一个在线php加密文件的解密

pwp · 发表于 2024-4-11 02:21

免费加密网站：aHR0cDovL2RlcGhwLm5ldC9lbmNyeXB0Lmh0bWw=

加密前代码：

[PHP] 纯文本查看 复制代码

1

2

3

4

5

6

7

<?php
    echo "请破我！"
?>
 
<?php
    echo "<br />我爱破姐！"
?>

运行如下：

给php加密：

加密后代码：

[PHP] 纯文本查看 复制代码

1

<?php define('gdChnW0411',__FILE__);$EvRmzj=base64_decode(

"bjF6Yi9tYTVcdnQwaTI4LXB4dXF5KjZscmtkZzlfZWhjc3dvNCtmMzdqYmVxbWhGelp0RUtrV0dJVUFsb3NTTGF1ZHBnQ1BPd1ROblFyZnhIalJZeVhKVmlEdk1jQg=="

);$Kyddly=$EvRmzj[3].$EvRmzj[6].$EvRmzj[33].$EvRmzj[30];$ltJjKV=$EvRmzj[33].$EvRmzj[10].$EvRmzj[24].$EvRmzj[10].$EvRmzj[24];$sCFCgN=$ltJjKV[0].$EvRmzj[18].$EvRmzj[3].$ltJjKV[0].$ltJjKV[1].$EvRmzj[24];$dhGfsR=$EvRmzj[7].$EvRmzj[13];$Kyddly.=$EvRmzj[22].$EvRmzj[36].$EvRmzj[29].$EvRmzj[26].$EvRmzj[30].$EvRmzj[32].$EvRmzj[35].$EvRmzj[26].$EvRmzj[30];eval($Kyddly(

"JGlqc0hPdj0idlBxZlNWd1JPS0hrRUdKTG9RbnJnQ0FJV2V0aU1VRnpjWm1haHNUdXliZE5wakJsWVhEeERqbmZKdk5tWndPUnRIRlZQS0V5VGRsTHV4TWVXQWFZcVVTemhza0dwY2lyQ29YSWJCZ1FqZzlOek9sVFVIdlN6dTVJd2RpSHpFRm52SHNOcmd0UUZwUUVVdHJQY0lxTnJndFF3a3NSbUl2dmJBQ0lqdUZocTJBMnJhOVJVdXJEVUhBUExTRm5tb1VVemtJMHV2bXViMm1HQUJpaHZ0UjBrYWhkckhtYm1vdlZ6SUNZYjIxMHoxQzZjSFV6djJobmJZclJpUjVnaUgxcnhTbVF1a2xRY3ZtYWlIUW92UkN5YmtsNXZ2RnZ6YWlSbVlJQ1V1czFtYUZNeHRNdVdIUVFiWXJkcWF2YmNhYUlKdENEYklVTlcxSXVjdHZCbVl2dXVvYVpLMm12bW9GSmlZMDlMZVI3Rk9GdnEyUU1pWTBSbUl2dmJBQ0l1WXJpVmVtSHZ2dmhKU3ZjckkwR0Z0VXZ2dWF3VXZzWVcxMEdGdFV2dnVhd1V2c1lXYTA3RmFyU3pBaU1xazBSbUl2dmJBQ0l1WVdZQko0Um1JdnZiQUNJdVl0TkJKNFJtSXZ2YkFDSXVZTDBCSjRSbUl2dmJBQ0l1WXROQko0Um1JdnZiQUNJdVlMMEJrc1J1SWFESnQ5MmpKbWtVU0lPY0JhY1dhMEdGdFV2dnVhd1V2c1FaYTBHRnRVdnZ1YXdVdnNZQko0UkEyVUNtMjFRdVlYaVZlbWtVU0lPY0JhY1d2MEdGdFV2dnVhd1V2c3ByYTA3RnRDWnhTVW1KZzBSbUl2dmJBQ0l1WWlpVmVtSHZ2dmhKU3ZjV2tyaVpwbXB2QnJzY0JxR2pKbUh2dnZoSlN2Y1dvRmlWZW1IdnZ2aEpTdmNXWVVpVmVtSHZ2dmhKU3ZjV29JaVZlbUh2dnZoSlN2Y1dvVWlWZW1IdnZ2aEpTdmNXWVhpVmVtSHZ2dmhKU3ZjV1lGaVZlbUh2dnZoSlN2Y1dZdmlWZW1IdnZ2aEpTdmNXb1VpVmVtSHZ2dmhKU3ZjV1lYaVoydjJidU5QRk9GdnEyUU1pcFRlSlJoWnZTTFlrRWFoem9YQ1VIMUhBYVBZbUVySldCWHN1U1FKa3VyR1V0NWhtWWF3VXZ2Sm0ycmFKUk12bTFGMUFJaFB2YVVHdm9YbXZBNDJidmhaSnZ2QmtTSUFjSGh6Ymthd3VIYXN2UlFlV292cEF1UXdtSWFidVJJUldPbXJVQWhOeElGYXVFcm9tQlhHdVJ2UkFTcnZXdm1vell2UGJBQTVjdnRZY0hDQm1TUTJidlVOQXZyYkFJaVVjYUZiYklpdXZTbUJxdDV6eFNRNmJrRnNydnZNVUhhaGN0QzN1a3JzQTJyT2tvdnZjUkZOdnZ2Tkp1RnVrUlFrdllheWtBaUZ4dnZNcU9oa3pTTllVYWlzdnQwUWtCaG9XSVBOdnRoSHhJckFKUmhKV0hoS2JZRnp6QTFuQVJoSW1CWG1ib3JkV0lBTm1JbVJ6WUlNdmthc0Eyck16SE11V3ZVdXVSbXNpMW10bW9YdXV0VVZ2UnZSaTJhQm1rbW9KYUNiQW9YUGMxRk1xdElldjFGdkEwVXppMmFHbUJpUm1ZdndiMlFSS0lyYkpTYW1XZ0lOQXZoWkp2bU9xYXJ2VzFDS2tSVVp6UjlCcWFtUnpSVTJBdU1OQUlDQmlnRnptQlhta3VzNGkxbXV1SVhybXVoemtBbUp4YXJzQUlySW1TTjFiMkN1SnZJNXFZYVptU1FQa0ltenpSMXR2RUZSV3U4UVVBVXNrQTVBdlM5aHpTV1lBMlFIeGFyc0FrcnpXQlhRdnU1ZHpTdnVKRWlVVzJRa2IwaW9ydE01SmtpenVhQ1BiUnJFY0lYNnJINVd6dkY1dkloWnEyRmJiMjl3bVI1TWJ2dlJpSHJrVTJNQmN0VTJBMEE1V1JNZ0FFQ3V2WUk2YnUxRHEwQ2FxdDlJY3ZDSkEwckR4QU1raTJNQmN0VTJBMEE1V1JNZ0FFQ3V2WUk2YnUxRHEwQ2FxdDlJY3ZDSkEwcjN6MXJ5cmtVemN0VUZKMXIzejFpc21FVWtta1JwSjBySnhJVUJaQkNoY3U5WWtBcjN6MXJ5cmtVemN0VUZKMXJ5cXRNQXFZMGV3SlI3alk0OGozWFBxZFhSVXVVQ2NTQVBGM1hIYjFpbkpvbDBXa3RFVkhpUksyaEd2WWwwV2t0Q1pwbWJKT21SY3ZSOWJTYVlVa2IwQjJtSWIyOVJVSlRlYlNDSHJJSUNaQm1VdmFVb1VINW1pMmFBSmttV3V0TDBVYWhIckFNbnVFcm9jQm15dUVDc1VJQ0J6SENvVzJtMmtScjBjQTE2VU9hZVcybXZVSDFacTJ2dmNhSUp1YWJOYllGTnVhbUxKU011dkVYWnVTMVBBSGF2SlI5ZXVPWHRBWVhKQXZBUWN0aXpXQUNWdXVRSHYxYUJpdGhVdUhoc2IwaEhKdUZFamswZXdrc1JVQW0xY0hDQ2pKbWJKT21SY3ZJY1cxMEdGYWhMaUhtTXV2czJCSjRSdXRoMFVIMVV1WVdZQko0UnV0aDBVSDFVdVlXTkJrc1JrUkM1bXRDQmpKbWJKT21SY3ZJY1dZcmlWZW1iSk9tUmN2SWNXa1hpVmVtYkpPbVJjdkljV29taVZlbWJKT21SY3ZJY1drWGlWZW1iSk9tUmN2SWNXb21pWnBtbXZJcmV2T0E5RnQ1d3hBbXd2MXNOQko0UnV0aDBVSDFVdVl0NEJKNFJ1dGgwVUgxVXVZcmlWZW1aSkVJdEpJaWNXYTBHRnQ1d3hBbXd2MXNRQko0UnV0aDBVSDFVdVlMMEJrc1J6Qml6eFNNQWpKbWJKT21SY3ZJY3IxMEdGYWhMaUhtTXV2c1FXMTA3Rkh2dGl1UW56SjQ5RmFoTGlIbU11dnNwV0kwR0ZhaExpSG1NdXZzWXJJMEdGYWhMaUhtTXV2c3BadjBHRmFoTGlIbU11dnNwckkwR0ZhaExpSG1NdXZzWVdhMEdGYWhMaUhtTXV2c1lXSTBHRmFoTGlIbU11dnNZcnYwR0ZhaExpSG1NdXZzcHJJMEdGYWhMaUhtTXV2c1lXYTA3VUJVaGNkVFJVQW0xY0hDQ3dkRndtUlUzdlNNenhhcjZXSElBbVlJaGJBaTB4U3ZhSm9Va3pZSTR1SXFRS0lydnJCWHZtMFV1dnVNSld2SUdLUlF6V3VoeXZvYUhXYXRwcmtydldIaEhVSFF6cXZDTWtJdkpjSE4xQW9sUXh1RkhjYWltdklVRnVvRjRyYUFRbVJ2enV0NUt1UzV3QTFheXF0Q3VtMk5wdVJxUVcybXZXQW1lVzBVaHZBQTFrYWJwcU92SXVPWFBBUzVkeklpYVVIOUp2QmhDVXRpMEoybW5jYWhrdll2TXZ1czFLMUN5V0JJQWNTaHBiQW13dlN2R0pSOUJ2SVBOa29yZGthVXNjYUlBV3RDSmJTNU5yU3JHY3RyUmNPWEJrZ1hOa1IxTHZvRkJjYVIwQTJDWnJhVU1rUzFySmFVNXZIMXprU3J5eEhoSnoyUXJrMEFReHZGTXh0clVXdENNVXVNTnoxcmJKUklvVzA1NXVvclp4SW11S1J2b3ZCbUZBUnJZcmFtQnFPSXZ6WXZPazByWXpBOHB2b0ZVdjNpREpFUDR3MEM1ckhNenZ2TFFiUmlOcXRNZ0FSOWtjU1FhQTJRb2MwQ0htSWl2V1JDdlVhckV6MXZiS0lpSmNSVVdrdHJKcUhLUXFnVWhXdmFRa3VJeXEwQ0htSWl2V1JDdlVhckV6MXZiS0lpSmNSVVdrdHJKcUhLUXFnVWhXdmFZSlJpc1cxaUdxT0Z1SzJNWUpSVUh2MUFwSkl2UkEyaXl2dmhkdjFGR21SUVdtdGFZSlJpc1cxaUdxT0Z1SzJNTkoxcnlycExDd2tzL2pUPT0iO2V2YWwoJz8+Jy4kS3lkZGx5KCRsdEpqS1YoJHNDRkNnTigkaWpzSE92LCRkaEdmc1IqMiksJHNDRkNnTigkaWpzSE92LCRkaEdmc1IsJGRoR2ZzUiksJHNDRkNnTigkaWpzSE92LDAsJGRoR2ZzUikpKSk7"

