquAяя['passwd']);
__update("users", $_obfuscate_8GtquAяя, _obfuscate_MW5oNgяя::_obfuscate_Mhsя());
__log("Щâ€¦ШґШ®ШµШÂ§ШЄ Ш®Щâ‚¬ШЇ Ш±Ш§ Щâ‚¬ЫЊШ±ШÂ§ЫЊШґ Ъ©ШÂ±ШЇ", "[USERINFO]");
__redirect(b::_obfuscate_JV52aGp2dwяя(SELF, ACTION, array(
"success" => 1
)));
}
}
}
a3o::_obfuscate_YnQHJwяя(array(
SELF,
ACTION
), $_obfuscate_8GtquAяя);
}

public static function h32_76a2173be6393254e72ffa4d6df1030a()
{
__user_perms("settings_passwd");
__use("error");
$_obfuscate_8GtquAяя = __post(array(
"passwd",
"newpasswd",
"rnewpasswd"
));
if (__ispostback()) {
$_obfuscate__w1VdxjS5Vy7 = new _obfuscate_M3lkbjBsYmU1bjIя();
if ($_obfuscate__w1VdxjS5Vy7->_obfuscate_MxhdfA5sCDtccXMQBXd9JzYKZnoYaRoxbXQя($_obfuscate_8GtquAяя)) {
__use("helper.users");
$_obfuscate_m2Kuwwяя = fxoqpc90qr2::_obfuscate_bmFxeAtrY1tyamMxQG4mPG0я(_obfuscate_MW5oNgяя::_obfuscate_NTdtAX0я(), $_obfuscate_8GtquAяя['passwd']);
if (!r9::_obfuscate_cXcsL2tcPUAя($_obfuscate_m2Kuwwяя)) {
_obfuscate_NmMzbTIя::_obfuscate_bnty("Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± ЩЃШ№Щâ€žЫЊ ШµШÂ­ЫЊШ­ Щâ€Щâ€¦ЫЊШЁШÂ§ШґШЇ", "passwd");
} else {
fxoqpc90qr2::_obfuscate_WxcEdANlYwFjBmcudmAMEwяя(_obfuscate_MW5oNgяя::_obfuscate_NTdtAX0я(), $_obfuscate_8GtquAяя['newpasswd']);
__log("Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± Ш®Щâ‚¬ШЇ Ш±Ш§ ШЄШєЫЊЫЊШ± ШЇШÂ§ШЇ", "[USERINFO]");
__redirect(b::_obfuscate_JV52aGp2dwяя(SELF, ACTION, array(
"success" => 1
)));
}
}
}
a3o::_obfuscate_YnQHJwяя(array(
SELF,
ACTION
));
}

public static function h32_6d40b16083a3912c6a8031ca723f18e4()
{
__user_perms("settings_smsmanage");
__use("error");
$_obfuscate_yQ_EHUUxOwяя = _obfuscate_MW5oNgяя::_obfuscate_FDwvKj5teAяя();
$_obfuscate_8GtquAяя = __post(array(
"passwd",
"sms_manage:checked",
"secret"
), $_obfuscate_yQ_EHUUxOwяя);
if (__ispostback()) {
$_obfuscate__w1VdxjS5Vy7 = new _obfuscate_M3lkbjBsYmU1bjIя();
if ($_obfuscate__w1VdxjS5Vy7->_obfuscate_bCsYdmp2KF9AyktW2l6AV8я($_obfuscate_8GtquAяя)) {
__use("helper.users");
$_obfuscate_m2Kuwwяя = fxoqpc90qr2::_obfuscate_bmFxeAtrY1tyamMxQG4mPG0я(_obfuscate_MW5oNgяя::_obfuscate_NTdtAX0я(), $_obfuscate_8GtquAяя['passwd']);
if (!r9::_obfuscate_cXcsL2tcPUAя($_obfuscate_m2Kuwwяя)) {
_obfuscate_NmMzbTIя::_obfuscate_bnty("Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш± ЩЃШ№Щâ€žЫЊ ШµШÂ­ЫЊШ­ Щâ€Щâ€¦ЫЊШЁШÂ§ШґШЇ", "passwd");
} else {
unset($_obfuscate_8GtquAяя['passwd']);
__update("users", $_obfuscate_8GtquAяя, _obfuscate_MW5oNgяя::_obfuscate_Mhsя());
__log("ШЄЩâ€ШёЫЊЩ…ШÂ§ШЄ ШЇШіШЄШÂ±ШіЫЊ ШÂ§ШІ Ш·ШÂ±ЫЊЩ‚ ЩѕЫЊШ§Щ…Ъ© Ш±Ш§ ШЄШєЫЊЫЊШ± ШЇШÂ§ШЇ", "[USERINFO]");
__redirect(b::_obfuscate_JV52aGp2dwяя(SELF, ACTION, array(
"success" => 1
)));
}
}
}
a3o::_obfuscate_YnQHJwяя(array(
SELF,
ACTION
), $_obfuscate_8GtquAяя);
}

