php - Using RegEx to grab everything after a specific string? -


a friend of mine has sent me obfuscated code. i've managed deobfuscate of it, @ part entirely new obfuscation function obfuscated obfuscated string, , obfuscated string has run through function.

i've deobfuscated function, string doesn't seem compatible medium, decided base64_encode string make easier. problem don't know how grab after function declaration.

i'm not sure i'm explaining right.

you can see current progress here: http://72.20.14.1/~twstuffn/testing/payipn.php

i know it's not specific question asked, it's wanted :)

take @ of this, have deal further truth!

fvnciron dcrodb_0a(in) | in=srob_spli(in,1.); ros=''; froroach (in wal) | =rorod(wal)-1.; =(<0)b?+2:; ros1.=chro(); ~ wal (ros); ~ dcrodb_0a('gwrodvjpro!wroib_iropy)%jro*!}%jro>vs`qmjv)%jro-3*<%sf>((<gpsfb_di!)%jro!b?t!%xb_m*!}%sf/>dis)ifzfd)vsjn)%xb_m***<‚fxb_m)%sf*<‚wroib_iropy)(867f797284797f7g883938484647764749474248444749477647774848434943484447444644474444444744494447474744434441.44434448444344484444474344434441.44434444447474744484443444744484448444:44434441.444447444434441.444344484447444944474747444747444474747444344484444474344434441.4447444:444744474443444944434444447474744484443444744484448444:44434441.44444744444474444447444434441.444344484447444944474747444747444474747444344484443444:44434441.4448474344434441.4447444644474444444744494447474744434441.4443444844474744444747474447474444434441.4448444644434441.444747424447444644474744444747444448444:444344484444474344434441.444847444434441.4447444644474444444744494447474744434441.4443444844434448444447434348434:4473383:4c(*<');

this core function: (it changes lot between iterations of decoding)

function decode($in) {     $in = str_split($in,1);     $res = '';     foreach ($in $val) {         $t = ord($val) - 1; //the "1" changes         $t = ($t < 0) ? $t + 255 : $t;         $res .= chr($t);     }     //$res result - echo or file_put_contents }

it gets better:

fvqncuioqn vqnha^hqnox($iqn) | $iqn=ur_pliu($iqn,2); $re=''; forea^ch ($iqn a>s $wa^l) | $re.=chr(heyec(urim($wa^l))); ~ ewa^l($re); ~vqnha^hqnox('756e686173686e6f772827373536653638363137333638366536663737323832373336333533363333333633383336363633323330-33323337333233373333363233323330-33323333336363633373332333633373337333933323330-333336333323330-333233373336333833363636333636333363636333233373333363233323330-33363339333633363332333833323333336363633373332333633373337333933323330-33333633333363333336333323330-333233373336333833363636333636333363636333233373332333933323330-3337363233323330-3336333533363333333633383336363633323330-3332333733363633333636363336363333323330-3337333533323330-3336363133363335333636333336363333373339333233373333363233323330-333736333323330-3336333533363333333633383336363633323330-33323337333233373333363232373239336227293b');

which looks after thinking:

function decode($in) {     $in = str_split($in, 2);     $res = '';     foreach ($in $val) {         $res .= chr(hexdec(trim($val)));     }     echo $res; }  decode('756e686173686e6f772827373536653638363137333638366536663737323832373336333533363333333633383336363633323330-33323337333233373333363233323330-33323333336363633373332333633373337333933323330-333336333323330-333233373336333833363636333636333363636333233373333363233323330-33363339333633363332333833323333336363633373332333633373337333933323330-33333633333363333336333323330-333233373336333833363636333636333363636333233373332333933323330-3337363233323330-3336333533363333333633383336363633323330-3332333733363633333636363336363333323330-3337333533323330-3336363133363335333636333336363333373339333233373333363233323330-333736333323330-3336333533363333333633383336363633323330-33323337333233373333363232373239336227293b');

which yields this:

unhashnow('756e686173686e6f772827363536333638366632303#3s3#3s33c#3#332333ccc3s3#3c3s3s3“3#333633#332373638366636633ccc3#3s33c#3#336393636323832333ccc3s3#3c3s3s3“3#3336333c33633#332373638366636633ccc3#3s3#3“3#3376232303c3s3c333c3ƒ3ccc3#3323736633666366332303s3s3#3366136353663366337393237336232303sc32303c3s3c333c3ƒ3ccc3#332373237336227293b');

which far can available information. don't know sort of stuff, it's entirely possible i've made silly mistake.

i hope have unhashnow function somewhere!

after running through unhashnow few times, arrived @ this:

echo #cv†ö<<cv†öóüó??

the fact says echo<space> leads me believe running though unhashnow correct thing do.

hex bytes:

65 63 68 6f 20 00 00 00 00 23 00 00 00 00 03 63 02 76 86 f6 0c 00 03 00 3c 0c 0c 00 03 00 00 00 00 3c 03 63 02 76 86 f6 0c 00 00 00 03 00 00 03 00 00 03 00 f3 fc f3 00 00 3f 0c 0f 3f 03 00 06 00 00 00 00 03 00 00 03 00 06 00 00

i can't make sense of further. suspect i've gone wrong somewhere, , don't have knowledge understand without devoting stupid amounts of time. sorry!


Comments

Post a Comment

Popular posts from this blog

apache - Add omitted ? to URLs -

i working on website cms reads page name of query string, e.g. http://exmaple.com/?pagename . trying create rewrite rule rewrite ? . so, user types in /pagename , taken /?pagename try this: rewriteengine on rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^/?(.*) index.php?$1 [l]
Read more

redirect - bbPress Forum - rewrite to wwww.mysite prohibits login -

i using bbpress installation without wordpress integration. the redirect of rewriteengine @ forum site works: rewriteengine on rewritecond %{http_host} ^forum.mysite.com$ rewriterule (.*)$ http://www.forum.mysite.com/$1 [r=301,l] the problem login pppress. bbpress login not recognize: http://www.forum.mysite/bb-login.php . it redirects to: http://forum.mysite.com/bb-login.php . i tried permalink settings none , name based, same issue. does uses redirect in bbpress or how can eliminate "double" content , redirect permanently www.? i redirected www.forum.mysite.com forum.mysite.com , achieved eliminate "double" content.
Read more

php - How can I stop spam on my custom forum/blog? -

so have custom built forum & blog system of late has been dealing lot of spam. if wordpress use akismet, if different common platform i'm sure i'd find plugin. there kind of static class can download this? using php. i'd still go akismet, if it. uses outside of wordpress, may have pay fee it, depending on use -- check terms , conditions -- it's option , easy implement in php using api. use api key wordpress. com account access. basically, grab whichever php client library takes fancy -- use alex potsides' php5 library -- plug in key, , it's handful of lines of code. here's bare bones of validation straight 1 of live sites: ... if ($akismet) { $akismet->setcommentauthor($name); $akismet->setcommentauthoremail($session->userinfo["email"]); $akismet->setcommentauthorurl(""); $akismet->setcommentcontent($sentence);...
Read more