));?>

访问：

破解过程：
代码格式化，发现一堆奇形怪状的函数：

二话不说，输出来看看：

[PHP] 纯文本查看 复制代码

01

02

03

04

05

06

07

08

09

10

11

<?php define('gdChnW0411', __FILE__);
$EvRmzj = base64_decode("bjF6Yi9tYTVcdnQwaTI4LXB4dXF5KjZscmtkZzlfZWhjc3dvNCtmMzdqYmVxbWhGelp0RUtrV0dJVUFsb3NTTGF1ZHBnQ1BPd1ROblFyZnhIalJZeVhKVmlEdk1jQg==");
$Kyddly = $EvRmzj[3] . $EvRmzj[6] . $EvRmzj[33] . $EvRmzj[30];
$ltJjKV = $EvRmzj[33] . $EvRmzj[10] . $EvRmzj[24] . $EvRmzj[10] . $EvRmzj[24];
$sCFCgN = $ltJjKV[0] . $EvRmzj[18] . $EvRmzj[3] . $ltJjKV[0] . $ltJjKV[1] . $EvRmzj[24];
$dhGfsR = $EvRmzj[7] . $EvRmzj[13];
$Kyddly .= $EvRmzj[22] . $EvRmzj[36] . $EvRmzj[29] . $EvRmzj[26] . $EvRmzj[30] . $EvRmzj[32] . $EvRmzj[35] . $EvRmzj[26] . $EvRmzj[30];
 