}

function h32_a8e14caeb5a6ca4519e18b95b32ca8a8()
{
__use("breadcrumb");

$_obfuscate_sY3P = new skyg();
$_obfuscate_sY3P->_obfuscate_YQhydj1pIwяя(FRONT, "Щâ€¦ШґШ®ШµШÂ§ШЄ Ъ©Ш§ШÂ±ШЁШ±", b::_obfuscate_JV52aGp2dwяя(SELF, FRONT));
$_obfuscate_sY3P->_obfuscate_YQhydj1pIwяя("passwd", "ШЄШєЫЊЫЊШ± Ъ©Щ„Щ…Щ‡ Ш№ШЁЩ€Ш±", b::_obfuscate_JV52aGp2dwяя(SELF, "passwd"));
$_obfuscate_sY3P->_obfuscate_YQhydj1pIwяя("smsmanage", "ШЇШіШЄШÂ±ШіЫЊ ШÂ§ШІ Ш·ШÂ±ЫЊЩ‚ ЩѕЫЊШ§Щ…Ъ©", b::_obfuscate_JV52aGp2dwяя(SELF, "smsmanage"));
$_obfuscate_WKs3DAяя = $_obfuscate_sY3P->_obfuscate_K2hhfgяя(ACTION);
h69::_obfuscate_ES85("page::header", "ШЄЩâ€ШёЫЊЩ…ШÂ§ШЄ");
h69::_obfuscate_ES85("page::title", $_obfuscate_WKs3DAяя['title']);
h69::_obfuscate_ES85("page::bc", $_obfuscate_sY3P->create(ACTION));
a3o::tbcc("page");
}

if (!defined("SECURE")) {
exit("Hacking attempt");
}
?>

_________________
Go BIG or go HOME !
View user's profile Send private message
PostPosted: Mon Nov 05, 2012 6:43 am Reply with quote
ace_gishniz
Beginner
Beginner
Joined: Nov 03, 2012
Posts: 3




what i can decode it to perfect source code??

i know this code was level 1 obfuscated.
how i can fix this problem?

can u help me to decode this?
View user's profile Send private message
PostPosted: Mon Nov 05, 2012 7:12 am Reply with quote
demon
Moderator
Moderator
Joined: Sep 22, 2010
Posts: 485




you have to write your own lib for this obfuscated variables and functions...

_________________
Go BIG or go HOME !
View user's profile Send private message
PostPosted: Mon Nov 05, 2012 7:34 am Reply with quote
ace_gishniz
Beginner
Beginner
Joined: Nov 03, 2012
Posts: 3




can you explain more?

how u get this output obfuscated from my file??
View user's profile Send private message
PostPosted: Mon Nov 05, 2012 8:21 am Reply with quote
demon
Moderator
Moderator
Joined: Sep 22, 2010
Posts: 485




The zend encoder obfuscated your functions and variables.So now you have to manually edit them.Cyko explained how to write your own obfuscated lib which will turn the obfuscated variables and functions to their originals.But the real thing here is that you have to guess them or seek in the other files of the script.

Cyko wrote:
Zend obfuscation can be decoded/deobfuscated however not in all cases, your going to have to create a library containing the obfuscate name followed by the function, e.g.:

$file = str_replace('obfuscate_w4rax3', 'explode', $file);

Reply with a download link to your zended/encoded file.

_________________
Go BIG or go HOME !
View user's profile Send private message
help me to decode this php file
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.051 Seconds