在看wp-autopost-pro_378 时候 wp-autopost-function.php 有类似加密。
$d=file_get_contents('./wp-autopost-function.php');
echo htmlentities(stripcslashes($d));
在线工具 http://ddecode.com/hexdecoder/
实际使用时,使用下面面两段代码各处理一次
<?php
//解码GL\x4f\x42A\x4c\x53类加密
$fn='aaa.php';
$t='0123456789abcdefABCDEF';
$r=$p=$qt=$s='';
$slash=false;
$i=$j=0;
if ($f=fopen($fn,"rb")){
$s=fread($f,filesize($fn));
fclose($f);
for ($i=0;$i<strlen($s);$i++){
$slash=false;
$p=sprintf(" %06d,%06d",$i,$j);
if ($s[$i]=='\\'&&$s[$i + 1]=='x'
&&strpos($t,$s[$i+2])!==false&&strpos($t,$s[$i+3])!==false){
$qt=strtolower(substr($s,$i,4));
$slash=(($qt=='\\x22'||$qt=='\\x5c')&&$s[$i-1]!='\\') //引号\x22 斜杠\x5c,前面不是斜杠,需补充斜杠
||(($qt=='\\x22'||$qt=='\\x5c')&&substr($s,$i-2,2)=='\\\\');//前面是2+个斜杠,需要补充斜杠
if ($slash) {
$p=sprintf("<font color=red>%s",$p);
$j++;
}
//echo 'H:'.$qt.'=> '.chr(hexdec($s[$i+2].$s[$i+3])).$p.'<br />';
$qt=($slash)?'\\':'';
$r.=$qt.chr(hexdec($s[$i+2].$s[$i+3]));
$i=$i+3;
}else{
//echo 'C:=====> '.$s[$i].$p.'<br />';
$r.=$s[$i];
}
$j++;
}
$i=0;
$ra=array();
preg_match_all('/(?P<item>\$\{"[a-zA-Z_0-9]+"\}\s*\[\"[a-zA-Z_0-9]+\"\])\s*=\s*"(?P<value>[a-zA-Z_0-9]+)";/i',$r,$ra);
foreach ($ra['item'] as $i=>$a){ //$a = ${"GLOBALS"}["mqhformwegp"]
$b=$a.'="'.$ra['value'][$i].'";';
if (strpos($r,$b)!==false) {
//print_r($b);exit;
$r=str_replace($b,'',$r);
$r=str_replace('{'.$a.'}',$ra['value'][$i],$r);
}
}
preg_match_all('/(?P<item>\$[a-zA-Z_0-9]+)\s*=\s*"(?P<value>[a-zA-Z_0-9]+)";/i',$r,$ra);
foreach ($ra['item'] as $i=>$a){
$b=$a.' = "'.$ra['value'][$i].'";';
$a1='${'.$a.'}';
if (strpos($r,$b)!==false&&strpos($r,$a1)!==false) {
$r=str_replace($b,'',$r);
$r=str_replace('{'.$a.'}',$ra['value'][$i],$r);
}
}
preg_match_all('/(?P<item>\$\{(?P<value>\$[a-z]+)\})/i',$r,$ra);
foreach ($ra['item'] as $i=>$a){ //$a = ${$mqhformwegp}
//$b=$a.'="'.$ra['value'][$i].'";';
$b='/\\'.$ra['value'][$i].'=\"([a-zA-Z_0-9]+)\";/';
//print_r($b);
//if(preg_match($b, $r, $c)){
if( preg_match($b,$r, $c) ){
$r=str_replace($c[0],'',$r);
$r=str_replace($a,'$'.$c[1],$r);
}
}
$r= str_replace("{","{\r\n\t",$r);
$r= str_replace("}","}\r\n\t",$r);
$r= str_replace(";",";\r\n\t",$r);
$fn='hexdecoded1.php';
$f=fopen($fn,"wb");
fwrite($f,$r);
fclose($f);
echo 'done...';
exit;
}
<?php
$fn='hexdecoded1.php'; $r=''; $i=0; $ra=array();
if ($f=fopen($fn,"rb")){
$r=fread($f,filesize($fn));
fclose($f);
preg_match_all('/(?P\$\{"[a-zA-Z_0-9]+"\}\s*\[\"[a-zA-Z_0-9]+\"\])\s*=\s*"(?P[a-zA-Z_0-9]+)";/i',$r,$ra);
foreach ($ra['item'] as $i=>$a){
$b=$a.' = "'.$ra['value'][$i].'";';
if (strpos($r,$b)!==false) {
$r=str_replace($b,'',$r);
$r=str_replace('{'.$a.'}',$ra['value'][$i],$r);
}
}
preg_match_all('/(?P\$[a-zA-Z_0-9]+)\s*=\s*"(?P[a-zA-Z_0-9]+)";/i',$r,$ra);
foreach ($ra['item'] as $i=>$a){
$b=$a.' = "'.$ra['value'][$i].'";';
$a1='${'.$a.'}';
if (strpos($r,$b)!==false&&strpos($r,$a1)!==false) {
$r=str_replace($b,'',$r);
$r=str_replace('{'.$a.'}',$ra['value'][$i],$r);
}
}
while (strpos($r,"\t\r\n")!==false) $r=str_replace("\t\r\n","\r\n",$r);
while (strpos($r,"\r\n\r\n")!==false) $r=str_replace("\r\n\r\n","\r\n",$r);
$fn='hexdecoded2.php';
$f=fopen($fn,"wb"); fwrite($f,$r); fclose($f);
echo 'done...';
}
exit();
?>
最后修改: 2020-09-6 02:56