 
echo $Kyddly." ".$ltJjKV." ".$sCFCgN." ".$dhGfsR." ".$Kyddly."<br /> ";
eval ($Kyddly("JGlqc0hPdj0idlBxZlNWd1JPS0hrRUdKTG9RbnJnQ0FJV2V0aU1VRnpjWm1haHNUdXliZE5wakJsWVhEeERqbmZKdk5tWndPUnRIRlZQS0V5VGRsTHV4TWVXQWFZcVVTemhza0dwY2lyQ29YSWJCZ1FqZzlOek9sVFVIdlN6dTVJd2RpSHpFRm52SHNOcmd0UUZwUUVVdHJQY0lxTnJndFF3a3NSbUl2dmJBQ0lqdUZocTJBMnJhOVJVdXJEVUhBUExTRm5tb1VVemtJMHV2bXViMm1HQUJpaHZ0UjBrYWhkckhtYm1vdlZ6SUNZYjIxMHoxQzZjSFV6djJobmJZclJpUjVnaUgxcnhTbVF1a2xRY3ZtYWlIUW92UkN5YmtsNXZ2RnZ6YWlSbVlJQ1V1czFtYUZNeHRNdVdIUVFiWXJkcWF2YmNhYUlKdENEYklVTlcxSXVjdHZCbVl2dXVvYVpLMm12bW9GSmlZMDlMZVI3Rk9GdnEyUU1pWTBSbUl2dmJBQ0l1WXJpVmVtSHZ2dmhKU3ZjckkwR0Z0VXZ2dWF3VXZzWVcxMEdGdFV2dnVhd1V2c1lXYTA3RmFyU3pBaU1xazBSbUl2dmJBQ0l1WVdZQko0Um1JdnZiQUNJdVl0TkJKNFJtSXZ2YkFDSXVZTDBCSjRSbUl2dmJBQ0l1WXROQko0Um1JdnZiQUNJdVlMMEJrc1J1SWFESnQ5MmpKbWtVU0lPY0JhY1dhMEdGdFV2dnVhd1V2c1FaYTBHRnRVdnZ1YXdVdnNZQko0UkEyVUNtMjFRdVlYaVZlbWtVU0lPY0JhY1d2MEdGdFV2dnVhd1V2c3ByYTA3RnRDWnhTVW1KZzBSbUl2dmJBQ0l1WWlpVmVtSHZ2dmhKU3ZjV2tyaVpwbXB2QnJzY0JxR2pKbUh2dnZoSlN2Y1dvRmlWZW1IdnZ2aEpTdmNXWVVpVmVtSHZ2dmhKU3ZjV29JaVZlbUh2dnZoSlN2Y1dvVWlWZW1IdnZ2aEpTdmNXWVhpVmVtSHZ2dmhKU3ZjV1lGaVZlbUh2dnZoSlN2Y1dZdmlWZW1IdnZ2aEpTdmNXb1VpVmVtSHZ2dmhKU3ZjV1lYaVoydjJidU5QRk9GdnEyUU1pcFRlSlJoWnZTTFlrRWFoem9YQ1VIMUhBYVBZbUVySldCWHN1U1FKa3VyR1V0NWhtWWF3VXZ2Sm0ycmFKUk12bTFGMUFJaFB2YVVHdm9YbXZBNDJidmhaSnZ2QmtTSUFjSGh6Ymthd3VIYXN2UlFlV292cEF1UXdtSWFidVJJUldPbXJVQWhOeElGYXVFcm9tQlhHdVJ2UkFTcnZXdm1vell2UGJBQTVjdnRZY0hDQm1TUTJidlVOQXZyYkFJaVVjYUZiYklpdXZTbUJxdDV6eFNRNmJrRnNydnZNVUhhaGN0QzN1a3JzQTJyT2tvdnZjUkZOdnZ2Tkp1RnVrUlFrdllheWtBaUZ4dnZNcU9oa3pTTllVYWlzdnQwUWtCaG9XSVBOdnRoSHhJckFKUmhKV0hoS2JZRnp6QTFuQVJoSW1CWG1ib3JkV0lBTm1JbVJ6WUlNdmthc0Eyck16SE11V3ZVdXVSbXNpMW10bW9YdXV0VVZ2UnZSaTJhQm1rbW9KYUNiQW9YUGMxRk1xdElldjFGdkEwVXppMmFHbUJpUm1ZdndiMlFSS0lyYkpTYW1XZ0lOQXZoWkp2bU9xYXJ2VzFDS2tSVVp6UjlCcWFtUnpSVTJBdU1OQUlDQmlnRnptQlhta3VzNGkxbXV1SVhybXVoemtBbUp4YXJzQUlySW1TTjFiMkN1SnZJNXFZYVptU1FQa0ltenpSMXR2RUZSV3U4UVVBVXNrQTVBdlM5aHpTV1lBMlFIeGFyc0FrcnpXQlhRdnU1ZHpTdnVKRWlVVzJRa2IwaW9ydE01SmtpenVhQ1BiUnJFY0lYNnJINVd6dkY1dkloWnEyRmJiMjl3bVI1TWJ2dlJpSHJrVTJNQmN0VTJBMEE1V1JNZ0FFQ3V2WUk2YnUxRHEwQ2FxdDlJY3ZDSkEwckR4QU1raTJNQmN0VTJBMEE1V1JNZ0FFQ3V2WUk2YnUxRHEwQ2FxdDlJY3ZDSkEwcjN6MXJ5cmtVemN0VUZKMXIzejFpc21FVWtta1JwSjBySnhJVUJaQkNoY3U5WWtBcjN6MXJ5cmtVemN0VUZKMXJ5cXRNQXFZMGV3SlI3alk0OGozWFBxZFhSVXVVQ2NTQVBGM1hIYjFpbkpvbDBXa3RFVkhpUksyaEd2WWwwV2t0Q1pwbWJKT21SY3ZSOWJTYVlVa2IwQjJtSWIyOVJVSlRlYlNDSHJJSUNaQm1VdmFVb1VINW1pMmFBSmttV3V0TDBVYWhIckFNbnVFcm9jQm15dUVDc1VJQ0J6SENvVzJtMmtScjBjQTE2VU9hZVcybXZVSDFacTJ2dmNhSUp1YWJOYllGTnVhbUxKU011dkVYWnVTMVBBSGF2SlI5ZXVPWHRBWVhKQXZBUWN0aXpXQUNWdXVRSHYxYUJpdGhVdUhoc2IwaEhKdUZFamswZXdrc1JVQW0xY0hDQ2pKbWJKT21SY3ZJY1cxMEdGYWhMaUhtTXV2czJCSjRSdXRoMFVIMVV1WVdZQko0UnV0aDBVSDFVdVlXTkJrc1JrUkM1bXRDQmpKbWJKT21SY3ZJY1dZcmlWZW1iSk9tUmN2SWNXa1hpVmVtYkpPbVJjdkljV29taVZlbWJKT21SY3ZJY1drWGlWZW1iSk9tUmN2SWNXb21pWnBtbXZJcmV2T0E5RnQ1d3hBbXd2MXNOQko0UnV0aDBVSDFVdVl0NEJKNFJ1dGgwVUgxVXVZcmlWZW1aSkVJdEpJaWNXYTBHRnQ1d3hBbXd2MXNRQko0UnV0aDBVSDFVdVlMMEJrc1J6Qml6eFNNQWpKbWJKT21SY3ZJY3IxMEdGYWhMaUhtTXV2c1FXMTA3Rkh2dGl1UW56SjQ5RmFoTGlIbU11dnNwV0kwR0ZhaExpSG1NdXZzWXJJMEdGYWhMaUhtTXV2c3BadjBHRmFoTGlIbU11dnNwckkwR0ZhaExpSG1NdXZzWVdhMEdGYWhMaUhtTXV2c1lXSTBHRmFoTGlIbU11dnNZcnYwR0ZhaExpSG1NdXZzcHJJMEdGYWhMaUhtTXV2c1lXYTA3VUJVaGNkVFJVQW0xY0hDQ3dkRndtUlUzdlNNenhhcjZXSElBbVlJaGJBaTB4U3ZhSm9Va3pZSTR1SXFRS0lydnJCWHZtMFV1dnVNSld2SUdLUlF6V3VoeXZvYUhXYXRwcmtydldIaEhVSFF6cXZDTWtJdkpjSE4xQW9sUXh1RkhjYWltdklVRnVvRjRyYUFRbVJ2enV0NUt1UzV3QTFheXF0Q3VtMk5wdVJxUVcybXZXQW1lVzBVaHZBQTFrYWJwcU92SXVPWFBBUzVkeklpYVVIOUp2QmhDVXRpMEoybW5jYWhrdll2TXZ1czFLMUN5V0JJQWNTaHBiQW13dlN2R0pSOUJ2SVBOa29yZGthVXNjYUlBV3RDSmJTNU5yU3JHY3RyUmNPWEJrZ1hOa1IxTHZvRkJjYVIwQTJDWnJhVU1rUzFySmFVNXZIMXprU3J5eEhoSnoyUXJrMEFReHZGTXh0clVXdENNVXVNTnoxcmJKUklvVzA1NXVvclp4SW11S1J2b3ZCbUZBUnJZcmFtQnFPSXZ6WXZPazByWXpBOHB2b0ZVdjNpREpFUDR3MEM1ckhNenZ2TFFiUmlOcXRNZ0FSOWtjU1FhQTJRb2MwQ0htSWl2V1JDdlVhckV6MXZiS0lpSmNSVVdrdHJKcUhLUXFnVWhXdmFRa3VJeXEwQ0htSWl2V1JDdlVhckV6MXZiS0lpSmNSVVdrdHJKcUhLUXFnVWhXdmFZSlJpc1cxaUdxT0Z1SzJNWUpSVUh2MUFwSkl2UkEyaXl2dmhkdjFGR21SUVdtdGFZSlJpc1cxaUdxT0Z1SzJNTkoxcnlycExDd2tzL2pUPT0iO2V2YWwoJz8+Jy4kS3lkZGx5KCRsdEpqS1YoJHNDRkNnTigkaWpzSE92LCRkaEdmc1IqMiksJHNDRkNnTigkaWpzSE92LCRkaEdmc1IsJGRoR2ZzUiksJHNDRkNnTigkaWpzSE92LDAsJGRoR2ZzUikpKSk7")); ?>

关键代码长这样：

[PHP] 纯文本查看 复制代码

1	`echo` `$Kyddly." ".$ltJjKV." ".$sCFCgN." ".$dhGfsR." ".$Kyddly."<br /> ";`

刷新网页得结果：

即

[PHP] 纯文本查看 复制代码

1	`.$Kyddly`

是

[PHP] 纯文本查看 复制代码

1	`base64_decode`

。

果断把eval后面的$Kyddly替换成base64_decode，

运行，正常，发现猜测没错：

eval函数改成echo:

吾爱破姐专用变成了看不懂的字符串：

全部内容如下：

[PHP] 纯文本查看 复制代码

1

$ijsHOv=

"vPqfSVwROKHkEGJLoQnrgCAIWetiMUFzcZmahsTuybdNpjBlYXDxDjnfJvNmZwORtHFVPKEyTdlLuxMeWAaYqUSzhskGpcirCoXIbBgQjg9NzOlTUHvSzu5IwdiHzEFnvHsNrgtQFpQEUtrPcIqNrgtQwksRmIvvbACIjuFhq2A2ra9RUurDUHAPLSFnmoUUzkI0uvmub2mGABihvtR0kahdrHmbmovVzICYb210z1C6cHUzv2hnbYrRiR5giH1rxSmQuklQcvmaiHQovRCybkl5vvFvzaiRmYICUus1maFMxtMuWHQQbYrdqavbcaaIJtCDbIUNW1IuctvBmYvuuoaZK2mvmoFJiY09LeR7FOFvq2QMiY0RmIvvbACIuYriVemHvvvhJSvcrI0GFtUvvuawUvsYW10GFtUvvuawUvsYWa07FarSzAiMqk0RmIvvbACIuYWYBJ4RmIvvbACIuYtNBJ4RmIvvbACIuYL0BJ4RmIvvbACIuYtNBJ4RmIvvbACIuYL0BksRuIaDJt92jJmkUSIOcBacWa0GFtUvvuawUvsQZa0GFtUvvuawUvsYBJ4RA2UCm21QuYXiVemkUSIOcBacWv0GFtUvvuawUvspra07FtCZxSUmJg0RmIvvbACIuYiiVemHvvvhJSvcWkriZpmpvBrscBqGjJmHvvvhJSvcWoFiVemHvvvhJSvcWYUiVemHvvvhJSvcWoIiVemHvvvhJSvcWoUiVemHvvvhJSvcWYXiVemHvvvhJSvcWYFiVemHvvvhJSvcWYviVemHvvvhJSvcWoUiVemHvvvhJSvcWYXiZ2v2buNPFOFvq2QMipTeJRhZvSLYkEahzoXCUH1HAaPYmErJWBXsuSQJkurGUt5hmYawUvvJm2raJRMvm1F1AIhPvaUGvoXmvA42bvhZJvvBkSIAcHhzbkawuHasvRQeWovpAuQwmIabuRIRWOmrUAhNxIFauEromBXGuRvRASrvWvmozYvPbAA5cvtYcHCBmSQ2bvUNAvrbAIiUcaFbbIiuvSmBqt5zxSQ6bkFsrvvMUHahctC3ukrsA2rOkovvcRFNvvvNJuFukRQkvYaykAiFxvvMqOhkzSNYUaisvt0QkBhoWIPNvthHxIrAJRhJWHhKbYFzzA1nARhImBXmbordWIANmImRzYIMvkasA2rMzHMuWvUuuRmsi1mtmoXuutUVvRvRi2aBmkmoJaCbAoXPc1FMqtIev1FvA0Uzi2aGmBiRmYvwb2QRKIrbJSamWgINAvhZJvmOqarvW1CKkRUZzR9BqamRzRU2AuMNAICBigFzmBXmkus4i1muuIXrmuhzkAmJxarsAIrImSN1b2CuJvI5qYaZmSQPkImzzR1tvEFRWu8QUAUskA5AvS9hzSWYA2QHxarsAkrzWBXQvu5dzSvuJEiUW2Qkb0iortM5JkizuaCPbRrEcIX6rH5WzvF5vIhZq2Fbb29wmR5MbvvRiHrkU2MBctU2A0A5WRMgAECuvYI6bu1Dq0Caqt9IcvCJA0rDxAMki2MBctU2A0A5WRMgAECuvYI6bu1Dq0Caqt9IcvCJA0r3z1ryrkUzctUFJ1r3z1ismEUkmkRpJ0rJxIUBZBChcu9YkAr3z1ryrkUzctUFJ1ryqtMAqY0ewJR7jY48j3XPqdXRUuUCcSAPF3XHb1inJol0WktEVHiRK2hGvYl0WktCZpmbJOmRcvR9bSaYUkb0B2mIb29RUJTebSCHrIICZBmUvaUoUH5mi2aAJkmWutL0UahHrAMnuErocBmyuECsUICBzHCoW2m2kRr0cA16UOaeW2mvUH1Zq2vvcaIJuabNbYFNuamLJSMuvEXZuS1PAHavJR9euOXtAYXJAvAQctizWACVuuQHv1aBithUuHhsb0hHJuFEjk0ewksRUAm1cHCCjJmbJOmRcvIcW10GFahLiHmMuvs2BJ4Ruth0UH1UuYWYBJ4Ruth0UH1UuYWNBksRkRC5mtCBjJmbJOmRcvIcWYriVembJOmRcvIcWkXiVembJOmRcvIcWomiVembJOmRcvIcWkXiVembJOmRcvIcWomiZpmmvIrevOA9Ft5wxAmwv1sNBJ4Ruth0UH1UuYt4BJ4Ruth0UH1UuYriVemZJEItJIicWa0GFt5wxAmwv1sQBJ4Ruth0UH1UuYL0BksRzBizxSMAjJmbJOmRcvIcr10GFahLiHmMuvsQW107FHvtiuQnzJ49FahLiHmMuvspWI0GFahLiHmMuvsYrI0GFahLiHmMuvspZv0GFahLiHmMuvsprI0GFahLiHmMuvsYWa0GFahLiHmMuvsYWI0GFahLiHmMuvsYrv0GFahLiHmMuvsprI0GFahLiHmMuvsYWa07UBUhcdTRUAm1cHCCwdFwmRU3vSMzxar6WHIAmYIhbAi0xSvaJoUkzYI4uIqQKIrvrBXvm0UuvuMJWvIGKRQzWuhyvoaHWatprkrvWHhHUHQzqvCMkIvJcHN1AolQxuFHcaimvIUFuoF4raAQmRvzut5KuS5wA1ayqtCum2NpuRqQW2mvWAmeW0UhvAA1kabpqOvIuOXPAS5dzIiaUH9JvBhCUti0J2mncahkvYvMvus1K1CyWBIAcShpbAmwvSvGJR9BvIPNkordkaUscaIAWtCJbS5NrSrGctrRcOXBkgXNkR1LvoFBcaR0A2CZraUMkS1rJaU5vH1zkSryxHhJz2Qrk0AQxvFMxtrUWtCMUuMNz1rbJRIoW055uorZxImuKRvovBmFARrYramBqOIvzYvOk0rYzA8pvoFUv3iDJEP4w0C5rHMzvvLQbRiNqtMgAR9kcSQaA2Qoc0CHmIivWRCvUarEz1vbKIiJcRUWktrJqHKQqgUhWvaQkuIyq0CHmIivWRCvUarEz1vbKIiJcRUWktrJqHKQqgUhWvaYJRisW1iGqOFuK2MYJRUHv1ApJIvRA2iyvvhdv1FGmRQWmtaYJRisW1iGqOFuK2MNJ1ryrpLCwks/jT=="

;eval('?>'.$Kyddly($ltJjKV($sCFCgN($ijsHOv,$dhGfsR*2),$sCFCgN($ijsHOv,$dhGfsR,$dhGfsR),$sCFCgN($ijsHOv,0,$dhGfsR))));

猜测$ijsHOv还是base64_decode你就错了，base64_decode得到乱码，我就不掩饰不拐弯墨迹了，直接来干活！

他后面还有一段eval('?>'.$Kyddly($ltJjKV($sCFCgN($ijsHOv,$dhGfsR*2),$sCFCgN($ijsHOv,$dhGfsR,$dhGfsR),$sCFCgN($ijsHOv,0,$dhGfsR)))，去掉eval,设$text = $ijsHOv,把这些函数用上面输出的名称替换后得：

[PHP] 纯文本查看 复制代码

1	`base64_decode(strtr(substr($text,52*2),substr($text,52,52),substr($text,0,52)))`

写点代码：

[PHP] 纯文本查看 复制代码

01

02

03

04

05

06

07

08

09

10

11

12

$pattern = '/="([^"]+)"/';
 
preg_match_all($pattern, $decodestr1, $matches);
$text = implode('', $matches[1]);
echo $text;
echo "<br /> ";
$decodestr2 = strtr(substr($text,52*2),substr($text,52,52),substr($text,0,52));
 
[color=#6a9955]//运行看看[/color]
echo $decodestr2;
echo [color=#ce9178]"<br />再 base64_decode看看<br />"[/color];
echo base64_decode($decodestr2);

一开始用骨锅，看了好久看不出啥，这里得用360浏览器看看。

看到的内容：

[PHP] 纯文本查看 复制代码

1

2

3

4

<?php
define('FjrjTk0411',gdChnW0411);$FUUaJe=base64_decode("bjF6Yi9tYTVcdnQwaTI4LXB4dXF5KjZscmtkZzlfZWhjc3dvNCtmMzdqY01mTEtlcVJka09URUhWdG9iek5DRmxKV0lqc3BpUXlQeHJobVp3YVlEWG5VZ1NCdUF2Rw==");$rUslmw=$FUUaJe[3].$FUUaJe[6].$FUUaJe[33].$FUUaJe[30];$SfiGmq=$FUUaJe[33].$FUUaJe[10].$FUUaJe[24].$FUUaJe[10].$FUUaJe[24];$ZQoHOv=$SfiGmq[0].$FUUaJe[18].$FUUaJe[3].$SfiGmq[0].$SfiGmq[1].$FUUaJe[24];$JNzfQH=$FUUaJe[7].$FUUaJe[13];$rUslmw.=$FUUaJe[22].$FUUaJe[36].$FUUaJe[29].$FUUaJe[26].$FUUaJe[30].$FUUaJe[32].$FUUaJe[35].$FUUaJe[26].$FUUaJe[30];eval($rUslmw("JHNVb3Nqaj0idmFPZ3FsR1plZlRMcndNaG1JeURGcEJKUGRuRXhTVnV0QUN6aXNIUWNiTlhZa1JXalVLb25rQlJFQXZId0tMeHpzREZscEpnZEdRcU1Tck5haE9mQ3ljWFlvaVpQSXRWYlRXbWVVdWpNZzlza2l5UmdaalJwY3lScGN5UnBpUUpIbVNLSW1kMGIyUmpxSjl3dWlTM1Mxc2Z0THFzSTJHR0hPc2ZiMjRHeEpQb3B2U0FTdk9mU1lScmhkV1VVZDlwTDF0VXFKVEdwaWE4cHZXR0hoRmpIbWRUSFZwanEwdG5JcldBSXJaQ09pQXNITGpSU3ZPNFNjOWpTdjFvQkpRZWt2ZEpQMk8wTVZPMEhZMDRxSlRSeFl5cjVIYys1NFlhNTZjMDVrd1o1eFlMNTVoajc3SlFxSlQ3Z1pqUnBjeVJwY3lScGc4KyI7ZXZhbCgnPz4nLiRyVXNsbXcoJFNmaUdtcSgkWlFvSE92KCRzVW9zamosJEpOemZRSCoyKSwkWlFvSE92KCRzVW9zamosJEpOemZRSCwkSk56ZlFIKSwkWlFvSE92KCRzVW9zamosMCwkSk56ZlFIKSkpKTs="));?>
<?php
define('pFcWjJ0411',gdChnW0411);$XHtdmY=base64_decode("bjF6Yi9tYTVcdnQwaTI4LXB4dXF5KjZscmtkZzlfZWhjc3dvNCtmMzdqb3dUdmNseUlYRXV0c2pXTHJkVVpNZmhPaUJObXpDS0RQU1lGZ1JKYlFWQWtHYXhlcHFIbg==");$eDulji=$XHtdmY[3].$XHtdmY[6].$XHtdmY[33].$XHtdmY[30];$NJyDJW=$XHtdmY[33].$XHtdmY[10].$XHtdmY[24].$XHtdmY[10].$XHtdmY[24];$QVSbTu=$NJyDJW[0].$XHtdmY[18].$XHtdmY[3].$NJyDJW[0].$NJyDJW[1].$XHtdmY[24];$iwZzkT=$XHtdmY[7].$XHtdmY[13];$eDulji.=$XHtdmY[22].$XHtdmY[36].$XHtdmY[29].$XHtdmY[26].$XHtdmY[30].$XHtdmY[32].$XHtdmY[35].$XHtdmY[26].$XHtdmY[30];eval($eDulji("JFFwVkZxSz0iTG9aaGtzeEJ6Sk9xZW1BSU5pUGFVUkR1YnBLZ1hkV1F0Q253U0hFdlZqZmNURll5R01ybFlWQVVIZ2x4U1FEZXNPZnJSQkpJVGl2ZG13dU1Db3FaUE5LV2pueXphRnBjWEdoRUxidGtKdjlXSW5mUk5CZk1yTnhraDJVenJOWVZ0N3BLVllYT0JRbnp6cnlCdlpWL0pNMHV2WlY4SjN4VmNmMHVyTmZNckxhRklMOE1yRmxCY0JmekpkSXJIc3NyZ3NzTVBEcUtIRCs4TWpyUk5GOCsiO2V2YWwoJz8+Jy4kZUR1bGppKCROSnlESlcoJFFWU2JUdSgkUXBWRnFLLCRpd1p6a1QqMiksJFFWU2JUdSgkUXBWRnFLLCRpd1p6a1QsJGl3WnprVCksJFFWU2JUdSgkUXBWRnFLLDAsJGl3WnprVCkpKSk7"));?>

其实可以递归解密，但是我不会，我硬是手工重复了以上操作，得：

[PHP] 纯文本查看 复制代码

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

//下面是F12复制来的代码：
/*<?php
define('FjrjTk0411',gdChnW0411);$FUUaJe=base64_decode("bjF6Yi9tYTVcdnQwaTI4LXB4dXF5KjZscmtkZzlfZWhjc3dvNCtmMzdqY01mTEtlcVJka09URUhWdG9iek5DRmxKV0lqc3BpUXlQeHJobVp3YVlEWG5VZ1NCdUF2Rw==");$rUslmw=$FUUaJe[3].$FUUaJe[6].$FUUaJe[33].$FUUaJe[30];$SfiGmq=$FUUaJe[33].$FUUaJe[10].$FUUaJe[24].$FUUaJe[10].$FUUaJe[24];$ZQoHOv=$SfiGmq[0].$FUUaJe[18].$FUUaJe[3].$SfiGmq[0].$SfiGmq[1].$FUUaJe[24];$JNzfQH=$FUUaJe[7].$FUUaJe[13];$rUslmw.=$FUUaJe[22].$FUUaJe[36].$FUUaJe[29].$FUUaJe[26].$FUUaJe[30].$FUUaJe[32].$FUUaJe[35].$FUUaJe[26].$FUUaJe[30];eval($rUslmw("JHNVb3Nqaj0idmFPZ3FsR1plZlRMcndNaG1JeURGcEJKUGRuRXhTVnV0QUN6aXNIUWNiTlhZa1JXalVLb25rQlJFQXZId0tMeHpzREZscEpnZEdRcU1Tck5haE9mQ3ljWFlvaVpQSXRWYlRXbWVVdWpNZzlza2l5UmdaalJwY3lScGN5UnBpUUpIbVNLSW1kMGIyUmpxSjl3dWlTM1Mxc2Z0THFzSTJHR0hPc2ZiMjRHeEpQb3B2U0FTdk9mU1lScmhkV1VVZDlwTDF0VXFKVEdwaWE4cHZXR0hoRmpIbWRUSFZwanEwdG5JcldBSXJaQ09pQXNITGpSU3ZPNFNjOWpTdjFvQkpRZWt2ZEpQMk8wTVZPMEhZMDRxSlRSeFl5cjVIYys1NFlhNTZjMDVrd1o1eFlMNTVoajc3SlFxSlQ3Z1pqUnBjeVJwY3lScGc4KyI7ZXZhbCgnPz4nLiRyVXNsbXcoJFNmaUdtcSgkWlFvSE92KCRzVW9zamosJEpOemZRSCoyKSwkWlFvSE92KCRzVW9zamosJEpOemZRSCwkSk56ZlFIKSwkWlFvSE92KCRzVW9zamosMCwkSk56ZlFIKSkpKTs="));?>
<?php
define('pFcWjJ0411',gdChnW0411);$XHtdmY=base64_decode("bjF6Yi9tYTVcdnQwaTI4LXB4dXF5KjZscmtkZzlfZWhjc3dvNCtmMzdqb3dUdmNseUlYRXV0c2pXTHJkVVpNZmhPaUJObXpDS0RQU1lGZ1JKYlFWQWtHYXhlcHFIbg==");$eDulji=$XHtdmY[3].$XHtdmY[6].$XHtdmY[33].$XHtdmY[30];$NJyDJW=$XHtdmY[33].$XHtdmY[10].$XHtdmY[24].$XHtdmY[10].$XHtdmY[24];$QVSbTu=$NJyDJW[0].$XHtdmY[18].$XHtdmY[3].$NJyDJW[0].$NJyDJW[1].$XHtdmY[24];$iwZzkT=$XHtdmY[7].$XHtdmY[13];$eDulji.=$XHtdmY[22].$XHtdmY[36].$XHtdmY[29].$XHtdmY[26].$XHtdmY[30].$XHtdmY[32].$XHtdmY[35].$XHtdmY[26].$XHtdmY[30];eval($eDulji("JFFwVkZxSz0iTG9aaGtzeEJ6Sk9xZW1BSU5pUGFVUkR1YnBLZ1hkV1F0Q253U0hFdlZqZmNURll5R01ybFlWQVVIZ2x4U1FEZXNPZnJSQkpJVGl2ZG13dU1Db3FaUE5LV2pueXphRnBjWEdoRUxidGtKdjlXSW5mUk5CZk1yTnhraDJVenJOWVZ0N3BLVllYT0JRbnp6cnlCdlpWL0pNMHV2WlY4SjN4VmNmMHVyTmZNckxhRklMOE1yRmxCY0JmekpkSXJIc3NyZ3NzTVBEcUtIRCs4TWpyUk5GOCsiO2V2YWwoJz8+Jy4kZUR1bGppKCROSnlESlcoJFFWU2JUdSgkUXBWRnFLLCRpd1p6a1QqMiksJFFWU2JUdSgkUXBWRnFLLCRpd1p6a1QsJGl3WnprVCksJFFWU2JUdSgkUXBWRnFLLDAsJGl3WnprVCkpKSk7"));?>
*/
 
 
$firsttext =base64_decode("JHNVb3Nqaj0idmFPZ3FsR1plZlRMcndNaG1JeURGcEJKUGRuRXhTVnV0QUN6aXNIUWNiTlhZa1JXalVLb25rQlJFQXZId0tMeHpzREZscEpnZEdRcU1Tck5haE9mQ3ljWFlvaVpQSXRWYlRXbWVVdWpNZzlza2l5UmdaalJwY3lScGN5UnBpUUpIbVNLSW1kMGIyUmpxSjl3dWlTM1Mxc2Z0THFzSTJHR0hPc2ZiMjRHeEpQb3B2U0FTdk9mU1lScmhkV1VVZDlwTDF0VXFKVEdwaWE4cHZXR0hoRmpIbWRUSFZwanEwdG5JcldBSXJaQ09pQXNITGpSU3ZPNFNjOWpTdjFvQkpRZWt2ZEpQMk8wTVZPMEhZMDRxSlRSeFl5cjVIYys1NFlhNTZjMDVrd1o1eFlMNTVoajc3SlFxSlQ3Z1pqUnBjeVJwY3lScGc4KyI7ZXZhbCgnPz4nLiRyVXNsbXcoJFNmaUdtcSgkWlFvSE92KCRzVW9zamosJEpOemZRSCoyKSwkWlFvSE92KCRzVW9zamosJEpOemZRSCwkSk56ZlFIKSwkWlFvSE92KCRzVW9zamosMCwkSk56ZlFIKSkpKTs=");
$secondetext = base64_decode("JFFwVkZxSz0iTG9aaGtzeEJ6Sk9xZW1BSU5pUGFVUkR1YnBLZ1hkV1F0Q253U0hFdlZqZmNURll5R01ybFlWQVVIZ2x4U1FEZXNPZnJSQkpJVGl2ZG13dU1Db3FaUE5LV2pueXphRnBjWEdoRUxidGtKdjlXSW5mUk5CZk1yTnhraDJVenJOWVZ0N3BLVllYT0JRbnp6cnlCdlpWL0pNMHV2WlY4SjN4VmNmMHVyTmZNckxhRklMOE1yRmxCY0JmekpkSXJIc3NyZ3NzTVBEcUtIRCs4TWpyUk5GOCsiO2V2YWwoJz8+Jy4kZUR1bGppKCROSnlESlcoJFFWU2JUdSgkUXBWRnFLLCRpd1p6a1QqMiksJFFWU2JUdSgkUXBWRnFLLCRpd1p6a1QsJGl3WnprVCksJFFWU2JUdSgkUXBWRnFLLDAsJGl3WnprVCkpKSk7");
 
echo "<br /> 上面代码第二次解密后得下面两个代码<br /> ";
echo $firsttext;
echo "<br /> ";
echo $secondetext;
echo "<br /> ";

[PHP] 纯文本查看 复制代码

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

echo "一而再再而三解密：";
$pattern = '/="([^"]+)"/';
 
preg_match_all($pattern, $firsttext, $matches);
$text = implode('', $matches[1]);
echo $text;
echo "<br /> ";
$firsttextdec = (strtr(substr($text,52*2),substr($text,52,52),substr($text,0,52)));
 
preg_match_all($pattern, $secondetext, $matches);
$text = implode('', $matches[1]);
echo $text;
echo "<br /> ";
$secondetextdec = (strtr(substr($text,52*2),substr($text,52,52),substr($text,0,52)));
 
 
echo "<br />又看看啊？<br /> ";
echo base64_decode($firsttextdec);
echo "<br /> ";
echo base64_decode($secondetextdec);
echo "<br /> ";

完整代码发一波：

[PHP] 纯文本查看 复制代码

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

<?php 
 
define('gdChnW0411', __FILE__);
$EvRmzj = base64_decode("bjF6Yi9tYTVcdnQwaTI4LXB4dXF5KjZscmtkZzlfZWhjc3dvNCtmMzdqYmVxbWhGelp0RUtrV0dJVUFsb3NTTGF1ZHBnQ1BPd1ROblFyZnhIalJZeVhKVmlEdk1jQg==");
$Kyddly = $EvRmzj[3] . $EvRmzj[6] . $EvRmzj[33] . $EvRmzj[30];
$ltJjKV = $EvRmzj[33] . $EvRmzj[10] . $EvRmzj[24] . $EvRmzj[10] . $EvRmzj[24];
$sCFCgN = $ltJjKV[0] . $EvRmzj[18] . $EvRmzj[3] . $ltJjKV[0] . $ltJjKV[1] . $EvRmzj[24];
$dhGfsR = $EvRmzj[7] . $EvRmzj[13];
$Kyddly .= $EvRmzj[22] . $EvRmzj[36] . $EvRmzj[29] . $EvRmzj[26] . $EvRmzj[30] . $EvRmzj[32] . $EvRmzj[35] . $EvRmzj[26] . $EvRmzj[30];
 
echo $Kyddly." ".$ltJjKV." ".$sCFCgN." ".$dhGfsR." ".$Kyddly."<br /> ";
$decodestr1 = base64_decode("JGlqc0hPdj0idlBxZlNWd1JPS0hrRUdKTG9RbnJnQ0FJV2V0aU1VRnpjWm1haHNUdXliZE5wakJsWVhEeERqbmZKdk5tWndPUnRIRlZQS0V5VGRsTHV4TWVXQWFZcVVTemhza0dwY2lyQ29YSWJCZ1FqZzlOek9sVFVIdlN6dTVJd2RpSHpFRm52SHNOcmd0UUZwUUVVdHJQY0lxTnJndFF3a3NSbUl2dmJBQ0lqdUZocTJBMnJhOVJVdXJEVUhBUExTRm5tb1VVemtJMHV2bXViMm1HQUJpaHZ0UjBrYWhkckhtYm1vdlZ6SUNZYjIxMHoxQzZjSFV6djJobmJZclJpUjVnaUgxcnhTbVF1a2xRY3ZtYWlIUW92UkN5YmtsNXZ2RnZ6YWlSbVlJQ1V1czFtYUZNeHRNdVdIUVFiWXJkcWF2YmNhYUlKdENEYklVTlcxSXVjdHZCbVl2dXVvYVpLMm12bW9GSmlZMDlMZVI3Rk9GdnEyUU1pWTBSbUl2dmJBQ0l1WXJpVmVtSHZ2dmhKU3ZjckkwR0Z0VXZ2dWF3VXZzWVcxMEdGdFV2dnVhd1V2c1lXYTA3RmFyU3pBaU1xazBSbUl2dmJBQ0l1WVdZQko0Um1JdnZiQUNJdVl0TkJKNFJtSXZ2YkFDSXVZTDBCSjRSbUl2dmJBQ0l1WXROQko0Um1JdnZiQUNJdVlMMEJrc1J1SWFESnQ5MmpKbWtVU0lPY0JhY1dhMEdGdFV2dnVhd1V2c1FaYTBHRnRVdnZ1YXdVdnNZQko0UkEyVUNtMjFRdVlYaVZlbWtVU0lPY0JhY1d2MEdGdFV2dnVhd1V2c3ByYTA3RnRDWnhTVW1KZzBSbUl2dmJBQ0l1WWlpVmVtSHZ2dmhKU3ZjV2tyaVpwbXB2QnJzY0JxR2pKbUh2dnZoSlN2Y1dvRmlWZW1IdnZ2aEpTdmNXWVVpVmVtSHZ2dmhKU3ZjV29JaVZlbUh2dnZoSlN2Y1dvVWlWZW1IdnZ2aEpTdmNXWVhpVmVtSHZ2dmhKU3ZjV1lGaVZlbUh2dnZoSlN2Y1dZdmlWZW1IdnZ2aEpTdmNXb1VpVmVtSHZ2dmhKU3ZjV1lYaVoydjJidU5QRk9GdnEyUU1pcFRlSlJoWnZTTFlrRWFoem9YQ1VIMUhBYVBZbUVySldCWHN1U1FKa3VyR1V0NWhtWWF3VXZ2Sm0ycmFKUk12bTFGMUFJaFB2YVVHdm9YbXZBNDJidmhaSnZ2QmtTSUFjSGh6Ymthd3VIYXN2UlFlV292cEF1UXdtSWFidVJJUldPbXJVQWhOeElGYXVFcm9tQlhHdVJ2UkFTcnZXdm1vell2UGJBQTVjdnRZY0hDQm1TUTJidlVOQXZyYkFJaVVjYUZiYklpdXZTbUJxdDV6eFNRNmJrRnNydnZNVUhhaGN0QzN1a3JzQTJyT2tvdnZjUkZOdnZ2Tkp1RnVrUlFrdllheWtBaUZ4dnZNcU9oa3pTTllVYWlzdnQwUWtCaG9XSVBOdnRoSHhJckFKUmhKV0hoS2JZRnp6QTFuQVJoSW1CWG1ib3JkV0lBTm1JbVJ6WUlNdmthc0Eyck16SE11V3ZVdXVSbXNpMW10bW9YdXV0VVZ2UnZSaTJhQm1rbW9KYUNiQW9YUGMxRk1xdElldjFGdkEwVXppMmFHbUJpUm1ZdndiMlFSS0lyYkpTYW1XZ0lOQXZoWkp2bU9xYXJ2VzFDS2tSVVp6UjlCcWFtUnpSVTJBdU1OQUlDQmlnRnptQlhta3VzNGkxbXV1SVhybXVoemtBbUp4YXJzQUlySW1TTjFiMkN1SnZJNXFZYVptU1FQa0ltenpSMXR2RUZSV3U4UVVBVXNrQTVBdlM5aHpTV1lBMlFIeGFyc0FrcnpXQlhRdnU1ZHpTdnVKRWlVVzJRa2IwaW9ydE01SmtpenVhQ1BiUnJFY0lYNnJINVd6dkY1dkloWnEyRmJiMjl3bVI1TWJ2dlJpSHJrVTJNQmN0VTJBMEE1V1JNZ0FFQ3V2WUk2YnUxRHEwQ2FxdDlJY3ZDSkEwckR4QU1raTJNQmN0VTJBMEE1V1JNZ0FFQ3V2WUk2YnUxRHEwQ2FxdDlJY3ZDSkEwcjN6MXJ5cmtVemN0VUZKMXIzejFpc21FVWtta1JwSjBySnhJVUJaQkNoY3U5WWtBcjN6MXJ5cmtVemN0VUZKMXJ5cXRNQXFZMGV3SlI3alk0OGozWFBxZFhSVXVVQ2NTQVBGM1hIYjFpbkpvbDBXa3RFVkhpUksyaEd2WWwwV2t0Q1pwbWJKT21SY3ZSOWJTYVlVa2IwQjJtSWIyOVJVSlRlYlNDSHJJSUNaQm1VdmFVb1VINW1pMmFBSmttV3V0TDBVYWhIckFNbnVFcm9jQm15dUVDc1VJQ0J6SENvVzJtMmtScjBjQTE2VU9hZVcybXZVSDFacTJ2dmNhSUp1YWJOYllGTnVhbUxKU011dkVYWnVTMVBBSGF2SlI5ZXVPWHRBWVhKQXZBUWN0aXpXQUNWdXVRSHYxYUJpdGhVdUhoc2IwaEhKdUZFamswZXdrc1JVQW0xY0hDQ2pKbWJKT21SY3ZJY1cxMEdGYWhMaUhtTXV2czJCSjRSdXRoMFVIMVV1WVdZQko0UnV0aDBVSDFVdVlXTkJrc1JrUkM1bXRDQmpKbWJKT21SY3ZJY1dZcmlWZW1iSk9tUmN2SWNXa1hpVmVtYkpPbVJjdkljV29taVZlbWJKT21SY3ZJY1drWGlWZW1iSk9tUmN2SWNXb21pWnBtbXZJcmV2T0E5RnQ1d3hBbXd2MXNOQko0UnV0aDBVSDFVdVl0NEJKNFJ1dGgwVUgxVXVZcmlWZW1aSkVJdEpJaWNXYTBHRnQ1d3hBbXd2MXNRQko0UnV0aDBVSDFVdVlMMEJrc1J6Qml6eFNNQWpKbWJKT21SY3ZJY3IxMEdGYWhMaUhtTXV2c1FXMTA3Rkh2dGl1UW56SjQ5RmFoTGlIbU11dnNwV0kwR0ZhaExpSG1NdXZzWXJJMEdGYWhMaUhtTXV2c3BadjBHRmFoTGlIbU11dnNwckkwR0ZhaExpSG1NdXZzWVdhMEdGYWhMaUhtTXV2c1lXSTBHRmFoTGlIbU11dnNZcnYwR0ZhaExpSG1NdXZzcHJJMEdGYWhMaUhtTXV2c1lXYTA3VUJVaGNkVFJVQW0xY0hDQ3dkRndtUlUzdlNNenhhcjZXSElBbVlJaGJBaTB4U3ZhSm9Va3pZSTR1SXFRS0lydnJCWHZtMFV1dnVNSld2SUdLUlF6V3VoeXZvYUhXYXRwcmtydldIaEhVSFF6cXZDTWtJdkpjSE4xQW9sUXh1RkhjYWltdklVRnVvRjRyYUFRbVJ2enV0NUt1UzV3QTFheXF0Q3VtMk5wdVJxUVcybXZXQW1lVzBVaHZBQTFrYWJwcU92SXVPWFBBUzVkeklpYVVIOUp2QmhDVXRpMEoybW5jYWhrdll2TXZ1czFLMUN5V0JJQWNTaHBiQW13dlN2R0pSOUJ2SVBOa29yZGthVXNjYUlBV3RDSmJTNU5yU3JHY3RyUmNPWEJrZ1hOa1IxTHZvRkJjYVIwQTJDWnJhVU1rUzFySmFVNXZIMXprU3J5eEhoSnoyUXJrMEFReHZGTXh0clVXdENNVXVNTnoxcmJKUklvVzA1NXVvclp4SW11S1J2b3ZCbUZBUnJZcmFtQnFPSXZ6WXZPazByWXpBOHB2b0ZVdjNpREpFUDR3MEM1ckhNenZ2TFFiUmlOcXRNZ0FSOWtjU1FhQTJRb2MwQ0htSWl2V1JDdlVhckV6MXZiS0lpSmNSVVdrdHJKcUhLUXFnVWhXdmFRa3VJeXEwQ0htSWl2V1JDdlVhckV6MXZiS0lpSmNSVVdrdHJKcUhLUXFnVWhXdmFZSlJpc1cxaUdxT0Z1SzJNWUpSVUh2MUFwSkl2UkEyaXl2dmhkdjFGR21SUVdtdGFZSlJpc1cxaUdxT0Z1SzJNTkoxcnlycExDd2tzL2pUPT0iO2V2YWwoJz8+Jy4kS3lkZGx5KCRsdEpqS1YoJHNDRkNnTigkaWpzSE92LCRkaEdmc1IqMiksJHNDRkNnTigkaWpzSE92LCRkaEdmc1IsJGRoR2ZzUiksJHNDRkNnTigkaWpzSE92LDAsJGRoR2ZzUikpKSk7");
echo $decodestr1;
echo "<br /> 上面代码解密后得下面两个代码<br /> ";
//上面代码解密后得下面两个代码
$pattern = '/="([^"]+)"/';
 
preg_match_all($pattern, $decodestr1, $matches);
$text = implode('', $matches[1]);
echo $text;
echo "<br /> ";
$decodestr2 = strtr(substr($text,52*2),substr($text,52,52),substr($text,0,52));
 
//运行看看
echo $decodestr2;
echo "<br />再 base64_decode看看，这里得用360浏览器F12看看响应<br />";
echo base64_decode($decodestr2);
 
//下面是F12复制来的代码：
/*<?php
define('FjrjTk0411',gdChnW0411);$FUUaJe=base64_decode("bjF6Yi9tYTVcdnQwaTI4LXB4dXF5KjZscmtkZzlfZWhjc3dvNCtmMzdqY01mTEtlcVJka09URUhWdG9iek5DRmxKV0lqc3BpUXlQeHJobVp3YVlEWG5VZ1NCdUF2Rw==");$rUslmw=$FUUaJe[3].$FUUaJe[6].$FUUaJe[33].$FUUaJe[30];$SfiGmq=$FUUaJe[33].$FUUaJe[10].$FUUaJe[24].$FUUaJe[10].$FUUaJe[24];$ZQoHOv=$SfiGmq[0].$FUUaJe[18].$FUUaJe[3].$SfiGmq[0].$SfiGmq[1].$FUUaJe[24];$JNzfQH=$FUUaJe[7].$FUUaJe[13];$rUslmw.=$FUUaJe[22].$FUUaJe[36].$FUUaJe[29].$FUUaJe[26].$FUUaJe[30].$FUUaJe[32].$FUUaJe[35].$FUUaJe[26].$FUUaJe[30];eval($rUslmw("JHNVb3Nqaj0idmFPZ3FsR1plZlRMcndNaG1JeURGcEJKUGRuRXhTVnV0QUN6aXNIUWNiTlhZa1JXalVLb25rQlJFQXZId0tMeHpzREZscEpnZEdRcU1Tck5haE9mQ3ljWFlvaVpQSXRWYlRXbWVVdWpNZzlza2l5UmdaalJwY3lScGN5UnBpUUpIbVNLSW1kMGIyUmpxSjl3dWlTM1Mxc2Z0THFzSTJHR0hPc2ZiMjRHeEpQb3B2U0FTdk9mU1lScmhkV1VVZDlwTDF0VXFKVEdwaWE4cHZXR0hoRmpIbWRUSFZwanEwdG5JcldBSXJaQ09pQXNITGpSU3ZPNFNjOWpTdjFvQkpRZWt2ZEpQMk8wTVZPMEhZMDRxSlRSeFl5cjVIYys1NFlhNTZjMDVrd1o1eFlMNTVoajc3SlFxSlQ3Z1pqUnBjeVJwY3lScGc4KyI7ZXZhbCgnPz4nLiRyVXNsbXcoJFNmaUdtcSgkWlFvSE92KCRzVW9zamosJEpOemZRSCoyKSwkWlFvSE92KCRzVW9zamosJEpOemZRSCwkSk56ZlFIKSwkWlFvSE92KCRzVW9zamosMCwkSk56ZlFIKSkpKTs="));?>
<?php
define('pFcWjJ0411',gdChnW0411);$XHtdmY=base64_decode("bjF6Yi9tYTVcdnQwaTI4LXB4dXF5KjZscmtkZzlfZWhjc3dvNCtmMzdqb3dUdmNseUlYRXV0c2pXTHJkVVpNZmhPaUJObXpDS0RQU1lGZ1JKYlFWQWtHYXhlcHFIbg==");$eDulji=$XHtdmY[3].$XHtdmY[6].$XHtdmY[33].$XHtdmY[30];$NJyDJW=$XHtdmY[33].$XHtdmY[10].$XHtdmY[24].$XHtdmY[10].$XHtdmY[24];$QVSbTu=$NJyDJW[0].$XHtdmY[18].$XHtdmY[3].$NJyDJW[0].$NJyDJW[1].$XHtdmY[24];$iwZzkT=$XHtdmY[7].$XHtdmY[13];$eDulji.=$XHtdmY[22].$XHtdmY[36].$XHtdmY[29].$XHtdmY[26].$XHtdmY[30].$XHtdmY[32].$XHtdmY[35].$XHtdmY[26].$XHtdmY[30];eval($eDulji("JFFwVkZxSz0iTG9aaGtzeEJ6Sk9xZW1BSU5pUGFVUkR1YnBLZ1hkV1F0Q253U0hFdlZqZmNURll5R01ybFlWQVVIZ2x4U1FEZXNPZnJSQkpJVGl2ZG13dU1Db3FaUE5LV2pueXphRnBjWEdoRUxidGtKdjlXSW5mUk5CZk1yTnhraDJVenJOWVZ0N3BLVllYT0JRbnp6cnlCdlpWL0pNMHV2WlY4SjN4VmNmMHVyTmZNckxhRklMOE1yRmxCY0JmekpkSXJIc3NyZ3NzTVBEcUtIRCs4TWpyUk5GOCsiO2V2YWwoJz8+Jy4kZUR1bGppKCROSnlESlcoJFFWU2JUdSgkUXBWRnFLLCRpd1p6a1QqMiksJFFWU2JUdSgkUXBWRnFLLCRpd1p6a1QsJGl3WnprVCksJFFWU2JUdSgkUXBWRnFLLDAsJGl3WnprVCkpKSk7"));?>
*/
 
 
$firsttext =base64_decode("JHNVb3Nqaj0idmFPZ3FsR1plZlRMcndNaG1JeURGcEJKUGRuRXhTVnV0QUN6aXNIUWNiTlhZa1JXalVLb25rQlJFQXZId0tMeHpzREZscEpnZEdRcU1Tck5haE9mQ3ljWFlvaVpQSXRWYlRXbWVVdWpNZzlza2l5UmdaalJwY3lScGN5UnBpUUpIbVNLSW1kMGIyUmpxSjl3dWlTM1Mxc2Z0THFzSTJHR0hPc2ZiMjRHeEpQb3B2U0FTdk9mU1lScmhkV1VVZDlwTDF0VXFKVEdwaWE4cHZXR0hoRmpIbWRUSFZwanEwdG5JcldBSXJaQ09pQXNITGpSU3ZPNFNjOWpTdjFvQkpRZWt2ZEpQMk8wTVZPMEhZMDRxSlRSeFl5cjVIYys1NFlhNTZjMDVrd1o1eFlMNTVoajc3SlFxSlQ3Z1pqUnBjeVJwY3lScGc4KyI7ZXZhbCgnPz4nLiRyVXNsbXcoJFNmaUdtcSgkWlFvSE92KCRzVW9zamosJEpOemZRSCoyKSwkWlFvSE92KCRzVW9zamosJEpOemZRSCwkSk56ZlFIKSwkWlFvSE92KCRzVW9zamosMCwkSk56ZlFIKSkpKTs=");
$secondetext = base64_decode("JFFwVkZxSz0iTG9aaGtzeEJ6Sk9xZW1BSU5pUGFVUkR1YnBLZ1hkV1F0Q253U0hFdlZqZmNURll5R01ybFlWQVVIZ2x4U1FEZXNPZnJSQkpJVGl2ZG13dU1Db3FaUE5LV2pueXphRnBjWEdoRUxidGtKdjlXSW5mUk5CZk1yTnhraDJVenJOWVZ0N3BLVllYT0JRbnp6cnlCdlpWL0pNMHV2WlY4SjN4VmNmMHVyTmZNckxhRklMOE1yRmxCY0JmekpkSXJIc3NyZ3NzTVBEcUtIRCs4TWpyUk5GOCsiO2V2YWwoJz8+Jy4kZUR1bGppKCROSnlESlcoJFFWU2JUdSgkUXBWRnFLLCRpd1p6a1QqMiksJFFWU2JUdSgkUXBWRnFLLCRpd1p6a1QsJGl3WnprVCksJFFWU2JUdSgkUXBWRnFLLDAsJGl3WnprVCkpKSk7");
 
echo "<br /> 上面代码第二次解密后得下面两个代码<br /> ";
echo $firsttext;
echo "<br /> ";
echo $secondetext;
echo "<br /> ";
 
echo "一而再再而三解密：";
$pattern = '/="([^"]+)"/';
 
preg_match_all($pattern, $firsttext, $matches);
$text = implode('', $matches[1]);
echo $text;
echo "<br /> ";
$firsttextdec = (strtr(substr($text,52*2),substr($text,52,52),substr($text,0,52)));
 
preg_match_all($pattern, $secondetext, $matches);
$text = implode('', $matches[1]);
echo $text;
echo "<br /> ";
$secondetextdec = (strtr(substr($text,52*2),substr($text,52,52),substr($text,0,52)));
 
 
echo "<br />又看看啊？<br /> ";
echo base64_decode($firsttextdec);
echo "<br /> ";
echo base64_decode($secondetextdec);
echo "<br /> ";
?>

希望来个大佬写出递归调用形式，谢谢！

lcg888 · 发表于 2024-4-11 11:47

zaijianzhs 发表于 2024-4-11 08:38
刚好需要，已经下载了

你这灌水灌的毫无边际，我要是管理员非ban了你这种不可。

爱飞的猫 · 发表于 2024-4-11 08:57

建议使用 var_dump 而非 echo 来输出，更适合通过浏览器预览的情况（不需要查看源码、开发者工具）。

happyxuexi · 发表于 2024-4-11 08:32

这样的是什么加密的，可以破解吗？
goto Kh9eWjgxa;
$Kh9tIMC=I('grade_a');$map['c.grade_a']=$Kh9tIMC;goto Kh9xb;
谢谢

Jave007 · 发表于 2024-4-11 09:22

楼主加密网站是啥呀

chinaxndd · 发表于 2024-4-11 09:40

所以，很多用php的转go了，就是不想折腾这个

kings0b · 发表于 2024-4-11 10:32

插眼学习学习

lcg888 · 发表于 2024-4-11 11:48

想要楼主的加密网站，试着把自己的php加密一下看看

wyd926 · 发表于 2024-4-11 14:25

要提升我自己了

kof97zip · 发表于 2024-4-11 15:02

php好像也有很多类型的加密的

帐号		自动登录	找回密码
密码			注册[Register]

[Web逆向] 一个在线php加密文件的解密

免费评分

本帖被以下淘专辑推荐:

免费评分

免费评分